DNA Q&A: DNA Tests and Privacy

By Diahan Southard

Sign up for the Family Tree Newsletter! Plus, you’ll receive our 10 Essential Genealogy Research Forms PDF as a special thank you.

Get Your Free Genealogy Forms

"*" indicates required fields

This field is hidden when viewing the form
This field is hidden when viewing the form
This field is for validation purposes and should be left unchanged.

Jump to:

Q: Are there health or life insurance implications to taking a DNA test?
Q: How can I keep my DNA information private?
Q: Can I ever remove my DNA from a database?

Q: Are there health or life insurance implications to taking a DNA test?

A: This is really two questions in one: First, do our companies test DNA that might be of interest to our insurance companies? And second, would your insurance company have access to it?

In an effort to be upfront and straight-forward—but without wanting to cause any undo alarm—the short answer to the first question is “maybe.” (I know—clear and concise, right?)

The uncertainty is based on lots of factors, the first of which is DNA test type. Certain kinds of Y-DNA and mtDNA tests don’t hold any medical information, but others do. So if you take a full-sequence mtDNA test or the “Big Y” Y-DNA test, then yes, there is some medical information that is tested by the companies.

And there are certainly medically relevant parts of your DNA being examined by the autosomal DNA tests conducted by the big companies (23andMe, AncestryDNA, Family Tree DNA, MyHeritage DNA and Living DNA).

As for the second part of the question: Your insurance company would need to find a way to access your data. The privacy policies of the five largest companies all state that they will not share your data with anyone (including insurance providers) without your consent. But ultimately, you want to be oh-so-careful to read all of the privacy statements and terms of conditions to be sure you understand what you’re agreeing to when you hand over your DNA.

The other factor in answering this question is your location—and any laws that might regulate DNA and insurance.

In the United States, we have GINA, the Genetic Information Nondiscrimination Act. I like to think of her as “Aunt Gina,” the spinster aunt who has nothing better to do than protect your genetic information from leaking into the hands of employers and, yes, insurance agents. According to the GINA website, “Health insurers may not use genetic information to determine if someone is eligible for insurance or to make coverage, underwriting or premium-setting decisions.”

However, this benevolent aunt can only do so much. Per that same website, her “health insurance protections do not cover long-term care insurance, life insurance or disability insurance, though some states have state laws that offer additional protections against genetic discrimination in these lines of insurance.” And, of course, the law only applies to the United States—I can’t speak for other countries.

If you’re concerned about this issue, the biggest question you need to ask yourself is whether the information turned up by a DNA test (for example, about medical history or genetic disposition to diseases) can be found using other means. And, as is the case with everything from our bank accounts to our cell phones, we give up a bit of privacy to get something we want.

Last updated: July 2021.

Return to top

Q: How can I keep my DNA information private?

A: This is a big question and it needs to be asked more. The best answer is simple, if unsatisfactory: if you want to keep your DNA information private, don’t take a DNA test.

Oh, and don’t ever leave your house—ever. See, you are actually leaving bits of you everywhere you go. Modern life often demands that we trade privacy for convenience. We shed hair and skin cells nearly constantly. If you are living in the United States, any item that is considered “abandoned,” like your Starbucks cup, contains tons of your DNA, and in most states is fair game to be picked up and tested.

But I don’t think that is what you were asking. In this digital world, if you own a cell phone, a credit card or have an email account, you have given up some of your privacy in exchange for convenience or information. Taking a DNA test is very similar.

So if you want to trade a little privacy for information your DNA can reveal, what is the best way to do it? Here are five tips.

1. Test with a reputable company

Stick with our Big Five: 23andMe, AncestryDNA, Family Tree DNA, MyHeritage DNA and Living DNA. Each has a different set of standards for testing, processing and sharing your DNA information. Think about each company’s mission, terms of use, and willingness to cooperate with organizations such as law-enforcement agencies. (See No. 3.)

There are many many other satellite companies offering to take your DNA, or even just your DNA data, and run some kind of analysis on it. Be careful. Investigate the company before you give them your data.

2. Actually read the terms and conditions

For each company there are two consent check boxes. One gives them authorization to test your DNA and must be agreed to. The other gives the company permission to use your DNA in their research.

If you want to maintain the most privacy, don’t consent to research. You do not have to agree to this to get the full product experience you paid for.

Also keep in mind that a company can change their terms and conditions at any time, so keep your email address up to date in your account so you don’t miss important announcements (and then actually read them).

3. Understand the company’s role in law enforcement

As of this writing, Family Tree DNA automatically opts everyone in their database into law enforcement searches.

4. Opt-out of DNA matching

If you are taking a test only to learn about your health or ethnicity, you can opt out of the DNA matching database. This means that you will not show up on anyone’s DNA match page; this essentially means that no one in the database will know you took a DNA test.

5. Don’t download your raw data

Your raw data Is the file generated by your testing company that lists all of your DNA values. Our testing companies are protecting your data in their database with some high-powered encryption methods. If you don’t have those same protections on your computer your data just won’t be as safe there.

6. Manage passwords and login info

This is the area you have the most control over. A 2023 data breach at 23andMe was due mostly to the fact that 23andMe customers used the same login credentials across multiple websites. After hackers got into those users’ accounts on other websites, they used that stolen login info at 23andMe.

Using a unique login for each website is the best way to control your privacy.

7. Privacy-protect screenshots

We can act as a community, too, to protect each other’s privacy. If you share screenshots of your DNA results that mention other users or their data (e.g., when posting a question online), redact all personal information. That best practice of keeping other people’s data secure will, in turn, bolster the privacy of your own data.

