UK Biobank & Privacy

I got an invite from the UK Biobank project to participate in their project. They are asking 40-69 year olds to come along for 1.5 hours and answer lots of questions about their health, families and lifestyles, provide blood and urine samples and have a set of tests. These tests are for lung functions, bone density and other health related metrics.

On their web site, they go to great lengths to say how safe the data will be; that the DNA and other information will be held anonymously and that they definitely won’t give the information to anyone (except if told to by the legal authorities). Except, the data isn’t held anonymously.

To quote from their web site in the confidentiality section:

  • Your DNA samples and information are stored anonymously – that means any information which can identify you, such as your name and address, date of birth or NHS number is taken off your data and samples and stored separately.
  • Information is encrypted. We do need to be able to identify your samples and information so that we can track your medical records, contact you again or destroy your samples if you withdraw. We do this by using a code. Only those UK Biobank staff with access to the code will be able to connect you with your information and samples.

Note that the emphasis is mine. Therefore, they can identify your DNA samples. They just keep the key in a separate database. Thus, they can equally reconstruct a database with your DNA records and name, address, and any other details that are held quite easily. They just say they won’t.

Tinfoil hat time. I can foresee a near-future event where the Government decides that 500,000 DNA records are just too interesting to be kept away from their ID database and decide to pass legislation to gather all DNA databases into the (future) ID database. It would just be too tempting for them. I just can’t take the risk. As much as I would like to help science, I really don’t want my DNA ending up on yet another poorly secured database where just about any Government employee can access it. Better yet, in the process of transferring the data, they will burn it to a CD unencrypted and leave it in a briefcase in a taxi or something similar. Sorry, don’t want to be a part of that.