The deservedly well-publicized arrest of the Golden State Killer last fall was a coup for law enforcement, and a marvelous use of modern technology. Sequencing the DNA profile of material left by the killer at a crime scene 40 years ago, then scouring publicly available databases for a genetic match, and ultimately making the arrest were strokes of genius by all parties involved.

The question is not “should police have done this?” Of course, yes! Instead, the larger question is two-fold: do people know that their DNA information is going to be shared with government entities, and separately, how are we going to regulate public and private actors seeking to make use of the DNA information currently held by private companies?

To the first question, it should be noted that most DNA databases are (seemingly) transparent with users about how their information could be used. It is both a good business practice and a sound legal strategy to put this information front and center, allowing users to opt IN to the things they want to participate in (including use by law enforcement, medical researchers, genealogists, and the like) as opposed to forcing them to opt OUT of the things that they don’t want be involved with. Yet even when this is executed perfectly and upheld honestly, it remains a thorny issue- a single user agreeing to participate in any use of their genetic data is making that choice not only for himself/herself, but also making that choice for their entire family, and often without their knowledge or consent.

As to the second question, it largely remains to be seen how this will be regulated. It would be nice to believe that use of the massive libraries of genetic information in existence will only ever be used for altruistic purposes, such as catching serial killers or curing diseases. But a failure to acknowledge the potential for misuse would be naïve in the worst of ways, and the fact that we have allowed the industry to get so far ahead of the law is cause for major concern. The only law of note currently in place. The Genetic Information Non-Discrimination Act, or (GINA) is far too narrow in scope to be a source of comfort; beyond that, the world relies merely on the hope that these companies will act responsibly. And as the FamilyTreeDNA scandal this week has revealed, that hope can be all too easily betrayed.

This post was authored by Kyle Prigmore, candidate juris doctor, Roger Williams University School of Law. Kyle is not yet admitted to practice law.