Who are in the Coalition for Genetic Data Protection?
Three direct-to-consumer Genetic testing companies have come together to form the CGDP (Coalition for Genetic Data Protection)..the two heavy weights of this space; Ancestry and 23andMe, and the lesser known Helix. Click here for the Coalition’s Website.
The main purpose of the coalition is to..”Let Congress know what the best practices are for protecting customer’s data and also to show their customer’s that they’re deserving of their trust.” -Steve Haro (the Coalition’s Executive Director)
Best Practices according to the CGDP…
The Coalition recognizes in their White Paper that Genetic Data is sensitive information that warrants a high standard of privacy protection because of the following reasons:
It may be used to identify predispositions, disease risk, and predict future medical conditions.
It may reveal information about the individual’s family members, including future children.
It may contain unexpected information or information of which the full impact may not be understood at the time of collection.
It may have cultural significance for groups or individuals.
The Best Practices Mainly Focus On…
Use and Onward Transfer
Access (Integrity, Retention, Deletion)
Privacy by Decision
My Thoughts and Concerns…
The coalition is actually run by a very prominent lobbying firm-Mehlman Castagnetti Rosen & Thomas, out of Washington, D.C. These Genetic companies know lawmakers are particularly interested in what is being done with our genetic data, and just recently the Protecting Personal Health Data Act was introduced by Senators Amy Klobuchar (D-MN) and Lisa Murkowski(R-AK). After reading the CGDP’s White paper I agree with the standards they are presenting and feel that all of the companies in this space should be adhering to these standards anyway. When it comes to our Genetic data privacy..saying and doing are two different things..as we just recently witnessed with the Vitagene breach , where they claimed all user’s information would be de-identified and then ended up leaving the raw DNA of some users exposed WITH their names. I also find it concerning that the Coalition at times say the companies involved should do this or that instead of saying they must. Here are my questions: Should we allow these direct-to-consumer Genetic testing companies to have control in what the rules are that they and their competitors should follow? Who are the security professionals that are helping to guide them? We know that they are getting help with lobbying and control in Washington but I want to know more about their privacy practices. And what will happen to any of their competitors who choose not to join the coalition? As of right now I am happy for the extra awareness and focus on the security of our Genetic Data but we will have to wait and see the impact this will have in Washington and whether or not it makes our Data any safer.