The following announcement was posted to the International Association of Jewish Genealogical Societies (IAJGS) mailing list by Jan Meisels Allen and is republished here with her permission:
In light of the recent familial DNA testing by the public DNA site GEDMatch, private genetic testing companies pledged on July 31 to follow voluntary “Privacy Best Practices for Consumer Genetic Testing Services”. The companies pledged to obtain consent from users before sharing “individual-level information”, including personal information, and genetic data with other businesses. The concern over privacy of the DNA data, which resulted in the “Best Practices” pledge stems from law enforcement being helped by using the familial DNA matching to find the suspected Golden State Killer (he has not yet been convicted so I am saying suspected) which did not require a court-ordered warrant and other potential cold case criminals.
Issues addressed in the Best Practices are transparency, consent, use and onward transfer, access, integrity, retention and deletion, accountability, security, privacy by Design and consumer Education. Ancestry and 23andMe have committed to “attempt to notify” their customers about law enforcement requests whenever they can (other companies may also have made a similar pledge but they were not mentioned in the article). In 2017, Ancestry received 34 valid law enforcement requests –related to credit card or identity theft and provided data on 31 cases. The Washington Post reports that 23and Me received five requests during the company’s entire history but did not turn over user data on any of them.
The companies will also provide an annual report that will relate the number of requests received from the police similar to what social media companies report.
The companies which released the guide include: 23andMe,Ancestry, Habit, African Ancestry, FamilyTree DNA, Helix and MyHeritage*. The Future of Privacy Forum, a Washington DC-based non-profit helped the companies draft the new privacy guidelines. To read the guide see: https://fpf.org/wp-content/uploads/2018/07/Privacy-Best-Practices-for-Consumer-Genetic-Testing-Services-FINAL.pdf
* More companies may have pledged to adopt the approach but I was not able to find one complete list.
To read more about this see:
To access the previous postings on GEDMatch and familial DNA testing see the IAJGS Records Access Alert archives at: http://lists.iajgs.org/mailman/private/records-access-alerts. You must be registered to access the archives. To register for the IAJGS Records Access Alert go to: http://lists.iajgs.org/mailman/listinfo/records-access-alerts You will receive an email response that you have to reply to or the subscription will not be finalized. It is required to include your organization affiliation (genealogy organization, etc.)
Jan Meisels Allen
Chairperson, IAJGS Public Records Access Monitoring Committee