Decoding Our DNA Regulations: An Analysis of Protective Genetic Privacy Legislation

23andMe. AncestryDNA. MyHeritage. With the fast-paced development of genetic technology on the rise, these services have taken the biotechnological industry by storm, reaching the everyday American faster and more easily. Private citizens are able to access their entire genetic history, ancestry, and the exact specifics of their DNA with just a click of a button or a quick visit to a specialist. This unprecedented surge in accessibility even played out prominently in recent American politics, when Senator Elizabeth Warren promptly received and unveiled her DNA test results to the public in October in an attempt to retaliate against comments made by Donald Trump in the 2020 election race.[1] The average American citizen can know more than ever before about their exact genetic makeup faster than ever before, but most consumers are unaware of how to protect that information or who exactly has rights to that data.

As genetic testing expands from being selectively available to becoming a routine aspect of accessible health data available to the average citizen, legislation concerning the dissemination of biological data has lagged behind, specifically in regards to security and protection of basic privacy. Existing legislation concerning access to DNA information and sharing genetic data includes the Genetic Information Nondiscrimination Act (2008), which aims to protect against genetic discrimination in regards to health insurance and potential employment, and the Health Insurance Portability and Accountability Act (1996), which targets the sharing of genetic information with potential health care providers.[2][3] While both laws, particularly the Genetic Information Nondiscrimination Act, advocate protection of citizens in the context of employment and a few forms of insurance coverage, neither adequately addresses the whole scope of issues faced in regards to the protection and dissemination of genetic information, neither in the workplace, where the acts were intended to have an effect, nor at home.

In early 2010, closely following the passage of the Genetic Information Nondiscrimination Act, a lawsuit was filed alleging that MXEnergy fired one of its employees, Pamela Fink, following her undergoing a preventative double mastectomy due to discovering she carried the BRC2A gene associated with higher risk of breast cancer.[4] Fink v. MXEnergy (2010) was the first case to publicly qualify to be filed as a violation under the Genetic Information Nondiscrimination Act due to the transparency of the transfer of the genetic information: Fink clearly informed her bosses about her genetic tests and the preventative measures she was taking prior to the surgery, and her subsequent termination shortly afterwards, despite glowing reports and generally positive accounts of her performance up till that point in her employment, left the court with an explicit violation to rule on.

Fink’s case was only successfully categorized as a violation of the Genetic Information Nondiscrimination Act due to the clear-cut nature of the case as violating the very basic principle of the legislation; most other cases, due to legislative loopholes, were not nearly as successful at using the Act to their advantage. In Poole v. Peterbilt Bristol, LLC (2012), Mark Poore was fired from Peterbilt Bristol just six days after filing a health insurance report that contained genetic information about him and associated family members. However, Poore was unable to file his case as a violation of the Genetic Information Nondiscrimination Act because the potentially damaging genetic information, a diagnosis of multiple sclerosis, was related to his wife, who was not his blood-related relative. This case highlights one of the key loopholes within the legislation: while it protects against persecution by employers of those directly affiliated with the company, spouses and children are not similarly protected against insurance discrimination. This is an issue because such genetic data can result in family plan insurance premiums being driven up, as an indirect way of penalizing employees for poorer, less secure health evaluations.[5] In addition, the Genetic Information Nondiscrimination Act does not protect against third party sharing of information, an easy way to circumvent the law by having employees share their genetic information with a third party “objective” source who then transfers the information back to the employer, invalidating the tenet of the legislation that holds that employers cannot discriminate against employees on the basis of genetic information that is directly shared with them.[6]

