At this very moment, someone, somewhere, might be exposing your intimate genetic data. They probably don’t realize they’re doing it. They may not even know who you are.

But they have valuable segments of your genetic code — data that tell a story about your family, your medical history, and all sorts of potential vulnerabilities. If your DNA sample is submitted to a genetic testing company, they may be sharing that data with countless researchers, law enforcement, and even the general public.

Someday, that information could be used against you.

Can you stop them? Can you protect what’s rightfully yours?

Unlikely.

We believe it is time for policymakers to protect Americans against this risk. The law should make it more difficult for companies to share your genetic data, and it should ensure those data are encrypted and protected in transit. Companies should employ review boards to approve data collection, storage, and sharing protocols, just as federally funded researchers need the approval of panels known as Institutional Review Boards to conduct research in humans.

Never has this challenge been clearer than during the COVID-19 pandemic. Worldwide, researchers are racing to understand our susceptibility to the virus and find better treatments and tracing protocols. In this critical pursuit, genetic analysis is playing an important role.

Jan. 28 was Data Privacy Day, an annual event designated by the United States and 49 other countries to awaken us to serious and growing threats to our privacy.

Most of the coverage will focus on the privacy of our online activities — Amazon purchases, Google searches, and Facebook posts. But even more intimate secrets are being collected by “direct-to-consumer” genetic testing companies. As legislators line up to investigate Big Tech, few are asking about intrusions into this most personal data.

Protecting your data is not the top concern for most companies. If you have ever swabbed your cheek or spit in a tube to learn about your genealogy, did you bother to read the company’s privacy policy? Do you even know if they have one? According to a recent survey, 39% don’t. And even if they do, they’re usually not very informative. While there are exceptions, most don’t tell you what happens to your sample after they’ve analyzed it or what happens to the data they extract from it.

It doesn’t end there. What makes genetic data so exceptional is how they link people to relatives who never had a chance to consent — who never even knew they would be implicated. Scientists have shown they can trace 60% of Americans of European descent to their third cousin; soon, they say, they’ll be able to trace 90%. You can avoid genetic testing your whole life, and still they’ll find you.

In the wrong hands, this data could broadcast personal secrets, like physical vulnerabilities, to the world and be used to prevent you from accessing banks loans, education, housing, disability insurance, and long-term care. It’s currently illegal for health insurers and employers to discriminate against you based on your genes, but it’s hard to prove when it happens — and according to studies of chronic illnesses, it does happen.

Few Americans realize just how much money genetic testing companies can make from their data when combined with those of other customers in large databases. When these subjects find out, they may feel they weren’t adequately apprised of what they were consenting to and begin to distrust the larger health care system, which can undermine its ability to keep us all safe and well.

The benefits of genetic testing for medical innovation are clear. If people avoid it out of fear or suspicion, they may deny scientists the data they need to make lifesaving discoveries.

To address these concerns, Americans need protection against anyone who might use their genetic data for their own financial gain or access them for uses that might cause harm. Since data subjects can’t know where or how their data are being stored and used, someone who does should be looking out for their interests.

The current practice of asking consumers to click “consent” on a computer screen after a display of complex terms of service, which may not contain adequate privacy safeguards, or any at all, is clearly not sufficient. How can we consent to what we don’t understand?

On this Data Privacy Day, we urge the new Biden administration to make genetic data privacy a priority by strengthening oversight and regulation. The autonomy to determine the use of our DNA is not simply a privilege. It is the very essence of individual rights and responsible public health.

Robert I. Field is a professor of law and public health at Drexel University. Anthony W. Orlando is an assistant professor of finance, real estate, and law at California State University, Pomona. Arnold J. Rosoff is a professor emeritus of legal studies and health care management at the Wharton School of the University of Pennsylvania.