Everywhere we go, we leave a trail of data behind. Every scan of our grocery store loyalty card, every time our phone tracks our location or activity level, every time we enter something into our diet tracker, or an online search engine, or a social media account, every time someone files a medical claim to our insurance — we are creating data. People voluntarily give up access to their DNA when they take at-home DNA tests to determine their family background. Skilled data miners can search these giant databases, some of which are publicly available, to develop remarkably detailed portraits of individuals.
Here’s another story about one of these home DNA-test firms sharing data on 2 million people with law enforcement. You may recall an earlier IRB blog item recounting how about 60 percent of Americans of northern European descent can now be identified using these genealogy databases, with that number expected to increase to 100 percent “in the near future.”
The “identifiability” of this kind of personal information has been a topic of much debate. OHRP, in its Revised Common Rule, indicated the notion of “identifiable private information” will be reevaluated at least every 4 years. The way IRBs and study teams consider privacy and data confidentiality will also no doubt change as our understanding of identifiability evolves.