Study Highlights the Risk of Handing Over Your Genome

Researchers found they could tie peoples identities to supposedly anonymous genetic data by cross-referencing it with information available online.

If you contribute your genome sequence anonymously to a scientific study, that data might still be linked back to you, according to a study published today in the journal Science. The researchers behind the study found they could deanonymize genomic data using only publicly available Internet information and some clever detective work.

The study points to rising issues concerning genetic privacy and the need for better legal protection against genetic discrimination, experts say, since such a technique could reveal a persons propensity to a particular disease. The work also shows that study participants need to be better educated about the risks of joining genetic research efforts.

Open-access data sets of human genomic information are an important resource for researchers trying to uncover the genetic basis of human disease. The 1000 Genomes Project, for example, is a publicly available catalog of variation in humans that researchers can use to identify mutations that cause disease risk in certain populations (see The Future of the Human Genome). Researchers use this kind of open database much more often than controlled access sources, the National Institutes of Health said in a response to todays findings that was also published in Science.

Our last intention is to push these resources behind some firewall, says Yaniv Erlich, a geneticist at the Whitehead Institute for Biomedical Research and senior author on todays study. We are in favor of public data sharing, but we need to think about how it could be misused and describe that correctly to people.

While the Genetic Information Nondiscrimination Act of 2008 offers people some protection against employers or health insurers discriminating against them based on their genetics, life insurers and disability insurers are not prevented from using such information in their decisions.

We have no comprehensive genetic privacy law, says Jeremy Gruber, a lawyer and president of the Council for Responsible Genetics. People need to be much better informed of the lack of privacy protections we have for genetic information, says Gruber.

In the long run, says Erlich, it is better for these potential breaches to be demonstrated by a friendly investigator rather than someone who really wants to exploit the data. That would really undermine the public trust, he says.

This isnt the first time privacy risks have been highlighted for public genome databases. Different groups have shown that with a second DNA sample, an individuals genetic information could be pulled out of what was thought to be anonymous pooled genomic data or gene activity databases. But Erlichs team used only knowledge of genetic markers and Internet detective work to identify nearly 50 people in public genomic data sets.

Erlich, a former computer security researcher, was once hired by banks and other businesses to test their computer systems. For the DNA sleuthing, Erlich and his team used free genealogical databases that link surnames with genetic markers, called short tandem repeats, on the Y chromosome. There is no known biological function for these repeats, but the length and number are commonly used in ancestry research because, like surnames, those patterns are typically passed from father to son.

More here:
Study Highlights the Risk of Handing Over Your Genome