Can’t change DNA data
Much of the leaked data resembles information involved in major leaks from the likes of Medibank and Optus last year.
But Christopher Lean, research fellow at the University of Sydney’s theory and methods in the biosciences group, said a key concern is that unlike your driver’s licence or Medicare number, you can’t switch out your DNA once it has been made public.
And you won’t be the only person affected by such a leak.
“Your bank account can change … your passwords can change; all these little bits of data can change, but your DNA can never change. It always identifies you,” he said.
“And not only does it identify you, it can be used to identify your relatives. This includes relatives who don’t exist yet – children in the next generation.”
Unknown uses
While you might be happy to send off some spit to get some information about your ethnic background or health risks, it is common for companies such as 23andMe to examine, store or sell your genetic code to be used by pharmaceutical companies, insurance companies and law enforcement.
In a famous case, the Golden State Killer was captured after law enforcement used semen from a rape kit to identify his relatives through the use of websites including FamilyTreeDNA, MyHeritage and GEDmatch.
While this took a violent criminal off the streets, Lean said there are “deep fears” around privacy as millions of people curious about genetic makeup add their DNA to massive databases.
And we still don’t know all the ways that information could potentially be used, Andelka M. Phillips, senior lecturer in law, science and technology at The University of Queensland, told TND.
“Genetic data can be used for lots of research purposes, and we can’t really anticipate all those purposes at the moment,” she said.
“23andMe … were acquired by Virgin in the last few years. Prior to that, they had at least 14 partnerships with pharmaceutical companies for research.
“For the most part, across the industry, the [DNA testing] companies are not really making a profit from the sale of tests themselves, but from the partnerships and mergers they can enter into.”
Piles of information
Phillips said DNA could add up to the piles of information about you likely already available, which could add up to a frighteningly in-depth profile that could potentially be used for everything from private market research to identity theft.
And 23andMe isn’t the first DNA testing company to have sensitive customer information made public.
For example, an attack saw 1.3 million DNA records from GEDmatch’s database become available for US law enforcement searches despite only 280,000 customers actively choosing to share their data.
And even if you’re careful to read through the terms and conditions of a data testing company to ensure they won’t share your data, their rules can be overturned in a court of law – as seen in a case again involving GEDmatch and US police.
“If you’ve got an online dating profile, and you’ve engaged with a DNA testing company, and you have some wearable tech or internet … products in your home, that’s a lot of data that could be out there about you,” Phillips said.
“I’m not someone who is actually anti-industry, but I think this is an industry in need of regulation … both at the local and international level. And my recommendation for most people is that they actually think about what their views on privacy are [and] what their levels of comfort in terms of how their data is used and shared. How would they feel if their data actually was leaked?
“Just because you’re interested in one thing doesn’t necessarily mean that’s going to be the only way your data is used.”