[Infowarrior] - Redefining privacy in the era of personal genomics

[Richard Forno]

Redefining privacy in the era of personal genomics
By Yun Xie | Last updated February 23, 2010 6:41 AM
http://arstechnica.com/science/news/2010/02/dna-data-sharing-a-privacy-conundrum.ars
DNA, the storage bank of genetic information for all living organisms,  
is challenging scientists and policy makers to reconsider the issue of  
privacy. With the completion of the human genome and advancements in  
DNA sequencing technologies, a person’s DNA can potentially be tested  
for risks related to a number of genetic diseases. This progress is  
promising for personalized medicine, but ethical and policy issues are  
coming to the forefront as well. After all, can DNA data ever be truly  
private and anonymous when DNA itself can also act as a unique  
identifier?

At the 2010 AAAS conference in San Diego, a panel of experts  
criticized current policies and offered solutions to the ethical  
issues associated with DNA identifiability. Joel Wu, a research fellow  
at the Mayo Clinic, moderated a discussion among four panelists: Brad  
Malin (professor of biomedical informatics at Vanderbilt University),  
Sharon Terry (president and CEO of Genetic Alliance), Barbara Koenig  
(professor biomedical ethics at the Mayo Clinic), and Ellen Clayton  
(professor of genetics and health policy at Vanderbilt University).

Wu opened up the symposium by stressing the point that “genomic  
research needs data access to large data banks of DNA from volunteers,  
but data sharing becomes a question of public trust.” In order for  
scientists to continue gathering and sharing DNA data, the public must  
trust the process enough to volunteer for studies. If privacy  
protection becomes compromised, research won't continue to move  
forward. Thus, Wu states that “the goal is to create a balance between  
genomic research and privacy protection. The goal is to find balance  
between data access and public trust.”

Criticisms of the Current System

The panelists propose that the current policies fail to adequately  
protect volunteers for genomic research, making the balance impossible  
to achieve. A key problem, according to Wu, is that “DNA and DNA data  
cannot be truly de-identified, so common interpretations of privacy do  
not apply.” Currently, there is no definitive, legal definition of DNA  
as data that contains identification information. Koenig pointed out  
that “administrative units within the US Department of Health and  
Human Services articulate inconsistent positions of DNA and DNA data.”  
The panel argued that the first step of protecting DNA data is to  
define it as ID information.

Furthermore, current research protocols for volunteers are rather  
misleading when it comes to genomic research. For example,  
participants normally sign informed consent forms, but Wu posited that  
“meaningful informed consent is elusive, as there is unspecific future  
use for DNA data,” so current informed consent forms provide  
“untenable promises of privacy and confidentiality.”

Both Wu and Koenig acknowledged the lack of regulatory frameworks for  
reviewing the ethics, expertise, authority, and jurisdiction of  
facilities that collect and share DNA data. Koenig summarized it by  
saying, “Science is dynamic, and we almost can’t keep track of the  
speed of progress, but we have a stale ethical system that’s decades  
old.”

A Realistic Look at Identifiability

Before we can reasonably tackle the deficiencies of existing policies,  
we need to know some technical facts about DNA identification. Malin  
stated that the adage “we fear what we don’t understand” applies to  
genomic research. He said that “uniqueness is not sufficient for  
identification,” meaning “just having DNA is not going to tell you who  
it is. There needs to be a linking mechanism between de-identified DNA  
and identified data.”

The linking mechanism can be a forensics team, life science  
researchers, paternity companies, or anyone who swipes a tissue sample  
from you. Nevertheless, for you to be linked to your genomic data in  
some database, a person already has to know who you are.

What can your DNA data reveal? Malin listed demographics, familial  
history, clinical features, and life patterns among information that  
is commonly linked with DNA in databases. That may seem revealing, but  
Malin pointed out that most of that information can be gathered far  
more simply and by cheaper means than DNA analysis.

He demonstrated that, as he put it, “demographic data is pretty much  
available through public means.” It is fairly easy to figure out an  
average person's sex, race, age, employment status, location, and  
income from the Internet, phone books, or public records. As for  
familial history, he showed examples from unrestricted sources like  
obituaries that gave detailed information about a person’s family.  
People can also be identified based on shared clinical diagnosis  
codes, and people’s habits like hospital visitation patterns are also  
vulnerable to data miners. None of this requires the help of DNA  
databases.

Overall, privacy concerns are not unique to genomic research, as there  
are so many ways to breach an individual’s privacy. But one factor  
that makes DNA data special is its potential as an indicator for  
disease risks and possibly other characteristics, such as  
intelligence. To prevent companies and governments from exploiting DNA  
data, the panelists agreed that there needs to be a new governance  
system.

Proposals for Improvement

In creating a new governance system, Clayton warned that “we need to  
pay attention to the enormous pressure of data sharing. Once data gets  
to a researcher, it has to be shared.” Thus, it is impractical to  
simply outlaw data sharing. Malin suggested three key steps: threat  
modeling, access control, and disclosure control.

First, it is important to fully comprehend the negative impact of the  
illicit disclosure of DNA data. Second, employees must be vetted and  
required to sign a data use agreement. In addition, an operations  
advisory board or institutional review board should only grant access  
to employees on a project-specific basis. Third, a board should not  
give away all the information.

The third point relates to modifying the data before it is shared. For  
example, there is no need to be completely specific in saving clinical  
data—instead of saying a man broke his left big toe, it's often  
equally useful to just say he has a broken toe. It is also possible to  
package the DNA data differently. Malin proposed perturbing the  
sequence of DNA to generalize the data, while allowing it to retain  
the necessary information for most forms of analysis. People have also  
developed algorithms to unlink patient data from their identity.

Koenig and Clayton both stressed the importance of ethical overview  
and developing an adequate punishment system for breaches of privacy.  
Besides losing funding (the typical current disciplinary action),  
Clayton suggested something stronger. “People at Vanderbilt get fired  
for privacy infringement. We have real punch.”

The panelists were articulate and informative in revealing the  
pitfalls of current policies, and they provided outlines to address  
some of the problems. Yet, it is still difficult to imagine what a  
robust system of governance would look like. Concrete details were  
elusive and, when one considers that DNA identification is a  
multinational issue (other countries are also collecting and sharing  
genomic data), perhaps the only certainty is that the present system  
of regulations is insufficient.