Genetic privacy

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

Genetic privacy involves the concept of personal privacy concerning the storing, repurposing, provision to third parties, and displaying of information pertaining to one's genetic information.[1][2] This concept also encompasses privacy regarding the ability to identify a specific individual by their genetic sequence, and the potential to gain information on specific characteristics about that person via portions of their genetic information, such as their propensity for specific diseases or their immediate or distant ancestry.[3]

With the public release of genome sequence information of participants in large-scale research studies, questions regarding participant privacy have been raised. In some cases, it has been shown that it is possible to identify previously anonymous participants from large-scale genetic studies that released gene sequence information.[4]

Legal regulations, such as the Genetic Information Nondiscrimination Act of 2008 (GINA) in the United States have been created to mandate that an individual's genomic sequence information cannot be requested or used as a basis for genetic discrimination by employers or health insurance providers, though this protection did not extend to other forms of insurance such as life insurance.[5]

Significance of genetic information[edit]

In the majority of cases, an individual's genetic sequence is considered unique to that individual. One notable exception to this rule in humans is the case of identical twins, who have nearly identical genome sequences at birth.[6] In the remainder of cases, one's genetic fingerprint considered specific to a particular person and is regularly used in the identification of individuals in the case of establishing innocence or guilt in legal proceedings via DNA profiling.[7] Specific gene variants one's genetic code, known as alleles, have been shown to have strong predictive effects in the occurrences of diseases, such as the BRCA1 and BRCA2 mutant genes in Breast Cancer and Ovarian Cancer, or the eFAD gene in Early-Onset Alzheimer's Disease.[8][9] Additionally, gene sequences are passed down with a regular pattern of inheritance between generations, and can therefore reveal one's ancestry via genealogical DNA testing. Additionally with knowledge of the sequence of one's biological relatives, traits can be compared that allow relationships between individuals, or the lack thereof, to be determined, as is often done in DNA paternity testing. As such, one's genetic code can be used to infer many characteristics about an individual, including many potentially sensitive subjects such as: [10]

  • Parentage / Non-paternity
  • Consanguinity
  • Adoptive Status
  • Ancestry
  • Propensity for Disease
  • Predicted Physical Characteristics

Sources of genetic information[edit]

Many types of direct-to-consumer DNA tests have been released that allow individuals to obtain genetic information from tissue obtained from the mouth, such as a cheek scraping (performed with a swab), an individual's saliva, or chewing gum. One of the most popular reasons for at-home genetic testing is to obtain information on an individual's ancestry via genealogical DNA testing and is offered by many companies such as 23andMe, AncestryDNA, Family Tree DNA, or MyHeritage. Other tests are also available which provide consumers with information on genes which influence the risk of specific diseases, such as the risk of developing late-onset Alzheimer's disease or celiac disease.[11]


Dr. Yaniv Erlich conducted a study in 2013 that revealed vulnerabilities in the security of public databases that contain genetic data. Erlich's study reported a method to discover the identity of anonymous research subjects whose genomes had been sequenced as part of a genomics project.[12] As a result, research subjects could sometimes be identified by their DNA alone.[13]

Mark Bender Gerstein, a Yale professor who studies large genetic databases notes that "research subjects who share their DNA may risk a loss of not just their own privacy but also that of their children and grandchildren, who will inherit many of the same genes".[13]

Furthermore, the vast databases of corporations or states are susceptible to get breached by criminals or governments.[13] There is a controversy regarding the responsibility that a DNA testing company has to ensure that leaks and breaches do not happen. Regulation rules are not clearly laid out. What is still not determined is who legally owns the genome information: the company or the individual whose genome has been read. There have been published examples of personal genome information being exploited.[14] Additional privacy concerns, related to, e.g., genetic discrimination, loss of anonymity, and psychological impacts, have been increasingly pointed out by the academic community[14][15] as well as government agencies.[11]

Dr. David Altshuler of the Broad Institute of Harvard and M.I.T. notes that the amount of genetic data that has been gathered so far (As of 2013) is minuscule compared with what will be coming in the next few years[when?], making it important to address the problems before the data deluge makes them worse, saying that they "see substantial issues" and "want to have serious discussions now".[13]

