People who volunteer for medical research usually expect to remain anonymous. That includes people who donate their DNA for use in genetic studies.
But now researchers have shown that in some cases, they can trace research subjects' DNA back to them with ease. And they say the risk of being identified from genetic information will only increase.
An international team of scientists wondered how difficult it would be to identify people whose DNA had been posted anonymously on the Internet. They decided to focus on 10 men whose entire genetic blueprints had been made public for research purposes.
By plugging a bit of the men's genetic information into an online service that helps people trace their family histories, they got back a list of possible relatives.
With that list, and information about the age and home state of the men, Yaniv Erlich, of the Whitehead Institute for Biomedical Research, says his team identified five of them.
"We could actually identify all the other people in the family, basically by looking at public websites, public records of these people, and Facebook and other websites," says Erlich.
They were able to identify about 50 people in all. Erlich says his study raises big questions about whether it's possible to protect the anonymity of genetic information.
"Now, [not] everyone now can do this type of study, but it suggests that there is a privacy issue that can be exploited," he says.
He's not the only one worried about genetic privacy. Medical geneticist Jim Evans, of the University of North Carolina at Chapel Hill, says right now, the risk of privacy violations is relatively low. But he says it's only going to get worse.
"We can't put the genie back in the bottle," says Evans. "Privacy has been continually eroded in the digital universe in which we live."
Evans says there needs to be a balance between making genetic data available to researchers and protecting people's privacy. For him, that means limiting who can access genetic information.
"We need clear policies for how data are handled, with whom they're shared, and importantly there need to be penalties for violating those policies," he says.
The fear is that people who volunteer to provide their DNA for research may be vulnerable to genetic discrimination.
But even with the risks, some people are OK with putting their genetic data out there for everyone to see.
Harvard Medical School genetics professor George Church runs a genetic database that anybody not just scientists can access. People who want their DNA in the database are told about the possible privacy risks up front. Even so, Church says many people still want to participate.
"I think people are more trusting if you're open and transparent with them about what the risks are," he says.
In their paper published today in the journal Science, Erlich and his colleagues don't reveal the names of the people they identified, or the details of how they did it.
But they did contact the National Institutes of Health. That's the agency that funded project that posted the genetic information online in the first place.
The NIH's Laura Lyman Rodriguez says most genetic data are more tightly protected. But she acknowledges the new study shows that the privacy of research subjects can't be guaranteed.
"And what we really think needs to happen at this point in time now that this threshold has been reached where individuals have been identified, through the connection of research and non-research information, is to have a public dialogue," says Rodriguez.
A public dialogue about how best to protect privacy without inhibiting research. In the meantime, the NIH has removed some details about the people whose genetic data is on the Internet, in an effort to keep a similar privacy breach from happening again.