The direct to consumer genetic testing company 23andme made headlines six months ago when Vox published a story about unwelcome family connections found as a result of lax privacy settings with its genealogical services. In one case, a professor’s parents divorced after the site revealed that his father had a child before he was married. This revelation came at a time that 23andme was contemplating changes to its privacy policies that would make such connections even more likely.
In light of the story and the attention it garnered, 23andme quickly announced it was reversing that decision and finally hiring a Chief Privacy Officer after eight years in business; to ensure that consumers would have someone in the company exclusively focused on their privacy. They received kudos for their decision, albeit belated. 23andme ran ads on major job listing sites for the position as well as on its own website. A couple of months later, in late December, those ads disappeared. Since then the company has made no announcement of a hire, there is no staff member listed on the company’s website with that job title, and there’s been no public or private appearance in person, in writing or otherwise of anyone professing to be 23andme’s new Chief Privacy Officer.
At a time when the company is rapidly expanding into new international markets (Canada, United Kingdom) with the full range of its direct to consumer health products and beginning to rebuild its service here in the US (they just received FDA approval to market a Bloom syndrome carrier status report), it would appear that the position of Chief Privacy Officer is even more necessary today. Especially so as the company embarks in major new directions, having negotiated research partnerships with several pharmaceutical companies hungry to get access to 23andmes huge database of its customers’ genetic information.
23andme operates one of the largest private DNA databases in the country (over 850,000 samples according to latest reports) and its business model makes clear an intent to continue its rapid expansion. If the company is truly dedicated to ensuring that the valuable consumer data that’s been entrusted to it is not misused and serves only the public interest, it must work quickly and transparently to hire a Chief Privacy Officer dedicated to that task.