Ancestry.com: Where Online and Genome Privacy Issues Meet

June 4, 2012

DNA onlineOne of the leading unresolved information privacy issues is the scope of protection for personal information associated with online activities.

Another critical and open information privacy concern is the extent to which genetic information should be protected from access and disclosure.

These two challenging privacy topics meet in the context of Ancestry.com’s new genome database service.

Ancestry.com operates an online system that assists individuals to conduct genealogical research, helping them to explore their family histories.

The company reportedly has nearly two million subscribers.  Recently, Ancestry launched a service enabling its members to compare their genomes with those of all other Ancestry members in the company’s DNA database.

Participating Ancestry subscribers receive DNA kits, provided by Ancestry, and they submit saliva samples to the company.

Ancestry extracts the DNA at its lab, mapping approximately 700,000 genetic markers for each sample.

Ancestry uses software to compare each sample with all others in its database to identify relationships.

The Ancestry software can identify familial relationships ranging from siblings to fifth cousins.

To date, much of the attention the Ancestry system and similar systems offered by companies such as 23andMe and Family Tree DNA have incited focuses on the issue of whether participants in these genome databases should have the option to shield their DNA from searches conducted by other parties.

It is important to note that there are also other significant privacy issues raised by widespread use of these consumer-oriented DNA databases.

One important issue is the security of these DNA databases.

They are likely to become attractive targets for unauthorized parties. 

Accordingly, standards and procedures to ensure that these databases are secure from both online and in-person security breaches are necessary.

Another issue to be addressed is the scope of authorized third party access to the databases.

For example, these DNA databases may eventually be viewed as attractive sources of information for law enforcement and national security authorities.

The extent to which those government authorities should have access to the DNA databases is a critical issue which must eventually be addressed.

The intersection of Internet and genome technologies creates promising opportunities for consumers and businesses. 

It also raises challenging legal and public policy issues.

Until those issues are effectively examined and resolved, consumers and enterprises should exercise substantial caution as they make decisions regarding participation in DNA databases. 

The Internet experience has taught us that once information has become available, even if initially only for limited purposes, it is ultimately extremely difficult to maintain control over future access to, and use of, that information.

Consumers now properly fear loss of control over their personal financial information and they increasingly exercise safeguards to protect the privacy of that information.

Genome information can be even more sensitive and damaging than financial information. 

One can reasonably argue that genome information is the most personal of all personal data.

For this reason, DNA databases merit the most rigorous security and privacy safeguards, and consumers should be exceptionally cautious about sharing that information.