The genetic testing firm 1Health.io is facing accusations from the Federal Trade Commission (FTC) of violating customers’ privacy by failing to secure their genetic and health data and misleading them regarding data erasure.
The FTC also claims that 1Health.io did not adequately inform customers about changes to its privacy policy. As part of a proposed settlement, the firm will be required to instruct third-party laboratories to dispose of DNA samples held for over 180 days and enhance overall protections for genetic data.
Additionally, 1Health.io will have to pay $75,000 in fines, which will be used for consumer refunds.
According to the FTC, 1Health.io, also known as Vitagene, Inc., collected extensive DNA and health information from customers, charging up to $259 for their product. The company’s website boasted about secure data handling and transparent practices.
However, the FTC alleges that between 2017 and 2020, 1Health.io claimed it rarely shared sensitive health data but failed to implement a policy ensuring the destruction of DNA samples analyzed by labs.
In 2020, the company modified its privacy policy and retroactively provided customer data to supermarket chains and nutrition manufacturers without notifying customers.
Samuel Levine, director of the FTC’s Bureau of Consumer Protection, emphasized that companies attempting to change privacy policies without considering previously collected data are now on notice.
This case marks the FTC’s first investigation targeting the privacy and security of genetic information, highlighting the growing importance of safeguarding such data in the industry.
