FLICKR, ADAM NIEMANIn January 2013, Yaniv Erlich from the Whitehead Institute for Biomedical Research in Cambridge, Massachusetts, and his colleagues reported on their ability to correctly identify participants in public sequencing projects like the 1,000 Genomes Project using free, publicly accessible Internet resources.
“The paper is a nice example of how simple it is to re-identify de-identified samples and that the reliance on de-identification as the mechanism of ensuring privacy and avoiding misuse is one that is not viable,” Nita Farahany, a professor of law and research at Duke University in Durham, North Carolina, who was not involved in the study, told The Scientist last year.
And last May, in a preprint posted to arXiv, Harvard University’s Latanya Sweeney—who is now chief technologist at the US Federal Trade Commission—and her colleagues showed that unnamed Personal Genome Project (PGP) participants could be identified using demographic data from their profiles.
“Whilst it is impossible to eliminate entirely the risk of re-identification of individuals, it is possible to minimise this risk with proportionate safeguards,” Wellcome Trust Director Jeremy Farrar said in a statement. “We believe that a deliberate attempt to re-identify individuals should be viewed as malpractice and be met with appropriate sanctions.”
On the table are possible sanctions against researchers who do so, such as the retraction of funds, according to the Wellcome Trust.
“As funders, we are committed to working together to reduce the risk of re-identification in a way that does not block valuable research to advance social and medical science and improve health,” added MRC’s Sir John Savill.