FTC Accuses Genetic Testing Company of Failing to Safeguard Data

by

The Federal Trade Commission has filed charges against a genetic testing company for its failure to safeguard customers’ genetic data, marking the agency’s first case focused on the privacy and security of genetic information.

1Health.io, formerly known as Vitagene and based in San Francisco, offered DNA health test kits and test results to provide consumers with reports on their health, wellness, and ancestry. These products are part of packages that can cost up to $259. The company claimed to have a strong cybersecurity standard for handling customer data in these sales.

According to the FTC, the issue was that the company had security lapses that could have put consumer data at risk. However, there are no allegations that any consumer data was improperly seized by third parties.

Samuel Levine, director of the FTC’s bureau of consumer protection, said in a press release, “Companies that try to change the rules of the game by rewriting their privacy policy are on notice. The FTC Act prohibits companies from unilaterally applying material privacy policy changes to previously collected data.”

According to the FTC’s complaint, the company failed to fulfill several key promises. These include not storing DNA results with customer names or identifying information, allowing consumers to delete their personal information at any time, and destroying DNA saliva samples shortly after analysis.

Furthermore, the company did not have agreements in place with third parties to ensure the destruction of DNA samples, raising questions about what happened to these samples, as stated by the FTC.

The FTC also accused Vitagene of failing to protect its electronic data. The company left approximately 2,400 health reports and raw genetic data from at least 227 consumers exposed in publicly accessible Amazon Web Services “buckets,” sometimes with accompanying first names, due to improper security settings. The FTC learned about this through an unnamed cybersecurity researcher who contacted the company.

In response to the regulatory action, CEO Mehdi Maghsoodnia criticized it as an “extraordinary overreach” by the FTC in a statement to The Washington Post. Maghsoodnia also expressed the company’s disagreement with many of the FTC’s conclusions and their desire to move forward from this matter.

As part of a proposed order, 1Health.io will be required to pay $75,000 in consumer refunds and adhere to various cybersecurity restrictions. These include not sharing health data with third parties, notifying the FTC of any unauthorized disclosure of consumer data, and implementing a comprehensive information security plan.

Reference 

Denial of responsibility! VigourTimes is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
Denial of responsibility! Vigour Times is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
DMCA compliant image

Leave a Comment