DNA Origami

Trust Is At the Heart of the Privacy Issue

4 minute read
Tamara Dull avatar

In early 2013, I spat. In fact, I was the 380,245th customer to spit into one of 23andMe’s DNA collection tubes and am now part of a unique #Powerof1Million group. 

Remember 23andMe? They aggressively marketed their personalized DNA kits to consumers a few years ago. That is, until the FDA told them to stop in late 2013. The FDA said that 23andMe was violating federal law by selling medical tests that claimed to identify health risks for over 250 diseases and health conditions — a claim only FDA-approved medical tests are allowed to make.

This article isn’t about 23andMe per se, but about the challenges companies face when it comes to privacy and business ethics in the era of big data. 23andMe just makes my point.

Whose Data Is It?

I’m glad I got in early and had my 23andMe spit test results before the FDA put its Big Foot down. My health reports and ancestry information are quite informative, and sometimes downright amusing. Here’s a few sample findings from my test:

  • I am 3.0 percent Neanderthal. I’m not quite sure how I feel about that, but OK, I’ll own it. And maybe when I’m ready, I’ll buy a t-shirt to let the world know.
  • I have moderately greater odds of early PONV (Postoperative Nausea and Vomiting). Ah, that explains why I turned green and spewed green after my colonoscopy.
  • 23andMe recently informed me that I have “typical” sensitivity to the sound of other people chewing. It’s called misophonia for those of you who have a higher sensitivity to this sort of thing. You know who you are.

It is mind boggling how much data our saliva can provide. But as with any data, we have to ask: Who owns this data? Who has permission to access and share it? How will it be used? And how secure is it?

23andMe covered those answers in its Terms of Service, Privacy Policy and Consent Document. But that’s just one company. As consumers, we deal with dozens, if not hundreds, of companies and government agencies who all have their own evolving ToS and privacy policies. The problem is, nobody reads them.

What’s Your Tolerance?

I just shared three rather innocuous findings about my health and ancestry in a very public forum. Some of you would have no problem doing the same — maybe not in a blog post, but what about Facebook? Others are fine sharing even more personal details — almost to the point of TMI — and the rest of you say, “It’s none of your business.”

Learning Opportunities

It comes down to personal preferences and what you’re willing to tolerate. The 23andMe support site explains it this way:

"Everyone has different tolerances and preferences for learning information. You might be surprised by a family member who would prefer not to know something you feel is important to share. At other times, you may learn something about yourself, your family, your ancestry, or health-related associations with your genotype that you would prefer to keep private. You may find yourself having to weigh sharing such information with other family members against your own desire for privacy — or their desire not to know."

What some consider no big deal, others consider invasive. And therein lies the rub. In this era of big data, personal moral standards may not be the best driver as we try to develop a broader-based set of big data guidelines.

How Does Your Company Handle Privacy?

We’ve looked at some of the privacy/ethics challenges with big data from a consumer’s standpoint, but how about your organization? Where does it stand?

  • Does your organization have a privacy policy? Make sure you understand and adhere to your company’s privacy policies, especially in regards to data, before a customer complaint or lawsuit beats you to the punch.
  • Do you tell your customers when a request is made for their data — from the government or otherwise? Do you publish periodic transparency reports? If this isn’t part of your process, is this a practice your organization could consider?
  • Is your company willing to fight for your customers’ privacy rights in court? How about Congress? This isn’t just a fight for the big boys like Google and Facebook. It’s for any company who values its customers and wants to protect their privacy from intrusive entities and/or activities.

This privacy discussion is only going to get bigger, especially as companies and government agencies get better at collecting, analyzing, and sometimes selling the data we’re freely sharing with them. Trust between data players — you, me, them and us — is at the heart of the privacy issue and is the glue that will keep the data ecosystem together.

Creative Commons Creative Commons Attribution 2.0 Generic License Title image by  dullhunk 

About the author

Tamara Dull

Tamara Dull is the director of emerging technologies for SAS Best Practices, a thought leadership organization at SASInstitute. You can read more about requirements for big data teams here.