What scant regulation we have as a country that protects our personal privacy is mostly built around the concept of “Personally Identifiable Information” which, according to Wikipedia is, “…information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.” If you think of PII at all (most of don’t as a rule, which is part of the problem) you may enumerate bits like date of birth, social security number, mother’s maiden name, street address, phone number, etc. While those definitely qualify as PII, there is a ton of other information that falls into this category that the average person wouldn’t necessarily consider sensitive, such as a Twitter or Instagram account name, that without context, seems harmless. Thanks to the internet and data aggregation, everything can be connected, and now that pretty much all of our information is stored digitally, more readily stolen. A recent breach of DNA-testing firm MyHeritage put us one step closer to a dystopian future where the security and privacy of our own genetics will be at risk.
What this means for you
Fortunately for its 92 million customers, their DNA information wasn’t stolen, just encrypted emails and passwords. One could ask what sort of world we are living in that this constitutes (relatively) good news, but in the face of the massive Equifax debacle with zero consequences for any of the culpable, it seems that having your account and password stolen from yet another online service provider is now counting as the new normal. As horrifying as that is to consider, consider the nightmare scenario where not only are your DNA test results available somewhere on the internet, an insurance or mortgage company has bought this info and is using it in their underwriting process to evaluate your qualifications. It doesn’t matter that the information was originally acquired illegally or without your consent, there are no laws or regulations currently on the books that govern the use of genetic data, and judging from recent legislation coming out of Congress there is currently little interest in protecting the average citizen from anything, let alone an issue over which most Congress critters have an incomplete grasp. What’s to be done? Definitely don’t stop being outraged at yet another massive data breach that will largely go unnoticed by everyone. Make sure you understand where your government representatives stands on data privacy, and if it doesn’t match your standards, demonstrate your disapproval with you voting hand.