Protect Personal Genetic Information

Risks and practical recommendations to prevent misuse of genetic data.

Why this matters

Discrimination: Employment, insurance, lending and access risk when genetic data is exposed.
Privacy erosion: Genetic data is immutable and can reveal relatives' information.
Reidentification: De-identified datasets can often be linked back to individuals.

Recommendations

Companies (research, testing)

Adopt privacy-by-design: minimize collection and retention of raw genetic data.
Require explicit, granular consent for each use and third‑party sharing.
Use strong encryption (at-rest and in-transit) and strict key management.
Implement differential access controls and audit logging for all access.
Offer robust opt-out and deletion processes that remove derived insights too.

Organizations (hospitals)

Governance: institutional review boards must assess privacy harms and benefits.
Data minimization, secure compute enclaves, and purpose limitation for secondary uses.
Transparent data-sharing agreements and accountability for downstream users.
Community engagement and clear communication of risks to participants.
Routine privacy impact assessments and public reporting of breaches.

Lawmakers & regulators

Enact strong nondiscrimination protections for genetic information.
Define narrow permitted uses and require data minimization standards.
Mandate breach notification with specifics on genetic data risks.
Require transparency reports, audits, and enforceable penalties.
Support public funding for secure infrastructures and independent oversight.

Take action