The American Society of Human Genetics has brought up issues about administering genetic tests on children. Moreover, they infer that this could lead to negative consequences for the children. Some of the negative consequences that this could lead to include the child’s likelihood of getting adopted which as a result could lead the child to suffer from self esteem issues; the child’s well-being could also suffer because of things like paternity testing or a custody battle requiring this type of information.[10]


When the access of genetic information is regulated it can prevent insurance companies and employers from reaching such data. Further, this could avoid issues of discrimination which could oftentimes leave an individual whose information has been breached without a job or without insurance.[10]

In the United States[edit]

In the United States, biomedical research containing human subjects is governed by a baseline standard of ethics known as The Common Rule, which aims to protect a subject's privacy by requiring "identifiers" such as name or address to be removed from collected data.[16] A 2012 report by the Presidential Commission for the Study of Bioethical Issues stated, however, that "what constitutes 'identifiable' and 'de-identified' data is fluid and that evolving technologies and the increasing accessibility of data could allow de-identified data to become re-identified".[16] In fact, research has already shown that it is "possible to discover a study participant's identity by cross-referencing research data about him and his DNA sequence … [with] genetic genealogy and public-records databases".[17] This has led to calls for policy-makers to establish consistent guidelines and best practices for the accessibility and usage of individual genomic data collected by researchers.[18]

Federal Regulation[edit]

The Genetic Information Nondiscrimination Act of 2008 (GINA) protects the genetic privacy of the public, including research participants. The passage of GINA makes it illegal for health insurers or employers to request or require genetic information of an individual or of family members (and further prohibits the discriminatory use of such information). More information on GINA is available here.[5]

Privacy protections for genetic research participants were strengthened by provisions of the 21st Century Cures Act (H.R.34) passed on 7 December 2016 for which the American Society of Human Genetics (ASHG) commended Congress, Senator Warren and Senator Enzi.[19][20][21][22]

State Regulation[edit]

A 2015 study found that state genetic privacy laws take three alternative approaches to protecting patient privacy: requiring informed consent on the part of the individual; restricting discriminatory usage of genetic data by employers, health care providers or insurance companies; or limiting redisclosure without the consent of the individual or defining genetic data as the 'property' of the individual" and that "giving users control over redisclosure encourage the spread of genetic testing, but that the informed consent approach deters individuals from obtaining genetic tests".[23]


To balance data sharing with the need to protect the privacy of research subjects geneticists are considering to move more data behind controlled-access barriers, authorizing trusted users to access the data from many studies, rather than "having to obtain it piecemeal from different studies".[12][13]

In October 2005, IBM became the world's first major corporation to establish a genetics privacy policy. Its policy prohibits using employees' genetic information in employment decisions.[24]

Breaching techniques[edit]

According to a 2014 study genetic privacy breaching by Yaniv Erlich and Arvind Narayanan techniques fall into three categories:[25]

Identity Tracing
Here the aim is to link between an unknown genome and the concealed identity of the data originator by accumulating quasi-identifiers − residual pieces of information that are embedded in the dataset − and to gradually narrow down the possible individuals that match the combination of these quasi-identifiers.
Attribute Disclosure Attacks via DNA (ADAD)
Here the adversary already has access to the identified DNA sample of the target and to a database that links DNA-derived data to sensitive attributes without explicit identifiers, for example a public database of the genetic study of drug abuse. The ADAD techniques match the DNA data and associate the identity of the target with the sensitive attribute
Completion Techniques
Here the adversary also knows the identity of a genomic dataset but has access only to a sanitized version without sensitive loci. The aim here is to expose the sensitive loci that are not part of the original data.

See also[edit]


