Setting high standards for the privacy of our customers
Thanks to the tireless work of researchers and clinicians, the field of personal genomics is rapidly expanding. More than ever, people are interested in learning what their DNA can tell them. Consumers have a growing list of options to access this ultimately personal information, and companies serving consumers bear an especially great responsibility to protect the privacy of the consumers that they serve. Our DNA is at the core of who we are; it tells the story of our physical characteristics and our predispositions. It can also tell us about our family. This information is sensitive, and people’s concerns about privacy are real. That is why Helix has put extraordinary thought and care into how we handle this data—and how we safeguard it—from day one.
Put simply, the privacy of our customers is central to everything we do at Helix. That’s why I am excited to announce our participation in the development of the Privacy Best Practices for Consumer Genetic Testing Services, a collaborative effort between Helix, 23andMe, AncestryDNA, and a number of other personal genomics companies under the guidance and coordination of the Future of Privacy Forum (FPF). The need for setting standards in privacy practices is not unique to Helix, which is why it was natural to bring together others in the industry.
The FPF is a nonprofit organization that works with innovators, thought leaders, consumer groups, lawmakers, and members of the academic community to spearhead the development of appropriate privacy protections for new and emerging technologies. They share our belief that the responsible use of data can empower people, and they’ve been a great partner for us through this process.
Helix first identified the need for industry best practices for privacy well before the launch of our marketplace. From the very beginning, we wanted to establish an expectation of transparency with our customers—that they would always be very clear on how their data would (and would not) be used, and could control with whom their data is shared. As a marketplace, we also needed to set the same expectations for our partners.
While the topic of privacy and genetics has received a good deal of recent attention, Helix and the FPF have been working on these principles for well over a year. We worked together on the core issues to address, and identified eight aspects of privacy in the context of consumer-initiated genetic testing: Transparency; Consent; Use and Onward Transfer; Access, Integrity, Retention, and Deletion; Accountability; Security; Privacy by Design; and Consumer Education.
I’d like to encourage everyone to take a look at the Best Practices in their entirety, because they will form the backbone of the industry’s privacy-forward approach to personal genomics for many years to come. But let’s take a quick look at some of the highlights:
Transparency. Policies and procedures for the management of personal and de-identified data should be clear, complete, and easy to read.
Consent. We must gets consent for the initial collection of genetic data and how it will be used by the product(s) the customer has purchased. Any use of data in ways unrelated to the purchased product(s), including sharing with any third parties, also requires a separate, explicit consent. We must also offer informed consent for the purchase of any products, as well as opting into research that makes use of your genetic data.
Use and Onward Transfer. Genetic data shouldn’t be sent to third parties without user consent, as described above. Any vendors or service providers we work with to enable our products must be held to the same practices that we hold ourselves to. And should we receive a valid law enforcement request, we will notify you if possible.
Access, Integrity, Retention, and Deletion. You own and control your genetic information. We give you a way to access your genetic data, if you so choose. This data is held to a high standard of accuracy. We also give you a way to turn off access to your genetic data.
Accountability. We make real commitments to the enforcement of these practices. At Helix, everyone receives privacy training from day one of their hire, and ongoing privacy education throughout their Helix career. We practice what we preach.
Security. Security is an integral part of privacy. These best practices acknowledge that fact through requirements for secure physical storage of biological materials, data encryption, and contractual obligations with third parties.
Privacy by Design. Our commitment to privacy isn’t just words on a page—the Best Practices also demand that privacy be woven into our technology and the way that we store data. We store and use the least amount of data required for every part of our process. For example, when you purchase a partner product from our marketplace, we give them access only to the specific parts of your DNA information that they require to provide you with the insights that you’ve purchased and make improvements to the product over time.
Consumer Education. Genetic testing results aren’t helpful without appropriate context, and these guidelines acknowledge that fact. Helix’s commitment to consumer education runs deep, spanning videos, articles, emails, and working with our partners to make sure that the products offered through our marketplace communicate with our customers in clear and accurate language.
These best practices form a strong foundation for the future of consumer-driven genetic testing. Our hope is that they will provide a basis to help consumers make educated decisions and know that their data is used appropriately, no matter if they choose Helix or another signatory to the FPF guidelines.
I’m very proud to say that Helix’s existing policies did not need any significant changes in order to support these guidelines; rather, we modified some language to align with the principles and clarified some of our practices. Ultimately, it shows how we’ve worked to build privacy and consumer empowerment into our platform from the very start. These aren’t just rules we need to follow—they’re fundamentally what we believe in, and what we’ve built our business upon.