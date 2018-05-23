Sign up for one of our email newsletters.

Facebook recently informed 87 million users that Cambridge Analytica, a political consulting firm, harvested their confidential information using it to create targeted ads that may have influenced the outcome of the 2016 presidential election.

Many users were shocked to learn that Cambridge had access to their data.

Now, Congress is demanding reforms from Facebook and other social-media sites. Our lawmakers want social networks to simplify privacy terms and conditions.

But Facebook isn't the only firm that puts users' privacy at risk. Some genetic testing companies such as Invitae, 23andMe and AncestryDNA do, too — and the consequences of irresponsibly sharing DNA data are far more serious than a social-media data breach.

Lawmakers and regulators ought to demand these genetic testing companies clearly inform consumers whether, and how, their data will be shared.

Every year, millions of people undergo genetic testing to help predict health problems or just discover their heritage.

Doctors send patients' blood or saliva samples to lab-testing companies such as Invitae. Millions of people have bought DNA testing kits from companies like 23andMe and AncestryDNA and submitted their samples through the mail.

After sequencing the DNA samples, genetic testing firms often sell or share the genetic information to third parties. For instance, 23andMe agreed to share its data with biopharmaceutical firm Genentech in exchange for as much as $60 million.

Testing firms seek users' permission to share the data. But they gloss over the risks. As a result, consumers sign away their rights with little comprehension of the privacy violations and discrimination that could ensue.

Take Invitae. Its privacy policy states that it may use patients' “de-identified” data for “general research purposes” which may include “research collaborations with third parties” or “commercial collaborations with private companies.”

The problem is that the data isn't permanently “de-identified.” It can easily be tied back to specific people.

Just ask Harvard Medical School Professor Latanya Sweeney. She recently identified the names of more than 40 percent of participants in a supposedly anonymous DNA study. Sweeney cross-referenced participants' provided ZIP codes, birthdays and genders with public records such as voter rolls. She then was able to match people up to their DNA.

Your DNA contains a wealth of sensitive medical information. Imagine what employers might do if they got access to people's DNA. They easily could exploit this information to discriminate against prospective hires.

Genetic privacy is a human right. To protect consumers from such abuses, the government should increase regulation of genetic testing companies to protect people.

Some DNA testing companies aren't waiting for regulators to act. They're already voluntarily promising to not share any genetic samples, leaving the important privacy decisions in patients' hands where they belong.

Social-media platforms such as Facebook are failing to secure users' personal information. Most genetic testing companies are failing, too.

It's time for lawmakers and regulators to impose tougher consumer protections so we don't have a Facebook-like crisis involving people's most sensitive genetic information.

Peter Pitts, a former FDA associate commissioner, is president of the Center for Medicine in the Public Interest.