Routes for breaching and protecting genetic privacy

We are entering the era of ubiquitous genetic information for research, clinical care, and personal curiosity. Sharing these datasets is vital for rapid progress in understanding the genetic basis of human diseases. However, one growing concern is the ability to protect the genetic privacy of the data originators. Here, we technically map threats to genetic privacy and discuss potential mitigation strategies for privacy-preserving dissemination of genetic data.Comment: Draft for comment

Redefining genomic privacy: trust and empowerment

Fulfilling the promise of the genetic revolution requires the analysis of large datasets containing information from thousands to millions of participants. However, sharing human genomic data requires protecting subjects from potential harm. Current models rely on de-identification techniques in which privacy versus data utility becomes a zero-sum game. Instead, we propose the use of trust-enabling techniques to create a solution in which researchers and participants both win. To do so we introduce three principles that facilitate trust in genetic research and outline one possible framework built upon those principles. Our hope is that such trust-centric frameworks provide a sustainable solution that reconciles genetic privacy with data sharing and facilitates genetic research

Managing Access to Biobanks:How Can We Reconcile Privacy and Public Interests in Genetic Research?

This article is concerned with the ultimate objectives of genetic biobanks set up to promote the public interest—being the sharing of samples and data for medical research—and the consequences for personal privacy of realising them. Our aim is to chart the values, interests and principles in play, to consider the challenges of realizing biobanking objectives on a global scale, and to propose viable ways forward that ensure, as far as possible, that access provisions remain fit for purpose throughout the entire life of a biobank, while adequately protecting the privacy interests at stake. It is argued that key features in any robust access model must include mechanisms to (a) maintain participant trust in management of the resource and to measure and respond to participants’ expectations, (b) facilitate and promote the sharing of benefits, and (c) respond timeously and effectively to new challenges

Supporting Regularized Logistic Regression Privately and Efficiently

As one of the most popular statistical and machine learning models, logistic regression with regularization has found wide adoption in biomedicine, social sciences, information technology, and so on. These domains often involve data of human subjects that are contingent upon strict privacy regulations. Increasing concerns over data privacy make it more and more difficult to coordinate and conduct large-scale collaborative studies, which typically rely on cross-institution data sharing and joint analysis. Our work here focuses on safeguarding regularized logistic regression, a widely-used machine learning model in various disciplines while at the same time has not been investigated from a data security and privacy perspective. We consider a common use scenario of multi-institution collaborative studies, such as in the form of research consortia or networks as widely seen in genetics, epidemiology, social sciences, etc. To make our privacy-enhancing solution practical, we demonstrate a non-conventional and computationally efficient method leveraging distributing computing and strong cryptography to provide comprehensive protection over individual-level and summary data. Extensive empirical evaluation on several studies validated the privacy guarantees, efficiency and scalability of our proposal. We also discuss the practical implications of our solution for large-scale studies and applications from various disciplines, including genetic and biomedical studies, smart grid, network analysis, etc

Sharing Privacy-sensitive Access to Neuroimaging and Genetics Data: A Review and Preliminary Validation

The growth of data sharing initiatives for neuroimaging and genomics represents an exciting opportunity to confront the “small N” problem that plagues contemporary neuroimaging studies while further understanding the role genetic markers play in the function of the brain. When it is possible, open data sharing provides the most benefits. However, some data cannot be shared at all due to privacy concerns and/or risk of re-identification. Sharing other data sets is hampered by the proliferation of complex data use agreements (DUAs) which preclude truly automated data mining. These DUAs arise because of concerns about the privacy and confidentiality for subjects; though many do permit direct access to data, they often require a cumbersome approval process that can take months. An alternative approach is to only share data derivatives such as statistical summaries—the challenges here are to reformulate computational methods to quantify the privacy risks associated with sharing the results of those computations. For example, a derived map of gray matter is often as identifiable as a fingerprint. Thus alternative approaches to accessing data are needed. This paper reviews the relevant literature on differential privacy, a framework for measuring and tracking privacy loss in these settings, and demonstrates the feasibility of using this framework to calculate statistics on data distributed at many sites while still providing privacy

Constructive Privacy for Shared Genetic Data

International audienceThe need for the sharing of genetic data, for instance, in genome-wide association studies is incessantly growing. In parallel, serious privacy concerns rise from a multi-party access to genetic information. Several techniques , such as encryption, have been proposed as solutions for the privacy-preserving sharing of genomes. However, existing programming means do not support guarantees for privacy properties and the performance optimization of genetic applications involving shared data. We propose two contributions in this context. First, we present new cloud-based architectures for cloud-based genetic applications that are motivated by the needs of geneticians. Second, we propose a model and implementation for the composition of watermarking with encryption, fragmentation, and client-side computations for the secure and privacy-preserving sharing of genetic data in the cloud

Big Data in Genomics: Ethical Challenges and Risks

Genomic information is a class of Big Data in expanding use thanks to technological developments. Here, we review three categories of ethical risks and challenges associated with genomic information: privacy issues, the management of incidental findings, and challenges in data storage and sharing. First, we need to implement strong mechanisms to protect privacy, but genomic data faces specific risks and we need to acknowledge the possibility of re-identification. Proper usage of genomic information has to be regulated, including recommendations on incidental finding management. Also, clear policies for data sharing and explicit efforts to promote central repositories of genomic data should be established. However, technology and new applications of genetic information will develop fast and we should anticipate potential new risks

Genetic Data Privacy Solutions in the GDPR

The intersection of healthcare and technology is a rapidly growing area. One thriving field at this intersection involves obtaining, processing, and storing genetic data. While the benefits have been great, genetic information can reveal a great deal about individuals and their families. And the information that can be conveyed from genetic data appears limitless and is constantly growing and changing. Many entities have begun storing, processing, and sharing genetic data on a very large scale. This creates many privacy concerns that the current regulatory framework does not account for. The line between patient data and consumer data is blurred; many entities are interested in obtaining genetic data with varied interests. In the direct-to-consumer genetic testing market, consumers pay to send private companies their DNA samples in exchange for a trivial amount of information about their ancestry and health risks. But health data obtained and processed by a company are subjected to far less stringent privacy regulations than health data obtained and processed at a doctor’s office or hospital. This Comment summarizes some of the current genetic privacy problems in United States laws and examines the EU’s recently adopted GDPR for a possible solution. A GDPR-style regulation could provide more consistency, give individuals more control, and protect against future unknown uses