Millions of people have submitted DNA samples to 23andMe, Ancestry DNA and other commercial genetic testing companies, seeking information about their family history and health risks. In some situations DNA data has played a role in estate planning, shedding light on family relationships and providing evidence in inheritance disputes.
Legitimate uses aside, releasing your DNA data has been shown to pose some risks: In 2023, hackers made off with data from millions of 23andMe users. Stolen information included genetic data, names, dates of birth, and photos. The company’s test kits have remained on the market, but sales have fallen, and the company declared bankruptcy in March 2025. Earlier this year, the U.S. Bankruptcy Court approved the sale of 23andMe to TTAM Research Institute, a nonprofit medical research company, founded by none other than the founder of 23andMe, AnneWojicki. Although TTAM has announced it is taking steps to stringently safeguard customer privacy, skepticism persists about the security of customer information.
Do Federal or Florida Law Protect Your Genetic Data?
The answer to this question is yes… and no.
- HIPAA does not apply: Many people believe that HIPAA, the federal Health Insurance Portability and Accountability Act, protects the privacy of DNA samples submitted to commercial genetic testing companies. HIPAA legislation has robust regulations to protect patients’ privacy. However, because commerical genetic testing companies are not considered health care providers, HIPAA does not apply to them.
- GINA may apply, depending on your state: Another federal law, the Genetic Information Nondiscrimination Act (GINA), prevents health insurers from using genetic information to discriminate – but life insurance, disability insurance, and long-term care insurance providers are exempt. However, if you live in Florida, you do get some protection: the state filled in GINA’s gap in consumer protection by passing HB 1189 in 2020. That legislation prohibits long-term care insurance, disability insurance and life insurance carriers from asking about an applicant’s genetic data and from making underwriting decisions based on that data. Florida again beefed up privacy protections in 2021 with HB 833, which mandates that anyone who provides a DNA sample must give express consent for their information to be used for any purpose whatsoever.
What Should You Do Now?
Some argue that privacy concerns about 23andMe and genetic testing companies in general are greatly overblown. Nonetheless, 23andMe’s data breach and its subsequent bankruptcy have sown doubt. At this point, many consumer advocates and privacy advocates recommend closing your account and deleting your data. For example, Geoffrey Fowler, the Washington Post technology columnist, notes that TTAM, the new owner of 23andMe, is not prohibited from transferring or selling your information to another party in the future. He also criticizes TTAM for not seeking customers’ permission to take ownership of their DNA data; 23andMe information is being automatically transferred to TTAM. Another critic, Justin Brookman, the director of technology policy for Consumer Reports, says: “For me, this is an institution I don’t know, so I would delete the data. I would go further and say the law shouldn’t allow them to get it in the first place.”
How to Delete Your 23andMeData
Every testing company has its own protocols for deleting an account; check with the one you used. If you want to delete your data from 23andMe due to privacy or any other concerns, here is how to do it.
- Log into your 23and Me account.
- Download and save your data to your own device.
- Delete your account.
- Request that your DNA saliva sample be destroyed. (If you had previously given the okay to have your sample used for research, you may withdraw your consent. However, if your sample was already used in any studies, there is no way to change that.)
Kiplingers has detailed, step-by-step instructions to follow to delete your data. Click here.