It is important to note that beyond the issues of the easily circumventable wording and structure of the Genetic Information Nondiscrimination Act (as evidenced by the loopholes cited above), this legislation is further inadequate in that it serves to protect purely corporate interests. It is specific to an impractical degree to particular circumstances in private businesses, in terms of attempting to cater to employment and insurance concerns. Even the very first case to be classified as a violation of the Genetic Information Nondiscrimination Act, the aforementioned Fink v. MXEnergy (2010), proceeded through months of difficulty with filing under the Act, despite the supposedly obvious violation, before it was finally settled confidentially in the Equal Employment Opportunity Commission phase. The complex and lengthy court process for even the most simple and explicit of cases showcases the inadequacy of the legislation to clearly define its tenets in a way that is viable for use in court.[7]

Pulling back to the larger, more pressing issue, especially considering the meteoric rise of private companies that provide genetic testing services to at-home consumers, there is the lack of any form of protective legislation for private citizens using such services. The Genetic Information Nondiscrimination Act, despite its rudimentary and lacking structure, provides a baseline for sharing genetic information in the workplace, but no such legislation exists in any other scenarios relevant to genetic testing. Incidents such as the MyHeritage hack in June of 2018, where over 92 million users’ data was discovered on a private server, or law enforcement using subpoenas to access genetic data from DNA testing companies such as in the Golden State Killer case, highlight the growing necessity of such legislation.[8] Consumers have no control and, more concerningly, no awareness, of which third party organizations have access to their genetic data and who can benefit from their private health information. Worse, no standard currently exists to challenge these violations of privacy in court, other than the poor precedent set by the Genetic Information Nondiscrimination Act.

With the current pace of technological development surrounding bioengineering and accessibility to predictive data, legislation must accelerate to stay on track with technological progress and mediate the worrisome social and privacy implications brought by the unprecedented growth in access to people’s lives. The more biological, identifying information that becomes available, the more loopholes and vulnerabilities exist that must be addressed.

Sources:

[1] Bruenig, Elizabeth. "Elizabeth Warren's DNA Test Is about More than Politics." The Washington Post. October 18, 2018. Accessed November 01, 2018. https://www.washingtonpost.com/opinions/elizabeth-warrens-dna-test-is-about-more-than-politics/2018/10/18/85bd1368-d248-11e8-8c22-fa2ef74bd6d6_story.html?utm_term=.0ea5109cd41b.

[2] "The Genetic Information Nondiscrimination Act of 2008." Genetic Information Nondiscrimination Act of 2008. Accessed November 01, 2018. https://www.eeoc.gov/laws/statutes/gina.cfm.

[3] Totenberg, Amy. "LOWE v. ATLAS LOGISTICS G | 102 F.Supp.3d 1360 (2015) | 60219000191." Leagle. Accessed November 01, 2018. https://www.leagle.com/decision/inadvfdco160219000191.

[4] Greenhouse, Steven. "Ex-Worker Says She Lost Job Because of Genetic Test." The New York Times. April 30, 2010. Accessed November 01, 2018. https://www.nytimes.com/2010/05/01/us/01gene.html.

[5] "Poore v. Peterbilt of Bristol, LLC, 852 F.Supp.2d 727 (W.D. Va. 2012)." Case Brief - Quimbee. Accessed November 01, 2018. https://www.quimbee.com/cases/poore-v-peterbilt-of-bristol-l-l-c.

[6] Zhang, Sarah. "The Loopholes in the Law Prohibiting Genetic Discrimination." The Atlantic. March 13, 2017. Accessed November 01, 2018. https://www.theatlantic.com/health/archive/2017/03/genetic-discrimination-law-gina/519216/

[7] "GINA'S BEAUTY IS ONLY SKIN DEEP." Gene Watch Page. Accessed November 01, 2018. http://www.councilforresponsiblegenetics.org/genewatch/GeneWatchPage.aspx?pageId=184&archive=yes.

[8] Rosenbaum, Eric. "5 Biggest Risks of Sharing Your DNA with Consumer Genetic-testing Companies." CNBC. June 16, 2018. Accessed November 01, 2018. https://www.cnbc.com/2018/06/16/5-biggest-risks-of-sharing-dna-with-consumer-genetic-testing-companies.html.