DNA, the storage bank of genetic information for all living organisms, is challenging scientists and policy makers to reconsider the issue of privacy. With the completion of the human genome and advancements in DNA sequencing technologies, a person’s DNA can potentially be tested for risks related to a number of genetic diseases. This progress is promising for personalized medicine, but ethical and policy issues are coming to the forefront as well. After all, can DNA data ever be truly private and anonymous when DNA itself can also act as a unique identifier?

At the 2010 AAAS conference in San Diego, a panel of experts criticized current policies and offered solutions to the ethical issues associated with DNA identifiability. Joel Wu, a research fellow at the Mayo Clinic, moderated a discussion among four panelists: Brad Malin (professor of biomedical informatics at Vanderbilt University), Sharon Terry (president and CEO of Genetic Alliance), Barbara Koenig (professor biomedical ethics at the Mayo Clinic), and Ellen Clayton (professor of genetics and health policy at Vanderbilt University).

Wu opened up the symposium by stressing the point that “genomic research needs data access to large data banks of DNA from volunteers, but data sharing becomes a question of public trust.” In order for scientists to continue gathering and sharing DNA data, the public must trust the process enough to volunteer for studies. If privacy protection becomes compromised, research won't continue to move forward. Thus, Wu states that “the goal is to create a balance between genomic research and privacy protection. The goal is to find balance between data access and public trust.”

Criticisms of the Current System

The panelists propose that the current policies fail to adequately protect volunteers for genomic research, making the balance impossible to achieve. A key problem, according to Wu, is that “DNA and DNA data cannot be truly de-identified, so common interpretations of privacy do not apply.” Currently, there is no definitive, legal definition of DNA as data that contains identification information. Koenig pointed out that “administrative units within the US Department of Health and Human Services articulate inconsistent positions of DNA and DNA data.” The panel argued that the first step of protecting DNA data is to define it as ID information.

Furthermore, current research protocols for volunteers are rather misleading when it comes to genomic research. For example, participants normally sign informed consent forms, but Wu posited that “meaningful informed consent is elusive, as there is unspecific future use for DNA data,” so current informed consent forms provide “untenable promises of privacy and confidentiality.”

Both Wu and Koenig acknowledged the lack of regulatory frameworks for reviewing the ethics, expertise, authority, and jurisdiction of facilities that collect and share DNA data. Koenig summarized it by saying, “Science is dynamic, and we almost can’t keep track of the speed of progress, but we have a stale ethical system that’s decades old.”

A Realistic Look at Identifiability

Before we can reasonably tackle the deficiencies of existing policies, we need to know some technical facts about DNA identification. Malin stated that the adage “we fear what we don’t understand” applies to genomic research. He said that “uniqueness is not sufficient for identification,” meaning “just having DNA is not going to tell you who it is. There needs to be a linking mechanism between de-identified DNA and identified data.”

The linking mechanism can be a forensics team, life science researchers, paternity companies, or anyone who swipes a tissue sample from you. Nevertheless, for you to be linked to your genomic data in some database, a person already has to know who you are.

What can your DNA data reveal? Malin listed demographics, familial history, clinical features, and life patterns among information that is commonly linked with DNA in databases. That may seem revealing, but Malin pointed out that most of that information can be gathered far more simply and by cheaper means than DNA analysis.

He demonstrated that, as he put it, “demographic data is pretty much available through public means.” It is fairly easy to figure out an average person's sex, race, age, employment status, location, and income from the Internet, phone books, or public records. As for familial history, he showed examples from unrestricted sources like obituaries that gave detailed information about a person’s family. People can also be identified based on shared clinical diagnosis codes, and people’s habits like hospital visitation patterns are also vulnerable to data miners. None of this requires the help of DNA databases.

Overall, privacy concerns are not unique to genomic research, as there are so many ways to breach an individual’s privacy. But one factor that makes DNA data special is its potential as an indicator for disease risks and possibly other characteristics, such as intelligence. To prevent companies and governments from exploiting DNA data, the panelists agreed that there needs to be a new governance system.

Proposals for Improvement

In creating a new governance system, Clayton warned that “we need to pay attention to the enormous pressure of data sharing. Once data gets to a researcher, it has to be shared.” Thus, it is impractical to simply outlaw data sharing. Malin suggested three key steps: threat modeling, access control, and disclosure control.

First, it is important to fully comprehend the negative impact of the illicit disclosure of DNA data. Second, employees must be vetted and required to sign a data use agreement. In addition, an operations advisory board or institutional review board should only grant access to employees on a project-specific basis. Third, a board should not give away all the information.

The third point relates to modifying the data before it is shared. For example, there is no need to be completely specific in saving clinical data—instead of saying a man broke his left big toe, it's often equally useful to just say he has a broken toe. It is also possible to package the DNA data differently. Malin proposed perturbing the sequence of DNA to generalize the data, while allowing it to retain the necessary information for most forms of analysis. People have also developed algorithms to unlink patient data from their identity.

Koenig and Clayton both stressed the importance of ethical overview and developing an adequate punishment system for breaches of privacy. Besides losing funding (the typical current disciplinary action), Clayton suggested something stronger. “People at Vanderbilt get fired for privacy infringement. We have real punch.”

The panelists were articulate and informative in revealing the pitfalls of current policies, and they provided outlines to address some of the problems. Yet, it is still difficult to imagine what a robust system of governance would look like. Concrete details were elusive and, when one considers that DNA identification is a multinational issue (other countries are also collecting and sharing genomic data), perhaps the only certainty is that the present system of regulations is insufficient.

Listing image by DNA Initiative