Personal Genome Project UK email disaster: If you can’t guarantee privacy, at least try to ensure trust
It’s not often that you can write on a topic in ethics whilst rolling around laughing, so I shall take this rare opportunity to make a few comments on the ludicrous breach of privacy that occurred last night when the Personal Genome Project messed up something as simple as an email list.
I’d expressed an interest in taking part in this project which aims to sequence the genomes of hundreds of thousands of people and make these available, together with trait information, to researchers. There are clear potential worries about privacy here, as there is a potential to identify individuals from such a rich source of information. Nonetheless, I was excited to take part. After all, many of the people I know and love the most would not be alive today were it not for advances in medical science which have helped to treat diseases such as cancer and type 1 diabetes. In the past, many have risked life and limb for medical science. What was the potential of a little breach of privacy to worry about? Besides which, there has been considerable attention to ethics, privacy, and security around this project. There’s a whole ethics crew. Presumably they only hire the crème de la crème of data and IT experts. Surely these guys could be trusted to use our information wisely, and to do all they could to prevent irresponsible use?
So, knowing that there had seemingly been a large interest in taking part, I rushed to complete the initial online enrolment, hoping that I was going to be chosen. The next part of enrolling required reading through extensive documents and promised to take over an hour to complete, so at that stage I went to bed. Only to wake this morning to an email inbox chock full of hundreds of emails from other participants; the email list just copied and sent emails back to everybody who was trying to enrol. Some of these emails just gave the name of other participants, and for those who’d replied to the list, some email addresses were also visible.
Hilarious! A quick check on twitter revealed a lot of enraged, bemused and amused tweeters. Here’s a selection:
Signed up for Personal Genome Project – be sequenced for med research. They’ve publicised email addresses of all volunteers. Privacy anyone?
I won’t be taking part in the personal genome project. Ridiculous questionnaires & don’t appreciate >140 spam emails because of incompetence
Woke up to hundreds of emails from Personal Genome Project volunteers, cheers. Such incompetence, very reassuring, wow.
Withdrawing from Personal Genome Project – if going to be this careless with emails then I don’t think I want to be sequenced after all.
I wonder if #PersonalGenomeProject are making a point to drum home the potential implications of contributing to the project
Really starting to regret signing up to the personal genome project, too many emails, really not happy!
Greatly enjoying the Personal Genome Project train wreck that is happening in my email inbox right now.
I’ve got about fifty emails from the Personal Genome Project mailing list. They said they couldn’t guarantee privacy, but this is ridiculous
Dont think I’ll trust personal Genome Project UK (PGP-UK) with my DNA if they cant even keep their email system anonymous
HOLY SHIT this email storm is from the Personal Genome Project. If they cant handle email-list privileges then they’re not getting my Genome
These responses are pretty predictable. At least they have solved at a stroke the problem of how to sift through the excess number of people who volunteered – I wonder if they will make the total number of volunteers needed now?
There is a simple lesson to be learned from this – the fragility of trust. There are two basic strategies for ensuring ethical conduct of research: one, through robust regulations and practices which protect participants; two, through the trustworthiness of those managing research – that they have the competence and virtues necessary to handle the information entrusted to them, for the betterment of humanity whilst protecting the individual.
Anyone who wished to volunteer for this would have to be pretty comfortable with the possibility that their privacy could be breached, because there would be so many points of information available that it would be more than a theoretical possibility that to narrow this down to a precise individual. But those volunteering would also presumably probably have a commitment to advancing medical science and knowledge of human biology; and perhaps, like me, considered that the potential for privacy breach by outsiders was weighed against a prima facie high degree of trust that the Personal Genome Project was being managed by researchers with a high degree of probity, academic excellence, and competence. They must employ the best people, right? They must use the latest data management techniques, right? They’re at the cutting edge of all this, right?
Well, actually, no. This morning, a few tried to downplay this disaster by pointing out that email addresses weren’t shared, but this was false: actually whilst most of the emails that came round only displayed people’s names, for those who then replied, their email addresses then became visible to the whole group. Moreover, people can be identified from their names, of course! Not everybody is called Mary Smith or John Brown.
But the real point is not that names and email addresses were shared. It’s not just that people were irritated that, for the trouble of volunteering for this project, their email boxes were chock full of rubbish. It’s that trust evaporated overnight with this idiotic breach of security. The entire point of this project depends upon something utterly crucial to the heart of it: the trust that those running it know how to manage data. The project is all about good data management. And they can’t even do that. A glitch in how the email list is managed can be sorted out in a minute or two. A breach of trust takes much, much longer.