Stakeholder Analysis
and Proposal
written by Anna Stauffer and Sydnee Monroe


We will be examining the use of direct-to-consumer DNA testing by commercial companies and the ethics surrounding the genetic privacy of individuals.

The capture of James DeAngelo, the Golden State killer, caused an outcry among researchers, ethicists, and private citizens using or studying direct-to-consumer DNA testing. Law enforcement identified and arrested him with the assistance of DNA databases on GEDmatch. GEDmatch built its databases with information gathered from 23andMe and, which are privately held companies that collect their users' DNA. When the news that their DNA could be used to find criminals, some of the users felt this was a violation of their privacy.

Stakeholder Analysis

There are many stakeholder entities when it comes to direct-to-consumer DNA testing. This includes the person who receives the DNA test, the familial relatives who share the DNA, scientists and researchers who wish to use the DNA, as well as the commercial companies and third-party entities who wish to profit from the DNA testing.


Our team will be representing the position of the private individual who chooses to submit their DNA to be tested. This stakeholder carries the most risk of privacy infringement by the companies performing the test, as well as by third party entities that may obtain the DNA information. We expect that their needs will be met by the enforcement of security precautions and privacy policies by the testing companies, as well as by legislation limiting the use of DNA information by third parties and specifying how the information may be obtained.

Research Questions and Strategy

• What privacy policies are in place to protect individuals who receive DNA testing?
• Who has access to personal DNA information?
• What laws are in place to protect individuals privacy?
• What privacy risks are not covered by company privacy policies and legislation?

Our team will review the laws and documentation regarding DNA testing and the use of DNA information to evaluate the privacy risks to individuals who have had DNA testing performed.