We do not, and never will sell an individual’s data or use it for our own commercial benefit. Nor will we disclose it to anyone, including insurance companies, unless compelled by law to do so. If a patient requests that we delete their data record we will. A nuance is if our company becomes owned by someone else in the future, in which case the control of the data might change. In that case, we would alert those who have given us data so that they can ask to have it deleted if they would like to.
We do conduct research to advance knowledge in the field of genetics and related areas, and will offer those whose genomes we’ve sequenced the chance to be part of that research. We do our best to anonymise data at every step of the process, and would only publish research results in aggregate. Participation is not compulsory, it’s a free choice to be made by the individual concerned.
Like all businesses of our kind, we do sometimes use external providers for services such as cloud computing. Some of these providers are based outside of the EU due to the large data storage and processing capacity required for the work we do. Every provider we work with has given us assurances that they will respect EU data protection guidelines, including deleting all patient data after the analysis has been completed. These assurances have been provided either as a matter of policy or secured as a matter of contract. In the event Brexit disrupts privacy regulations in the UK, we will none the less maintain EU standards.