DNA sequencing (determining the precise order of nucleotides in a DNA molecule) for humans was first performed in 1977. The process was so time consuming and costly that DNA sequencing was performed only for important medical research. The first complete organism sequenced was an influenza bacterium in 1995. The Human Genome Project was not completed until 2003.

By 2010, faster computer speeds and advances in genetic handling techniques reduced the cost of sequencing to levels that are affordable for applications of interest to individuals.

The allure of personal DNA information is that in combination with DNA from others, it can reveal important aspects of health and the identity of parents, siblings, and offspring. That would assist people who were looking for lost relatives or who were trying to clarify who is a direct descendant in a family and who is not.

DNA can explain the presence of some medical conditions or predict the emergence of genetic problems that may occur later in life. That information can be bittersweet — it can foreshadow the emergence of a dread condition that the person would prefer not to know about until it arrives.

DNA information can also be misinterpreted as an absolute indication of trouble to come, when it might just signify an increased likelihood of the emergence of a genetic condition.

Alternately, it can provide advance notice that can be used to the person’s advantage. It can encourage a person to avoid having children because of a high risk of their suffering from a severe genetic disorder such as mutations in multiple genes.

Those whose DNA has been sequenced are rightfully concerned that the genetic information may be used in medical underwriting to establish a higher than average price for medical insurance. Legislation prohibits “covered entities” from discriminatory use of genetic information for employment or insurance purposes. That statute was passed in the Genetic Information Nondiscrimination Act of 2008.

Medical service providers such as physicians, nurses, and the administrators (i.e. “covered entities”) who hold and process patient data are required to follow strict privacy rules in how they use patient information in their conversations, paper and electronic files. They are subject to the Health Insurance Portability and Accountability Act (HIPAA) and the Genetic Information Nondiscrimination Act (GINA) data handling principles.

Medical professionals have a duty under both GINA and HIPAA to preserve patient privacy, including that related to a patient’s DNA information. However, commercial non-covered entities have no such obligations. That leaves 26 million consumers who have shared their genetic information with Ancestry, 23 and Me, or other genetic background services without the strong HIPAA or GINA protections. Each of those commercial services offers some reassurances they will share your DNA information only with research partners, and only if you have agreed to that in advance.

The undertaking by genetic background services sounds reasonable and should be sufficient, except for actions by thieves or courts. Consumers who subscribe to the genetic background services are free to share their DNA information with relatives, and they often do.

Hypothetically, there is nothing to prevent grandchildren searching the DNA connections of their grandparents, and eventually the grandchildren’s children searching the DNA connections of their grandparents. It’s all good clean fun until someone is acutely embarrassed or forced to reconsider decades of family lore built on white lies.

It also seems that despite claims to the contrary, police have been able to search some commercial DNA databases along the way to capturing some villainous criminals. We applaud the capture of criminals, but we should be concerned that without relying on explicit permission, law enforcement can dip into our DNA information. As it moves toward codifying privacy protections that consumers want, Congress should be sure to include DNA, even DNA held by Genetic Background Services.