Web Extra: Full statements from Ancestry, 23andMe on privacy
How does Ancestry handle privacy?
At Ancestry, privacy is our top priority. For over 20 years, people have trusted us with personal information about themselves and their families. We understand the personal nature of the data we’re dealing with are committed to always being a good steward. We make the following commitments to our users:
· You own your data and you always maintain ownership of it
· We do not sell your data to third parties or share it with researchers without your consent
· You may request that we delete your data or account at any time
How is submitted DNA protected and secured?
Ancestry maintains a comprehensive information security program designed to protect customers’ Personal Information using administrative, physical, and technical safeguards. Customer saliva samples are only identified with a code from submission to the lab and throughout the genotyping process.
Once Ancestry gets the data back from the lab, we encrypt our members’ personal information including genetic information at rest and in transit. No personally identifying information is stored with the Raw DNA or physical samples. As mentioned above, customers can request the deletion of their data and destruction of their sample at any time.
Additionally, Ancestry’s Security Team regularly reviews our security and privacy practices and enhances them as necessary to help ensure the integrity of our systems and our customer’s Personal Information.
How is DNA stored?
DNA Data is encrypted and stored on secure severs managed in AWS and in our in-house data centers. Customer physical samples are stored in a secure facility to enable the possibility of future testing as new techniques and science become available. No personally identifying information is stored with the Raw DNA or physical samples.
Can law enforcement agencies can request DNA collected by Ancestry.com?
Ancestry advocates for its members’ privacy and will not share any information with law enforcement unless compelled to by valid legal process, such as a court order or search warrant.
Additionally, we publish law enforcement requests in our transparency report annually. It’s important to note that in all of 2015 and 2016, we received no valid legal requests for genetic information. All the requests we received in 2015 or 2016 were related to credit card misuse and identity theft, and where required by law, we provided responsive information.
-Chief Privacy Officer Eric Heath
We do not share customer data without explicit consent, and we use all legal measures to resist law enforcement inquiries in order to protect our customers' privacy. To date, we have have not released any information to law enforcement. On very few occasions, as outlined in our Transparency Report published online (found here:https://blog.23andme.com/23andme-and-you/23andprivacy-your-data-law-enforcement/) 23andMe has received requests from law enforcement agencies. We have successfully challenged these requests and as mentioned have not released any data to law enforcement." - Kate Black, 23andMe privacy officer