Privacy, Data Security

Genetic testing firm faces FTC charges on data privacy violations

CyberScoop reports that California-based genetic testing company 1health.io, which was previously Vitagene, has been charged by the Federal Trade Commission for inadequately protecting collected genetic and health data. The FTC has alleged the company's negligence in securing its data after the exposure of almost 2,400 records from at least 227 customers in public AWS data buckets, which was only resolved by the company after the discovery of the insecure buckets was shared by a researcher with the media. Moreover, 1health.io was accused of misleading its customers after implementing retroactive changes to its privacy policy, which the company then leveraged to facilitate data sharing with third parties. Aside from paying $75,000 in fines, 1health.io has been ordered to halt third-party data sharing without affirmative customer consent, adopt a more robust security program, immediately inform the FTC regarding unauthorized consumer health data disclosures, and destroy all DNA samples stored for over six months.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds