If you sell genetic testing kits to consumers, you’re probably familiar with the Genetic Information Nondiscrimination Act (GINA), which prohibits discrimination on the basis of genetic information under some circumstances. You’re also familiar with the Health Insurance Portability and Accountability Act (HIPAA), which protects health information collected by certain types of entities. Then there are laws enforced by the FDA and the Centers for Disease Control and Prevention that pertain to genetic testing kits.
These laws might – or might not – apply to your company. But when you’re thinking about your data practices, keep in mind another law that probably does apply to your business: the Federal Trade Commission Act.
The FTC Act prohibits unfair or deceptive trade practices. Implementing sound privacy and security practices can help you keep your company in line with the FTC Act. Here are a few tips on how to do that.
Consider describing uses of genetic information in one featured place.
Explain who can see what profile information – and let users know about important changes.
Help users to make choices with set-up wizards and appropriate default settings.
When faced with numerous notices about thorny topics like health, medical research, and privacy, some consumers may feel overwhelmed. You can help your customers with this notice-overload problem with some simple design choices. First, consider creating a set-up wizard that walks users step-by-step through a registration process that addresses the choices you offer about those topics. Second, think through the defaults of any settings you offer. Starting off with privacy-protective settings for sensitive information and uses – with the option for consumers to opt in for more expansive sharing – will reduce the likelihood that consumers will feel blind-sided by uses or disclosures of their sensitive information they didn’t expect.
Explain third-party disclosures clearly.
Context can make a big difference in how consumers perceive your claims. If Company E asks its customers for consent to “share” their genetic information with researchers for important medical studies, some consumers might reasonably expect that “sharing” to involve a not-for-profit arrangement with an entity like a research university. Customers expecting this kind of sharing may be deceived if Company E is, in fact, selling users’ genetic information to a pharmaceutical company. To avoid deceiving consumers, Company E should explain its practices clearly – for example, by choosing more precise wording or by prominently clarifying the nature of the “sharing.”
Consider one-stop-shopping for expunging genetic information.
Basic truth-in-advertising principles also apply to marketing genetic testing kits.
- Tell the truth about what your genetic testing kit can do. Under the law, the definition of “advertising” covers pretty much anything a company tells a prospective buyer or user – expressly or by implication – about what a product can do. Whether it’s what you say in a commercial, in a YouTube video, on a website, on the product packaging itself, or via social media, you have to tell the truth. False or misleading claims, as well as the omission of certain important information, can land you in legal hot water. If you make objective claims about your genetic testing kit, you need solid proof to back them up before you start advertising. The law calls that “competent and reliable evidence.” If you claim your genetic testing kit provides benefits related to health, safety, or performance, you may need competent and reliable scientific evidence. If you claim your genetic testing kit is “clinically proven” to work, you must have methodologically sound clinical studies conducted on your kit that demonstrate consumer-relevant results matching your claims. Visit the FTC’s Business Center for more on keeping your claims compliant.
- Disclose key information clearly and conspicuously. If you need to disclose information to make what you say accurate, your disclosures have to be “clear and conspicuous.” What does that mean? That they’re big enough and clear enough that users actually notice them and understand what they say. Generally, the law doesn’t dictate a specific font or type size, but the FTC has taken action against companies that have buried important terms and conditions in long licensing agreements, in dense blocks of legal mumbo jumbo, or behind vague hyperlinks. Clear and conspicuous disclosures make good business sense, too. Most people react negatively if they think a company is trying to pull a fast one by hiding important information. Users are more likely to continue to do business with a company that gives them the straight story up front. Consult .com Disclosures: How to Make Effective Disclosure in Digital Advertising for compliance advice.