The Federal Trade Commission (FTC) recently announced that genetic testing company 1Health.io has recently been accused of failing to secure sensitive genetic and health data, misleading consumers about rights to delete personal data, and also altering privacy policy without enough communication or consent from consumers whose information has been gathered.
“Companies that try to change the rules of the game by re-writing their privacy policy are on notice,” Director of FTC Bureau of Consumer Protection Samuel Levine said in a news release by the FTC. “The FTC Act prohibits companies from unilaterally applying material privacy policy changes to previously collected data.”
The FTC claims that 1Health.io's security lapses jeopardized consumer data by storing about 2,400 consumer reports and genetic data of at least 227 consumers with first names listed. They were allegedly listed as publicly inaccessible storage on Amazon Web Services. The FTC also complained that the company, which was formerly called Vitagene, did not encrypt the data, limit, log or monitor access to it, and also did not maintain an inventory for security assurance despite pledging to have excellent security measures in place.
According to the press release, the proposed order of the FTC requires that the company pay $75,000 to the FTC for consumer refunds. The company must also not share health data with any third parties without expressed consumer consent, and also ensure any acquirer of its business adheres to these FTC provisions, contact the FTC about any unauthorized data disclosure and implement an information security program to rectify its security lapses. The proposed settlement also requires 1Health.io to tell third-party contract laboratories to destroy DNA samples that have been retained for more than 180 days.
The California-based company has sold DNA health test kits and used the results and consumer information for reports about health, wellness and ancestry. They have product packages ranging from $29 to $259.
The FTC is dedicated to safeguarding the public from harmful business practices and fosters fair competition through law advocacy, enforcement, education and research, according to its website.