The New York Times reports on medical privacy issues connected with DNA research:
The genetic data posted online seemed perfectly anonymous — strings of billions of DNA letters from more than 1,000 people. But all it took was some clever sleuthing on the Web for a genetics researcher to identify five people he randomly selected from the study group. Not only that, he found their entire families, even though the relatives had no part in the study — identifying nearly 50 people.
The researcher did not reveal the names of the people he found, but the exercise, published Thursday in the journal Science, illustrates the difficulty of protecting the privacy of volunteers involved in medical research when the genetic information they provide needs to be public so scientists can use it.
Other reports have identified people whose genetic data was online, but none had done so using such limited information: the long strings of DNA letters, an age and, because the study focused on only American subjects, a state. […]
The data are from an international study, the 1000 Genomes Project, that is collecting genetic information from people around the world and posting it online so researchers can use it freely. It also includes the ages of participants and the regions where they live. That information, a genealogy Web site and Google searches were sufficient to find complete family trees. While the methods for extracting relevant genetic data from the raw genetic sequence files were specialized enough to be beyond the scope of most laypeople, no one expected it to be so easy to zoom in on individuals. […]
There is no easy answer about what to do to protect the privacy of study subjects. Subjects might be made more aware that they could be identified by their DNA sequences. More data could be locked behind security walls, or severe penalties could be instituted for those who invade the privacy of subjects. […]
But after seeing how easy it was to find the individuals and their extended families, the N.I.H. removed people’s ages from the public database, making it more difficult to identify them. […]
[…] Amy L. McGuire, a lawyer and ethicist at Baylor College of Medicine in Houston […] like others, called for more public discussion of the situation.
“To have the illusion you can fully protect privacy or make data anonymous is no longer a sustainable position,” Dr. McGuire said.