The Privacy Question Every Genetic Testing Customer Should Ask

Genetic data is different from other personal data. Your address can be changed. Your email can be deleted. Your credit card number gets rotated after a breach. Your genome cannot be changed, cannot be fully de-identified, and contains information about your biological relatives who never consented to be tested. That asymmetry matters when you're deciding whether and with whom to share it.

This piece isn't an argument against genetic testing. We're a genetic testing company. But we think customers deserve to understand what they're agreeing to, ask the right questions, and make informed decisions. So here's what to actually ask.

Do you sell my genetic data?

This is the first question, and the answer should be a flat no. Some companies in this space generate significant revenue from licensing de-identified genetic data to pharmaceutical and biotech companies. That's a legitimate business model - it accelerates drug discovery - but customers should know it's happening and consent to it explicitly, not have it buried in a terms of service document.

GeneLens does not sell, license, or share individual or aggregated genetic data with third parties for commercial purposes. We don't have a research data licensing program. If that changes, we would notify customers and require new affirmative consent before any data was used in that way.

How is my data stored, and for how long?

DNA data storage has two components: the physical sample (your saliva or swab) and the digital genotype file (the data generated from that sample). These are different, and the policies may differ.

You should know whether the company retains your physical sample after analysis, how long they store the digital genotype file, and whether you can request deletion of both. Under CCPA, California residents have the right to request deletion of personal data held by a business. Other states have similar laws, and federal protections are expanding.

At GeneLens, physical samples are destroyed within 60 days of analysis. Digital genotype files are retained in our secure systems until you request deletion, at which point both the genotype data and any derived health interpretations are permanently removed from our systems within 30 days. We do not use archived data to retroactively update your results without consent.

What happens if the company is acquired?

Consumer genetics companies have been acquired, merged, and in some cases gone bankrupt. What happens to your genetic data when that happens? Does it become an asset that transfers to the acquiring company? Is the acquirer bound by the same privacy policy?

The most protective policy is one that explicitly prohibits genetic data from being transferred in a merger or acquisition without fresh customer consent. This is not universal. Some privacy policies are written in a way that allows a data transfer as part of a business transaction. Read the actual terms, not the marketing summary.

Can law enforcement access my genetic data?

This question matters more than many customers realize. Several states have passed genetic privacy laws that restrict law enforcement access to consumer genetic databases without a warrant. Federally, the situation is less clear.

Look for companies that publish a law enforcement guidelines document and commit to requiring a valid legal process before releasing any data. The company should also commit to notifying users of government data requests whenever legally permitted to do so, rather than complying silently.

GeneLens requires a valid court order or subpoena for any government data request, does not voluntarily share data with law enforcement, and notifies affected customers of any compelled disclosure unless prohibited by court order from doing so.

What are the insurance implications?

The Genetic Information Nondiscrimination Act (GINA) prohibits health insurers and employers from using genetic information to make coverage or employment decisions. However, GINA does not cover life insurance, disability insurance, or long-term care insurance. Those insurers can, in some states, ask about genetic test results and factor them into underwriting decisions.

This is a personal financial risk to consider before testing, especially if you are in the market for those types of insurance. The legal landscape is evolving - several states have passed additional protections - but the gap in federal law is real.

What controls do I have over my results?

A good genetic testing company gives you meaningful control over what you see and when. Some findings, particularly those with significant health implications (BRCA variants, APOE4 status for Alzheimer's risk), should come with the ability to opt in or out before viewing. You should not have high-impact findings surfaced to you without warning.

GeneLens uses a result gating system for certain high-disclosure findings. You can choose whether to see specific result categories, and we provide an educational primer before any finding with significant clinical implications is displayed. That choice should always be yours.

None of this is to say you shouldn't test. The information genuinely useful. But ask the questions. Read the actual privacy policy. Know what you're agreeing to before you mail the kit.