Security at Navigenics and 23andMe

Security of genetic information is an enormous concern for individuals, and thus an enormous concern facing commercial genetic enterprises.  I was recently having a conversation with someone about the security of genetic and personal information at companies such as 23andMe and Navigenics, and I pointed out that the very livelihood of these organizations depends on their ability to secure information.  A single security breach could potentially drive away future customers.

On that topic, Ryan Calo, a residential fellow at Stanford Law School’s Center for Internet & Society writes about a panel discussion held at the law school (pdf poster here):

“With a credit card and a saliva sample, consumers can now unlock the secrets carried in their DNA. Consumer genomics offers direct access to one’s genetic code, plus interpretations of health risks, family lineage, opportunities for social networking, and more. But how should consumer genomics be regulated? Join us for a panel discussion with leaders at the forefront of consumer genomics (23andme and Navigenics), media commentators (Alexis Madrigal from Wired), and policy makers.”

The moderator of the discussion was Hank Greely, a professor at Stanford whose work I highly respect and enjoy.

Calo writes in his blog that Navigenics has a strong statement in their privacy policy that they “will use reasonable and lawful efforts to limit the scope of any”  legally required disclosure, such as subpoenas and court orders.  During the talk, 23andMe co-founder Anne Wojcicki stated that 23andMe also has a policy to fight unreasonable requests for information (such as subpoenas).  Calo has more at his blog.

A recording of the panel discussion will be made available here at some point in the future.

9 Responses

  1. Lee Essner 3 January 2010 / 5:46 pm

    It is also worth noting that we have reviewed all online genetic testing providers (including Navigencis, 23andMe, and Pathway Genomics) based on whether the provider clearly displays a privacy policy that includes information about safeguarding the information they collect from users as well as any results of testing. This can be found by going to and searching for the test or the provider you are interested in.

Comments are closed.