In the end, our lives are just increasingly public with all of our comings and goings easily traceable. But it is still wise to take appropriate measures to ensure you understand what you are getting into in any new situation.

Versions of this article appeared in the July/August 2020 and November/December 2024 issues of Family Tree Magazine. Last updated: June 2025.

Return to top

Q: Can I ever really remove my DNA from a database? (And should I even want to?)

A: The answer to the first question is a strong, definitive “Sort of.”

First, note that all DNA testing companies keep the physical DNA they extracted from your saliva sample or cheek swab. There it will stay in storage unless you specifically ask them to destroy it or the company’s policy dictates its removal. Think of it like a little genetic time capsule: chilling in the freezer, waiting for an encore.

Deleting versus destroying DNA

Deleting your DNA data and destroying your sample are two different actions.

Deleting removes your info from the company’s digital systems. Note that, if you have consented to participate in research, your data will be excluded from future projects. But it will remain in current projects.

Deleting your information from the database is a relatively straightforward process—you can usually do it from your account settings. Destroying your sample (the dried-down DNA in cold storage), however, often requires a separate request, usually through customer service.

Each company has its own policies about how long they hang on to your sample—and what you have to do to make it go away:

  • 23andMe stores your sample for up to 10 years, and users can opt to have their sample kept longer. You can delete your data through your account—just make sure you also ask that the company destroy your sample.
  • AncestryDNA keeps samples indefinitely unless you ask otherwise. You can delete your data via your account, but destroying your sample requires a separate request.
  • Family Tree DNA holds samples for up to 25 years to support future testing like Y-DNA or mtDNA. Deleting your data won’t automatically destroy the sample—you must specify you want the sample destroyed as well.
  • Living DNA retains DNA samples for six months unless asked by users to destroy them sooner. Users can delete either just data or the whole account through their profile in the Living DNA Portal.
  • MyHeritage reserves the right to store your sample for up to 10 years; contact customer service to have yours destroyed sooner than that. Note that samples processed before the end of 2024 were destroyed unless users ordered MyHeritage’s BioBank service.

Keep in mind that these policies could change at any time.

Bottom line? If you want to make a clean break, deleting your online data is usually not enough. You’ll need to contact the company to make sure your physical sample is destroyed too

Why you might not want to delete your DNA

Note that, once a company destroys your physical DNA sample and your digital DNA results, you can’t go back. There is no retrieving them. So you will want to carefully weigh your options when considering removing your results.

Your DNA sample isn’t just a one-time thing. It’s more like a deposit in a DNA bank. Say you tested at Family Tree DNA and later want to upgrade to a Y-DNA or mtDNA test. They can reuse your original sample if it’s still stored. But if it’s been destroyed? No do-overs.

And we’re just getting started with what genetic genealogy can do. New, more-powerful tests are likely coming. Keeping your sample means keeping the door open for future discoveries.

Alternatives to deleting your DNA

Instead of actually deleting your data, you can simply remove your DNA digital file from the company’s matching service. This means that you’ll no longer see DNA matches, and no one else in the database can see you. (You could still access your ethnicity results.) You can access this option from your account settings page within each testing company.

At Family Tree DNA, you have an additional option to remove your digital DNA file from the view of law enforcement agencies that use the database to identify potential leads. In March 2019, FamilyTreeDNA officially opted in all US test takers into this effort to help law enforcement. (Those in Europe were automatically opted out to conform with GDPR privacy standards.) If you want your DNA data excluded from that effort, go into your Family Tree DNA account and opt out.

Limitations to deleting your DNA

While you can remove your digital DNA file from all future matching, a record of your presence in the database might still exist. Your DNA matches may have taken a screenshot of their match with you, or written down your name and information before you removed your record. So in that sense, you can never be truly “deleted.”

In addition, DNA companies also allow you to participate in genetic research using your data. If you did so but then decide to opt out of that research, your data (anonymized and used in aggregate with other users’ data) will remain part of in-process projects. Your information wouldn’t be included in any new projects, but it will still be used for current projects.

So, in short, you have options in determining how testing companies use (or don’t use) your DNA results. You can access most privacy features under your account settings, but you’ll need to call customer service to access some of them.

Versions of this article appeared in the October/November 2019 and September/October 2025 issues of Family Tree Magazine.

Return to top

Related Reads

Genealogist’s Guide to Protecting Online Privacy
You might be wearing a welcome sign to online hackers and trackers without even realizing it. Protect your online privacy with these 10 tips.
Family Tree Magazine
DNA Q&A: Do DNA Tests Put Your Personal Information at Risk?
Have the millions of DNA test-takers given up personal information? Our legal expert answers 19 crucial questions about DNA testing and your privacy.
Family Tree Magazine
DNA

Author

relatedarticles

23andMe Files for Bankruptcy: What Genealogists Need to Know

Stacks of paper money and coins reduce in size beside a red descending arrow. The 23andMe logo is in the background.

DNA, News

The fate of one of the largest DNA companies is uncertain. Learn what to expect next—and what to do with…

Case Study: 6 Steps for Handling Surprises in Your DNA Results

Case Studies, DNA, Finding Birth Families

How do you handle shocking news about your DNA? One woman shares how she worked through the complex emotions of…

How to Take Advantage of the Tools at GEDmatch: A Basic Primer

DNA, Websites

GEDmatch allows you to compare your DNA test results with other results from many of the top testing companies. Here…

DNA Q&A: What is Endogamy? (Plus How to Overcome Common Problems)

DNA

What exactly is endogamy and how does it affect family history research? Our DNA expert explains.