Can Someone Steal Your DNA? Levine Takes Action on the Next Frontier in Privacy: Your Genetic Data

For immediate release:

(Sacramento, CA) – Think your DNA is private and secure? Think again. Following Assemblymember Marc Levine’s (D-Marin County) successful 2019 legislation to protect the privacy of Californians’ passport and biometric data, Levine today introduced AB 2301, which would add “genetic information” to the state’s data breach notification law.

AB 2301 would specifically require a business operating in the state and in possession of a consumer’s genetic information to notify the consumer if their genetic information is stolen or breached. As the Los Angeles Times reported last year, DNA testing service Vitagene Inc. left thousands of client health records exposed online for years. A genetic privacy expert at Vanderbilt University noted that Vitagene’s data exposure was “extremely significant,” and raised “a host of privacy issues for the individuals.” 

“There is no personal data more sensitive than the DNA that makes us what we are,” said Assemblymember Levine. “As companies begin to collect and store consumer DNA data, we must ensure that these businesses are taking all appropriate steps to protect the privacy of our genetic information. AB 2301 will bring California’s consumer privacy law in line with the rapidly expanding use of this technology and will prioritize privacy when it comes to our most sensitive personal information.” 

Genetic information has quickly become the next frontier in consumer privacy. As of early 2019, more than 26 million consumers had added their DNA to at least one of the four leading commercial ancestry and health databases. AncestryDNA alone has more than 16 million people in its consumer DNA network, making it the largest in the world.

"Your genetic information stays with you for life and, unlike your credit card number, can never be changed,” said Dena Mendelsohn, Senior Policy Counsel at Consumer Reports. “This bill is an important step to ensuring that consumers whose sensitive data is breached have adequate notice when it occurs and can take the steps necessary to protect themselves."  

"Companies that are collecting and storing our genetic testing data should be responsible for taking the utmost care to keep that data safe and private,” said Emily Rusch, Executive Director of CALPIRG, in support of the bill. “One way to encourage companies to take our data security seriously is to give consumers the tools to hold companies accountable if they fail,"

AB 2301 will be considered by the State Assembly this spring.

# # #