Privacy and data security when doing a DNA test

The rapid growth of direct-to-consumer DNA testing has also given rise to cause for concern about the privacy and data security policies of genetic testing companies. We take a look at the risks involved with doing a DNA test and outline DNAFit's position on the matter.

BackRead More

Direct-to-consumer DNA testing is big business. This technology gives you a mountain of insight into your ancestry, paternity, health and even how you respond to certain types of exercises and foods that you eat. The possibilities are almost limitless. In 2017, an estimated 1 in 25 people in the USA had access to their genetic information. And that number is steadily growing as we speak!

But, many people don’t pay attention to the privacy policies and terms and conditions attached to such an analysis when they purchase a DNA testing kit.  Because the private DNA testing sector is still relatively new, the rules and regulations surrounding privacy and terms & conditions isn’t as regulated or enforced as it could - and most probably should be. While most companies do adhere to strict terms & Conditions and privacy settings cracks still appear and certain data is still at risk, this is covered in more detail below.

Is DNA testing safe?

DNA testing, from a health perspective, is completely safe. All it takes is a simple saliva sample, that is then analysed in a lab. However in the information age, where data is the new oil, there have been legitimate concerns raised about safety from a privacy and data security perspective. Your DNA is what makes you who you are - it’s entirely unique to you. This is why choosing a reputable DNA testing company is so important. If your genetic data fell into the wrong hands, it would reveal your most private information.

Recently, a cyber attack led to more than 92 million user accounts being compromised.

What is problematic in the DNA testing industry is that there is a lack of regulation. Some DNA testing companies can choose to sell you DNA data by simply not complying with the controls that have been put in place. In a time where we see the value of data, especially in light of the recent Facebook scandal, this grey area of what can and cannot be done raises legitimate concerns for people who are planning on doing a DNA test.  

However, this is not the same for all companies. You simply have to know which ones to choose, which is why it is important to do your own research before purchasing a DNA test.

Considerations before doing a DNA test

There are a number of considerations to take into account before doing a DNA test, such as:


Are you ready to find out information that you may not like?

When doing a DNA test to find out your disease risk, or your ancestry, simply out of curiosity or interest, you need to prepare for the possibility of finding out things about yourself and your family that you may not like to hear. This, from a personal perspective, could mean that you find out about your predisposition to a disease such as Alzheimer’s. Although doing a DNA test doesn’t guarantee that you will get such a disease, knowing that you are susceptible to such a disease could cause you stress if you don't have a professional to turn to for advice. This is simply one of the disadvantages of doing a DNA test and there are others, so be prepared for the results your DNA tests may bring.

Another aspect are the countless stories that have been cropping up about people finding out that one of their parents are their real parents, or even further down the line where your genealogy isn’t what you expected it to be.

In short, you need to be prepared for all outcomes and eventualities if this is the information you are after, no matter how difficult it might be knowing it.

At DNAFit, we hold your hand through the entire process to ensure that you don't feel stresses or anxious when interpreting your results. You are assigned your own, personal wellness coach who not only explains what your results (e.g. a high fat sensitivity or raised antioxidant requirement) mean, but gives you actionable advice to help you use your results to make positive lifestyle changes.

Who is going to have access to your data and what are they going to do with it?

As we have mentioned previously, there is a lack of regulation in the direct-to-consumer genetic testing industry. This means that you need to be sure of the reputation of the company that you are being tested by as, for example, pharmaceutical companies are also very interested in the genetic data of all people.

This could be used for research purposes that can benefit society, but it could also be used for more profit-based drug research where someone else will be getting rich off the back of your DNA.

With DNAFit, your results will never be shared with a third party

When DNAFit started, we always had the goal in mind of helping people to stay healthier, and nothing else. Rest assured, DNAFit adheres to the strictest controls regarding data protection and security.

We have always been aware of the lack of regulation and this is why we have always maintained high standards of security in an aim to self-regulate ourselves so that we would stand out as a reputable brand in the DTC genetic testing industry.

DNAFit adhere to the UK Data Protection Act, are GDPR compliant and proud to be the first consumer genetics company to be awarded ISO27001 certification – the highest international standard for data security and management.

We only test for the genes we need and your sample is destroyed once the lab has completed the analysis. Your results are stored under an anonymised ID to create your reports.

We're dedicated to bringing you a product that you can trust, by implementing these regulations into the framework of our company.

Could your genetic information affect your insurance?

Pharmaceutical companies aren’t the only ones interested in your genetic data, insurance companies are as well. As the science continues to grow and more and more rigorous controls are put on it to ensure accuracy, this information could then be used by insurance companies to make a decision on your cover, based on your genetic risk of disease, for example.

Your genetic data is the most important bit of information you’ll receive about yourself. It is unique to you and acts as a blueprint of where you come from and who you are today. Therefore, you need to always be sure of what it could mean in future if your DNA could be used against you.

Your genetic information may not be true

A study recently discovered that 40% of variants in a variety of genes reported in DTC raw data were false positives. In addition, some variants designated with the “increased risk” classification in DTC raw data or by a third-party interpretation service were classified as benign at Ambry Genetics as well as several other clinical laboratories, and are noted to be common variants in publicly available population frequency databases.

Therefore, the information you recieve may look worse than it really is. 

This is why it's vital to choose a reputable DNA test supplier

DNAFit pioneered the personal genetics code of practice, providing the highest evidence threshold in the industry.

Every result in our reports is built from a minimum of three peer-reviewed research papers. We only include genes which have repeatedly shown an effect on various aspects of health, fitness or nutrition. This means that there are real-life lifestyle changes you can make based on which gene variation you carry.

We are certified as ISO 27001, after undergoing rigorous internal and external processes, in order to identify risks, assess all of our systems of control and increase our reliability and security in so far that we adhere to the international standards of data security in order to ensure that our customers and business partners can trust us.

A word from our CEO

Avi Lasarow, CEO of DNAFit said:

“Preventable Chronic Diseases are going to be the largest driver of healthcare costs over the next 10 years and the use of genetic testing services to make small changes in personal lifestyle decisions, such as the right diet, can make a big impact. As a result, we want to make sure as a company that our existing and future customers feel that their personal data is in safe hands. By choosing DNAFit, they are assured that the world’s best data information security practices are in place. We know that data security is important to our current customers and potential future customers, so we have worked hard for the past 18 months to ensure we could become the first company in our market segment become ISO 27001 certified. We’re really looking forward to working collaboratively in extending the framework and certification across the Prenetics group over the coming months.”

In summary

  • We only test for our panel of genetic variants associated with health and fitness, and nothing more.
  • No personal information is stored, your genetic sample is destroyed as soon as your results have been processed.
  • We only include genetic variants that have been shown (in at least three studies) to have health and fitness associations.
  • DNAFit are registered with the Information Commissioner’s Office for data protection.
  • And finally, we are the only genetic testing company who is ISO 27001 certified, which is the highest level of information security worldwide.

Never miss a post!

Get DNAfit's latest content straight to your inbox

We'll send you a monthly blog round-up filled with all our latest posts, eBooks, and special offers.

Subscribe for DNAfit News