I got an invite from the UK Biobank project to participate in their project. They are asking 40-69 year olds to come along for 1.5 hours and answer lots of questions about their health, families and lifestyles, provide blood and urine samples and have a set of tests. These tests are for lung functions, bone density and other health related metrics.
On their web site, they go to great lengths to say how safe the data will be; that the DNA and other information will be held anonymously and that they definitely won’t give the information to anyone (except if told to by the legal authorities). Except, the data isn’t held anonymously.
To quote from their web site in the confidentiality section:
- Your DNA samples and information are stored anonymously – that means any information which can identify you, such as your name and address, date of birth or NHS number is taken off your data and samples and stored separately.
- Information is encrypted. We do need to be able to identify your samples and information so that we can track your medical records, contact you again or destroy your samples if you withdraw. We do this by using a code. Only those UK Biobank staff with access to the code will be able to connect you with your information and samples.
Note that the emphasis is mine. Therefore, they can identify your DNA samples. They just keep the key in a separate database. Thus, they can equally reconstruct a database with your DNA records and name, address, and any other details that are held quite easily. They just say they won’t.
Tinfoil hat time. I can foresee a near-future event where the Government decides that 500,000 DNA records are just too interesting to be kept away from their ID database and decide to pass legislation to gather all DNA databases into the (future) ID database. It would just be too tempting for them. I just can’t take the risk. As much as I would like to help science, I really don’t want my DNA ending up on yet another poorly secured database where just about any Government employee can access it. Better yet, in the process of transferring the data, they will burn it to a CD unencrypted and leave it in a briefcase in a taxi or something similar. Sorry, don’t want to be a part of that.
thanks for the heads up – i just got an invite – alas i’ll not be helping.
I’m keen on saving the planet yes – but not via a non transparent process.
I’ve just had my invitation letter. When it comes to reassuring any concerns I may have had about protecting my privacy, they didn’t get off to a good start.
Apparently they got my name, address, and date of birth from the NHS.
Excuse me?
I don’t remember giving the NHS my permission to share that kind of data with third parties. I shall be finding out who the NHS data controller is and having a word. They claim that it’s compliant with the data protection act, but I find that hard to believe.
Sorry, this may be a worthy research project, but they have just totally destroyed any chance they may have had of my trusting them.
@NautiusMaximum: I know, it’s the whole trust issue that blows it for me. If the data really were anonymous I might have considered, but saying it is anonymous and then admitting in the small print that it isn’t is not the best way of building trust.
Good point, Alex. I hadn’t spotted that, but you are quite right. The data are not anonymised, and it’s extremely naughty of them to say so.
There is a term that medical ethicists use to describe this kind of data handling, which is pseudonymised. That’s the term they should have used. Anonymised is just wrong.