FTC complaint exposes alleged privacy violations at genetic testing company

1Health.io, a genetic testing firm formerly known as Vitagene, is facing repercussions from the FTC following alleged consumer privacy violations. The California-based company sold genetic testing kits to give individuals insight into their health, wellness, and ancestry with just a DNA sample. 

In a recent complaint, the FTC reports that the company advertised a secure user experience but instead failed to anonymize DNA samples and stored sensitive information appropriately. Further, the company allegedly reneged on promises to delete consumer data and destroy genetic material.

Vitagene also retroactively changed its privacy policy, expanding the companies it could share customer data with, adding supermarkets and nutrition and supplement manufacturers to the list. 

Vitagene is no stranger to privacy violations and FTC regulation – over a two year period, the company fielded three different warnings from the FTC related to their deceptive privacy and security practices. 

A proposed FTC settlement mandates that the company pay $75,000 and bolster their privacy measures. Under the new agreement, 1Health.io would also implement a new security program and cease sale of consumer data to third parties.

When it comes to health information and our physical DNA, it is essential that companies collect only strictly necessary data and are transparent about what goes on behind the scenes. False promises of security pose serious risks to consumers, but increased security measures and data minimization can help to prevent data breaches and identity theft. Ultimately, companies like 1Health.io need to do everything they can to handle our sensitive information with care.