  1. ^ "Genetic Privacy (definition)". Retrieved 29 December 2016.
  2. ^ "From genetic privacy to open consent" (PDF). Nature Reviews Genetics. Retrieved 8 November 2019.
  3. ^ Shi, Xinghua; Wu, Xintao (January 2017). "An overview of human genetic privacy: An overview of human genetic privacy". Annals of the New York Academy of Sciences. 1387 (1): 61–72. doi:10.1111/nyas.13211. PMC 5697154. PMID 27626905.
  4. ^ "Genetic privacy". Nature. 493 (7433): 451. 24 January 2013. doi:10.1038/493451a. PMID 23350074. Retrieved 29 December 2016.
  5. ^ a b "Privacy in Genomics". National Human Genome Research Institute (NHGRI). Retrieved 29 December 2016.
  6. ^ Phillips, Theresa. "The Importance of DNA Fingerprinting and How It Is Used". The Balance. Retrieved 2019-09-28.
  7. ^ Murphy, Erin (2018-01-13). "Forensic DNA Typing". Annual Review of Criminology. 1 (1): 497–515. doi:10.1146/annurev-criminol-032317-092127. ISSN 2572-4568.
  8. ^ "BRCA Mutations: Cancer Risk and Genetic Testing Fact Sheet". National Cancer Institute. 2018-02-05. Retrieved 2019-09-28.
  9. ^ Campion, Dominique; Dumanchin, Cécile; Hannequin, Didier; Dubois, Bruno; Belliard, Serge; Puel, Michèle; Thomas-Anterion, Catherine; Michon, Agnès; Martin, Cosette; Charbonnier, Françoise; Raux, Grégory (September 1999). "Early-Onset Autosomal Dominant Alzheimer Disease: Prevalence, Genetic Heterogeneity, and Mutation Spectrum". The American Journal of Human Genetics. 65 (3): 664–670. doi:10.1086/302553. PMC 1377972. PMID 10441572.
  10. ^ a b c Anderlik, Mary R; Rothstein, Mark A. (2001). "Privacy and Confidentiality of Genetic Information: What Rules for the New Science?". Annual Review of Genomics and Human Genetics. 2: 401–433. doi:10.1146/annurev.genom.2.1.401. PMID 11701656.
  11. ^ a b Research, Center for Drug Evaluation and (2018-11-03). "Direct-to-Consumer Tests". FDA.
  12. ^ a b "Genetic privacy". Nature. 493 (7433): 451. 24 January 2013. doi:10.1038/493451a. PMID 23350074. Retrieved 29 December 2016.
  13. ^ a b c d e Kolata, Gina (16 June 2013). "Poking Holes in Genetic Privacy". The New York Times. Retrieved 29 December 2016.
  14. ^ a b De Cristofaro, Emiliano (2012-10-17). "Whole Genome Sequencing: Innovation Dream or Privacy Nightmare?". arXiv:1210.4820 [cs.CR].
  15. ^ Curtis, Caitlin; Hereward, James (December 4, 2017). "It's time to talk about who can access your digital genomic data". The Conversation. Retrieved May 21, 2018.
  16. ^ a b "Privacy and Progress in Whole Genome Sequencing". Presidential Commission for the Study of Bioethical Issues. Archived from the original on 22 November 2016. Retrieved 30 November 2016.
  17. ^ Check Hayden, Erika (2013). "Privacy loophole found in genetic databases". Nature. doi:10.1038/nature.2013.12237.
  18. ^ Gutmann, Amy; Wagner, James W. (2013-05-01). "Found Your DNA on the Web: Reconciling Privacy and Progress". Hastings Center Report. 43 (3): 15–18. doi:10.1002/hast.162. PMID 23650063.
  19. ^ "ASHG Supports Genetic Privacy Provisions in 21st Century Cures Act | ASHG". ASHG. Retrieved 2 January 2017.
  20. ^ "ASHG supports Genetic Privacy Provisions in 21st Century Cures Act". EurekAlert!. Retrieved 2 January 2017.
  21. ^ "Congress passes 21st Century Cures Act with billions for new research, treatments". CBS News. Retrieved 2 January 2017.
  22. ^ "Congress acts to protect the most personal data – genetic information". Pine Bluffs Post. Retrieved 2 January 2017.
  23. ^ "Privacy Protection, Personalized Medicine and Genetic Testing" (PDF). Retrieved 8 November 2019.
  24. ^ "IBM100 - Pioneering Genetic Privacy". 7 March 2012. Retrieved 2 January 2017.
  25. ^ Yaniv Erlich; Arvind Narayanan (2013). "Routes for breaching and protecting genetic privacy". arXiv:1310.3197 [q-bio.GN].

Further reading[edit]

  • The Right to Know and the Right Not to Know: Genetic Privacy and Responsibility, ISBN 9781107076075

External links[edit]