DNA Testing Startup Faces FTC Allegations of Deceptive Data Practices

The Federal Trade Commission (FTC) recently filed a formal privacy complaint against DNA testing company 1Health.io (formerly known as Vitagene), accusing it of misleading customers about data deletion and mishandling sensitive genetic and health information. The allegations mark the first such complaint against a company in this field.

According to the FTC, 1Health.io claimed to maintain a high level of cybersecurity for its DNA test kits. However, instead of securely storing consumers' data, the company stored it in publicly accessible "buckets" on Amazon Web Service's cloud storage service.

Although there is no evidence that third parties accessed the data, the FTC revealed that approximately 2,400 health reports and raw genetic data of at least 227 individuals, sometimes accompanied by their first names, were at risk.

Moreover, despite promising customers the ability to delete their personal information at any time and assuring them that samples would be destroyed after analysis, the company did not have a policy in place to destroy DNA samples processed by the lab.

Over a two-year period, Vitagene received warnings on three occasions that it was storing unencrypted health, genetic, and other personal information in publicly accessible locations.

As part of the proposed settlement, 1Health.io will be required to enhance safeguards for genetic information and instruct third-party contract labs to delete all consumer DNA samples older than 180 days.

These allegations underscore the concerns raised by many Americans regarding privacy issues associated with mail-in DNA testing. A February poll conducted by YouGov revealed that over half of the respondents (53%) considered privacy to be a significant concern when dealing with private DNA testing companies. There is also apprehension about law enforcement agencies gaining access to DNA data held by private companies, as demonstrated by the Golden State Killer's arrest in 2018. To catch the perpetrator, police utilized GEDmatch, a free online database where users can share information from popular DNA testing sites. The poll revealed that 30% of Americans believe police should have access to DNA test information in all cases, while 31% believe it should only be used for violent crimes, and 23% oppose its use entirely.

For more details on this story, please read the full article on Forbes: DNA Testing Startup Lied to Customers About Deleting Their Data, FTC Alleges.