Don’t worry! Of course, this title is nothing more than clickbait, for now. But if the security of DNA data is allowed to continue on its current reckless path we may start to see emails with such shocking subjects landing in our inboxes more frequently.
In the UK there is a new code of conduct between the Association of British insurers (ABI) and HM Government, which limits insurers access to genetic test results under a self-regulated agreement which allows varying access to data depending on the level of cover required. Also, there is still currently some protection under the EU’s Lisbon treaty which prevents any discrimination due to genetic features. Self-regulation, in most cases, works well, but there will always be a temptation to find a loophole or exploitation of the data whilst no laws exist.
In the US there are laws which protect you from your genetic information landing in the hands of your insurer, but there are multiple ways that the laws can be interpreted and insurers are already trying their best to use the laws to their advantage.
We already know that GSK can buy your data from google-backed 23andMe, and also with google previously having access to ancestry’s database of 5 million DNA tests via Calico — we are seemingly in a world where the highest bidder can work with your available genetic data without too much repercussion. Surely this is a transaction you never could have imagined when you bought a £50 test kit on Black Friday and posted off your sample in a tube.
Even if the data is anonymised, it is already possible to make a reverse identification of data, a feat that is becoming easier by using readily available information from ancestry sites, social media and the web in general, even something as apparently innocuous as a family link on Facebook could provide the required key to identifying you.
If temptation became too much, there isn’t much to stop an insurer or group of insurers purchasing a DNA database and utilising this for calculation of premiums instead of the more traditional actuarial tables, to refuse insurance or even worse, cancel your policy in its midterm without refund, and possibly without ever having to reveal that they have your data.
On the other hand it may be the case that you might not have been completely honest during the application process. If you have access to genetic data that your insurer does not but they find out you were already aware of complications, it could be the basis of a non-disclosure case, giving the perfect reason not to payout in the event of a claim.
As is already common in suspected fraud cases, it could be that an insurer would employ a 3rd party to investigate you and prevent a large payout. Self regulated or not, there are ways to get the data they need and not necessarily in the most direct manner.
What should I do to prevent my data getting in the wrong hands?
The best way to combat this is to make sure your data is secure before it is too late. You can contact the provider of any test you have had to date, download your raw DNA data, and request destruction of your data and sample. Most consumer DNA testing companies have already admitted that your data cannot be removed from any completed research projects but spread can be stemmed.
You can then choose to upload and store your existing data with Genomes.io in your personal DNA Vault — a place where you will be able to control who, when and how much access is granted to your most personal data from your mobile device. You will still be able to make the same ancestry or health queries as you would with other services but rest assured that your data will never be shared without your explicit permission. Even Genomes.io will not be able to access your data. If you do decide to contribute your data to scientific and medical research, you will only share anonymised ‘snippets’ of data that cannot be used to re-identify you. In addition, you will get paid for doing so.
You can also opt to purchase clinical grade 30x whole genome sequencing through Genomes.io, a much deeper and more useful view of your genetic data than is currently offered by the likes of 23andMe and Ancestry. This gives you access to and ownership of ~100% of your genome, rather than <1% offered by our competitors. We don’t have our own lab, but work with trusted sequencing providers with whom we have end-to-end privacy preserving workflows, who directly upload your data into your DNA Vault following sequencing. They then delete the data and destroy your sample, meaning your data only exists in one place and under your control.
Your genome is the biological blueprint that makes you, you. It is the most comprehensive and sensitive piece of personal information you will ever have. It is uniquely yours, and is by definition, personally identifiable and potentially exploitable. Therefore, it must be treated differently.
At Genomes.io, we believe you should own your genome. So we have built a technology that allows you to do so. And by addressing privacy, security and ownership concerns of DNA testing and sharing, we aim to build the world’s largest user-owned genomic data bank and secure the future of personalised medicine.
Team Genomes — Get in touch through our Discord!