AARP: 23andMe Data Hack Raises Question: Is DNA Testing Secure? 

December 6, 2023

Suzanne Bernstein, law fellow at the Electronic Privacy Information Center (EPIC) in Washington, shares the concern, especially in the absence of federal privacy laws. 

“There’s plenty of reasons to do direct-to-consumer genetic testing, and it’s certainly not all bad,” Bernstein says. 

No federal protections. But people need to be aware that federal Health Insurance Portability and Accountability Act (HIPAA) privacy safeguards don’t cover these companies, she says. The onus to protect health and other personal information shouldn’t fall on the consumer. 

“The burden should be on these companies to implement strong privacy and data security standards,” she says. 

Read more here.

Support Our Work

EPIC's work is funded by the support of individuals like you, who allow us to continue to protect privacy, open government, and democratic values in the information age.