The Wall Street Journal takes a look at the privacy risks that can arise from people voluntarily donating their DNA for research or other reasons. There have been several recent controversies over the unknowing use of individuals’ DNA reasons beyond what was stated when the samples were taken. Arizona State University recently settled a lawsuit by the Havasupai Indians. DNA samples that were given to university researchers to study the tribe’s high rate of diabetes were also used — without their consent, tribe members say — “to study many other things, including mental illness and theories of the tribe’s geographical origins that contradict their traditional stories,” reported the New York Times.

A few months ago, Texas announced that, as part of a lawsuit settlement agreement, it would destroy five million blood samples taken from babies and used for research without their parents’ consent. The blood was originally gathered to screen for birth defects. The Texas Tribune later revealed that Texas officials also “were turning over hundreds of dried blood samples to the federal government to help build a vast DNA database.”

The Journal reports:

At the Minnesota State Fair [...] you can stop by the University of Minnesota’s building and give samples of your and your children’s DNA for the university’s Gopher Kids Study.

As the Minneapolis Star Tribune reports, researchers are collecting information, including the genetic kind,  to see if the fair is an effective way to recruit and stay connected with study subjects. (Families are told to return for follow-up for the next two years.) Eventually researchers want to recruit thousands of kids in an attempt to study “what genes are involved in making a child grow and develop normally,” according to the study’s website. Read more »

InformationWeek reports on recommendations about data privacy set out in a letter (pdf) from the Privacy and Security Tiger Team, a group that advises the Health Information Policy Committee of the Department of Health and Human Services on privacy and security issues relating to patients’ medical information.

The letter recommends that the HIT Policy Committee adopt the guidelines set out in the Fair Information Practices (FIP), a set of codes established in 1973 to provide safeguards for personal privacy. The Tiger Team said healthcare providers and third-party service organizations should follow FIP codes as they implement health IT such as electronic health records (EHRs) that will be used to exchange patient information.

“This overarching set of principles, when taken together, constitute good data stewardship and form a foundation of public trust in the collection, access, use, and disclosure of personal information,” the letter said. [...] Read more »

In May, it was revealed that the University of California at Berkeley was asking incoming freshmen to voluntarily (and confidentially) submit DNA samples so that it can check “for three genes that help regulate the ability to metabolize alcohol, lactose and folates” because “students with certain genetic markers may be able to lead healthier lives by drinking less, avoiding dairy products or eating more leafy green vegetables.” At the time, I said that I was glad that the program was voluntary and confidential, but it was still troubling because there are easier and less-invasive ways to determine if someone is allergic or intolerant of alcohol, lactose or folates. Individual genetic data is not needed to teach students about responsible drinking or healthy diets. Genetic testing seems unnecessary, and it is too easy to see how quickly this could lead to mission creep. “Why don’t we test for something else, since we already have the data?” I noted several recent controversies over the unknowing use of individuals’ DNA reasons beyond what was stated when the samples were taken.

Now, the Los Angeles Times reports that Berkeley is changing its DNA collection program, though it still is requesting genetic data from incoming freshmen and transfer students.

In response to a state Public Health Department ruling on how DNA samples should be handled, UC Berkeley scientists reluctantly abandoned the idea to have freshmen and transfer students individually and confidentially learn about three of their own genetic traits. Instead, only collective results for all the 1,000 or so participants will be available and discussed at the orientation seminars next month. Read more »

The Department of Homeland Security’s Privacy Office has released a new privacy impact assessment (PIA) concerning the agency’s study of a type of biometric identification — iris recognition. From the privacy impact assessment (pdf) on “Iris and Face Technology Demonstration and Evaluation.”

As part of its Multi-Modal Biometrics Projects, the Department of Homeland Security (DHS) Science & Technology (S&T) Directorate and the National Institute of Standards and Technology (NIST) are investigating iris recognition as a promising biometric modality that may become suitable to support DHS operations in the near future. [...]

The purpose of this evaluation of iris recognition technologies is to conduct field trials/studies of iris camera prototypes under conditions and environments of relevance (e.g., humidity levels, amount of sunlight, etc) to DHS operational users to assess the viability of the technology and its potential operational effectiveness in support of DHS operations. S&T is conducting a PIA because biometric information is being collected from individuals detained in an operational setting. [...] Read more »

USA Today offers opinion columns about the privacy and security of consumers’ Internet use.

USA Today’s view, “These ‘cookies’ aren’t tasty; you’re left hungry for privacy“:

What if the next time you visited your local mall, a gaggle of detectives quietly followed you around taking notes on every store you visited, every item you bought, every movie you saw. [...]

Well, companies of many types are routinely doing just that — keeping tabs on your interests, purchases, likes and dislikes and making major assumptions about you — every time you surf the Internet. [...]

The surveillance is intrusive, pervasive and largely unregulated. Most consumers haven’t a clue how much information about them is being gathered and stored for sale, nor do they have a reliable way to stop it. Even computer experts we interviewed were flabbergasted by recent Wall Street Journal reports that the 50 most popular Internet sites installed a total of 3,180 tracking files (commonly known as “cookies”) on a test computer the newspaper set up. Dictionary.com, of all places, had the most tools; Wikipedia.org was the only site among the 50 to install none. [...] Read more »

An opinion column at Business Daily Africa urges the passage of privacy protection legislation in Kenya:

Who keeps your secrets? Have you ever paused to ask yourself how much confidential information about you or your business is “out there”? You probably imagine there is not much. However, let me paint for you a scenario.

You wake up in the morning and make a few personal and business calls from your mobile phone. Your calls are monitored and details stored in the data base of your mobile phone service provider. On your way to work, you pass through your ATM to withdraw some money and print an e-statement. The bank’s system records your transactions. [...]

Shortly thereafter, you receive a reference check about a former intern. Her HR file shows that during the few short months when she interned with you, she was constantly away from the office due to a congenital illness. You feel obliged to inform her prospective employer and candidly proceed to do so. [...]

This may sound surreal, but this is a true reflection of how much confidential information we leave behind us on a day to day basis, often without even realising it. Such information can easily fall into the wrong hands. It can also be used to your detriment. [...] Read more »