23andMe users send saliva samples to learn about ancestry and health risks. CEO Anne Wojcicki noted that 85% of customers consent to their genetic data being used for disease research. Unlike other medical data, genetic data stored by companies like 23andMe has few protections. According to Wirecutter’s guide, these companies are not subject to HIPAA laws governing health and medical record privacy.
The future of this genetic data is uncertain if 23andMe finds a buyer. Board chair Mark Jensen stated that the company remains committed to safeguarding customer data and ensuring transparency in any potential transaction. However, experts recommend deleting your data immediately.
California Attorney General Rob Bonta issued an alert urging consumers to request 23andMe delete their data, revoke access for future testing, and destroy genetic samples. Wirecutter advises customers to log into their accounts, go to settings, and permanently delete their data. Additional verification is required before deletion requests are processed.
Even after account deletion, some limited information about customers will remain stored. The Electronic Frontier Foundation warns that genetic data is immutable and reveals personal details about individuals and their families. Relatives who have used 23andMe put others’ data at risk due to shared DNA.
Law enforcement has previously used genetic profiles from home DNA kit companies. In 2018, a case was solved using GEDmatch profiles and family trees. 23andMe requires a warrant before sharing data with law enforcement.
Many customers have used 23andMe to discover lost relatives or family history. Unfortunately, the company’s uncertain future may undermine these discoveries.
— news from Wirecutter, A New York Times Company