When a DNA Testing Firm Goes Bankrupt, Who Gets the Data?

wiedzmin writes "DeCODE Genetics, a genetics research firm from Iceland, has filed for bankruptcy in the US, and Saga Investments, a US venture capital firm, has already put in a bid to buy deCODE’s operations, raising privacy concerns about the fate of customer DNA samples and records. The company hasn’t disclosed how many clients signed up for its service, but provides a number of customer testimonials on its site, including Dorrit Mousaieff, Iceland’s first lady."

Destroy and burn them.

[Anonymous Coward]

Clearly, the answer is that any samples and documentation should be destroyed. A typical way of doing this is to shred any paper documentation, and incinerate it along with any tissue or DNA samples.

$5 says they...

[DomNF15]

sell the customer data to some health insurance company.

Time for an Amendment?

[BobMcD]

“This clearly introduces a layer of uncertainty beyond what people expected when they signed up,” she told the Times. “People do need to double check what they are signing up to. These companies often use broad consent, and I worry whether people know what their data might be used for in the long term.”

Personally I feel like your genetic information is always YOUR data. Call it a biological copyright if you wish. There's only one you, and you inherited the code used to make you.

This is as close to a modern inalienable right as I've yet seen.

Love it...

[jhoegl]

Businesses are so concerned with making money they dont think ahead. In a previous job we got rid of a proprietary system because we moved to a new one. No one thought about all the old records during this transaction. Well, we had access the the DB, but it was coded in such a way that the fields were a jumble of crap and would have taken forever to pull apart to get the records. I asked the proprietary company if they had a way to dump the records to PDF for easy reading and storage. Nope... This company was in business for 7+ years and they had no way to mass export records? They developed a half assed way to get it done, and I had to come up with a solution for the slack they left. So, not only did my company not think of this before hand, neither did the proprietary company. It is no surprise this company did the same Why does no one even consider this as a possibility? Companies dont last forever, so why has no one even considered this? The people that have their DNA at the company are now subject to the whim of whatever happens because it is guaranteed their contracts do not state "if we go under, your data will be destroyed". Good game people, good game.

$5 says they...

[iammani]

Sell it to researchers, since insurance company wouldnt benefit much from such a small set of DNA samples. Or else just discard everything except DNA of famous people (in case they have any) and auction it!

privacy

[wizardforce]

Customer data should be considered the property of the customer; the decision as to what happens to that data should be accountable to the owner of that data which would be the person who provided that data in the first place. The data should not be transferred to a third party without permission from the owner of that information.

Why retain the data?

[failedlogic]

I'm wondering what their data retention policy is. I'm not sure about most companies or industries but AFAIK most businesses, financial companies and law firms are obligated to keep records for 7 to 10 years. Some might keep longer. Now I can understand if these guys want to keep the info for 2 year, in case there's an unsatisfied customer who wants their money back (for example, had test done elsewhere and theirs is different). If the retention policy of this industry permits indefinite, then there should be laws to protect customers including not only retention but sharing of information and proper deletion of records.

Re:$5 says they...

[Anonymous Coward]

No, it wouldn't be that obvious.

They will sell it to another DNA testing company, who happens to be owned by a V.C. fund, who are chaired by former Health Industry Executives, who are backed by a Health Insurance Company. Layers man, layers. Less scrutiny that way.

Re:Noticeable lack of legalese in the paperwork

[afed125]

They probably didn't want to touch it in the paperwork, because if they came up with some sellable innovation based on your genes, they'd probably have to show they compensated you somehow for your genes to have a valid contract (mutual benefit being a part of contract law usually), and so if you saw that kind of language in the paperwork, you'd wonder why THEY weren't paying YOU to send them your DNA.

Re:$5 says they...

[NewWorldDan]

Nope, can't do it. The data is an asset and it's still subject to whatever terms it was collected under. Just like the bank that wrote my mortgage may have gone bankrupt, but my payment and interest rate remain the same.

The data is also a medical record, and that comes with a whole slew of restrictions as well. In summary, the privacy implications are exactly the same as they were a year ago.

Re:Time for an Amendment?

[unitron]

... and what would the restrictions be for "derivative works"?

You have to support them until they turn 18.

Decode went banktrupt

[Exception Duck]

But the company called Íslensk Erfðargreining is still running as before - and nothing has changed with their contracts between them and their donators or the government.

I have no reason why we should distrust the new owners of the company any less then the previous ones.

Raising BS Concerns

[DynaSoar]

" raising privacy concerns " is a ubiquitous trigger cliche tossed out by people who want to inflame and enrage. It is as hollow as 'raising awareness' because neither are things that are raised, they are things you become, or become more so.

In this case, the persons or agents raising 'concern' are Wired and Times, who just might want readers so they can get ad money, and a lawyer that specializes in genomics, who just might want to attract clients for a law suit from which he'll collect big time (despite the fact that the as yet imaginary court battle would be over IP and privacy, neither of which are related to genomics). Oh, and a spokescritter from a group dedicated to watching tech and waving their arms, calling out 'Danger, Will Robinson' any time they can pretend something technological might be involved in anything that they can yell about and hope those who notice will join up and pay dues -- oh yes, so they can collect some cash too.

TFA states specifically who has the data and what they can and cannot do with it. In purchasing the assets of DeCODE, Saga is bound by law to protect the data. Despite this clear statement, the writers see fit to have "privacy advocates", that is, people who appoint themselves to speak on others' behalf without asking them, be 'concerned' that Saga will do this anyway.

In other words, the only people for whom this is an issue have a vested (ie. financial) interest in there being an issue, many of which have no relationship or arrangement with the persons whose data in involved in this imaginary 'concern' beyond their imaginary right to speak for those individuals.

I call BS on the bunch of them. There's not a single DeCODE client among them*. The only person interviewed who is actually involved is the CEO of DeCODE, who knows what needs to be done and is doing it. Not even Iceland's first lady is concerned, and wouldn't even be involved in this imaginary issue if it weren't for the fact that the Wired writer knew her premise was weak without an actual imaginary victim, so she dug until she found someone who was a client and tossed her name out in close proximity to concocted claims about privacy and such in order to lend the color of legitimacy to an otherwise transparent FUD spew.

Nothing happens

[dabbigj]

Íslensk Erfðagreining wich is the company that handles everything concerning the data and the research can not by law hand over the data to a second company. Decode is the parent company of Íslensk Erfðagreining. A little bit of research would have gotten you the knowledge that they can only use the private and medical information that they have gotten in research purposes and can never hand it over. This article just smells like fud to me.

Re:This is why I protected myself

[Anonymous Coward]

> I dare them to clone me.

Y'know, some people would then clone you just because they wanted the dinosaur, not you.

Well, people other than Randal, maybe...

Re:Destroy and burn them.

[jandersen]

Clearly, the answer is that any samples and documentation should be destroyed

Clearly, you have overlooked the fact that we are talking about private companies here. What happens when a company goes bust? Another company buys it and its stock - in this case the DNA profiles etc. What did you expect? When you deal with private companies that is the way it is; which is why it would probably be better if it was handled by a public authority - they are after all somewhat accuntable to the public, and they don't go bankrupt so often.

Re:This is why I protected myself

[Anonymous Coward]

Have you heard about the new DARPA project to clone you?