Action 9 asks genealogy companies if DNA is secure

CHARLOTTE, N.C. — Thieves may be after your DNA. Federal agents said they steal that data, learn about you -- like if certain diseases run in your family -- and can use that information to extort you.

Still, millions of people are sending companies DNA samples to learn about their ancestry. So Action 9 investigator Jason Stoogenke asked two popular companies -- Ancestry and 23andMe -- how they prevent your genetic data from falling into the wrong hands.

‘It definitely crosses your mind’

Dawn Mallonee plans to ship off her saliva. Ancestry will analyze it for her and keep that data on file. But she admits she thought twice about sharing her genetic information so willingly.

"It definitely crosses your mind," she said.

She said she researched it first and feels good about it, saying, "You can't live in fear."

Better Business Bureau president Tom Bartholomy said he wouldn't share his DNA sample but that people who do should research a few things.

"The company that they're doing this with (and) what type of security and privacy constraints they have in place," he said.

Companies' responses

So Stoogenke read Ancestry's and 23andMe's privacy policies.

Stoogenke contacted each company directly. He asked 23andMe's privacy officer, Kate Black, "I tell people all the time to protect their personal information. And you can't get much more personal than DNA. So what do you do to make sure that information is secure?"

"Keeping genetic information private and secure is really the core of our business,” Black said.

She and Ancestry told Stoogenke they encrypt all data, assign DNA results codes instead of names, and keep names, addresses and financial information in separate databases.

"Otherwise, the information never sees each other and is never connected to an individual," Black said.

They said only certain staff members have access to all the databases and servers. In Ancestry's case, it said only two employees have access to its servers.

The companies also said they never sell people's information to advertisers or telemarketers.


Do what Stoogenke did: read the company's privacy policy -- yes, they can be long and in legalese -- and if you have questions, don't be afraid to ask the company.