Researchers expose new vulnerabilities in the security of personal genetic information

January 17, 2013 by Matt Fearer, Whitehead Institute for Biomedical Research

Using only a computer, an Internet connection, and publicly accessible online resources, a team of Whitehead Institute researchers has been able to identify nearly 50 individuals who had submitted personal genetic material as participants in genomic studies.

Intent on conducting an exercise in "vulnerability research"—a common practice in the field of information security—the team took a multi-step approach to prove that under certain circumstances, the full names and identities of genomic research participants can be determined, even when their is held in databases in de-identified form.

"This is an important result that points out the potential for breaches of privacy in genomics studies," says Whitehead Fellow Yaniv Erlich, who led the research team. A description of the group's work is published in this week's Science magazine.

Erlich and colleagues began by analyzing unique known as short tandem repeats on the Y chromosomes (Y-STRs) of men whose genetic material was collected by the Center for the Study of Human Polymorphisms (CEPH) and whose genomes were sequenced and made publicly available as part of the 1000 Genomes Project. Because the Y chromosome is transmitted from father to son, as are family surnames, there is a strong correlation between surnames and the DNA on the .

Recognizing this correlation, genealogists and genetic genealogy companies have established publicly accessible databases that house Y-STR data by surname. In a process known as "surname inference," the Erlich team was able to discover the family names of the men by submitting their Y-STRs to these databases. With surnames in hand, the team queried other information sources, including Internet record search engines, obituaries, genealogical websites, and public demographic data from the National Institute of General Medical Sciences (NIGMS) Human Genetic Cell Repository at New Jersey's Coriell Institute, to identify nearly 50 men and women in the United States who were CEPH participants.

Previous studies have contemplated the possibility of genetic identification by matching the DNA of a single person, assuming the person's DNA were cataloged in two separate databases. This work, however, exploits data between distant paternally-related individuals. As a result, the team notes that the posting of genetic data from a single individual can reveal deep genealogical ties and lead to the identification of a distantly-related person who may have no acquaintance with the person who released that genetic data.

"We show that if, for example, your Uncle Dave submitted his DNA to a genetic genealogy database, you could be identified," says Melissa Gymrek, a member of the Erlich lab and first author of the Science paper. "In fact, even your fourth cousin Patrick, whom you've never met, could identify you if his DNA is in the database, as long as he is paternally related to you."

Aware of the sensitivity of his work, Erlich emphasizes that he has no intention of revealing the names of those identified, nor does he wish to see public sharing of genetic information curtailed.

"Our aim is to better illuminate the current status of identifiability of genetic data," he says. "More knowledge empowers participants to weigh the risks and benefits and make more informed decisions when considering whether to share their own data. We also hope that this study will eventually result in better security algorithms, better policy guidelines, and better legislation to help mitigate some of the risks described."

To that end, Erlich shared his findings with officials at the National Human Genome Research Institute (NHGRI) and NIGMS prior to publication. In response, NIGMS and NHGRI moved certain demographic information from the publicly-accessible portion the NIGMS cell repository to help reduce the risk of future breaches. In the same issue of Science in which the Erlich study appears, Judith H. Greenberg and Eric D. Green, the Directors of NIGMS and NHGRI, and colleagues author a perspective on this latest research in which they advocate for an examination of approaches to balance research participants' privacy rights with the societal benefits to be realized from the sharing of biomedical research data.

"Yaniv's work is a timely reminder that in this era in which massive amounts of genomic data are being generated rapidly and shared in the interest of scientific advancement, there is an increasing likelihood of privacy breaches," says Whitehead Institute Director David Page. "I'm delighted that, thanks to Yaniv's overture to NIH, we at Whitehead Institute have the opportunity to join policymakers at NHGRI and elsewhere in what will be a critical, ongoing dialog about the importance of safeguarding data, of sharing data, and the implications of failure in either endeavor."

Explore further: Scientists ignore cultural barriers to find the cause of a rare disease

More information: "Identifying Personal Genomes by Surname Inference" Melissa Gymrek et al. (Science, January 18, 2012.

Related Stories

Scientists ignore cultural barriers to find the cause of a rare disease

April 11, 2011
In a research collaboration blind to affairs of politics, ethnicity, and religion, an international team led by Israeli scientists has identified the genetic cause of a neurological disorder afflicting members of a Palestinian ...

Potential for incorrect relationship identification in new forensic familial searching techniques

February 9, 2012
New research suggests that unrelated individuals may be mistakenly identified as genetic family members due to inaccurate genetic assumptions. This is particularly relevant when considering familial searching: a new technique ...

New study launched investigating the impacts of personal genomic testing

March 5, 2012
As genetic risk information plays an increasingly important role in the diagnosis and treatment of many diseases, private companies have made personal genomic testing for these risk factors widely available to the public. ...

Recommended for you

Peers' genes may help friends stay in school, new study finds

January 18, 2018
While there's scientific evidence to suggest that your genes have something to do with how far you'll go in school, new research by a team from Stanford and elsewhere says the DNA of your classmates also plays a role.

Two new breast cancer genes emerge from Lynch syndrome gene study

January 18, 2018
Researchers at Columbia University Irving Medical Center and NewYork-Presbyterian have identified two new breast cancer genes. Having one of the genes—MSH6 and PMS2—approximately doubles a woman's risk of developing breast ...

A centuries-old math equation used to solve a modern-day genetics challenge

January 18, 2018
Researchers developed a new mathematical tool to validate and improve methods used by medical professionals to interpret results from clinical genetic tests. The work was published this month in Genetics in Medicine.

Can mice really mirror humans when it comes to cancer?

January 18, 2018
A new Michigan State University study is helping to answer a pressing question among scientists of just how close mice are to people when it comes to researching cancer.

Group recreates DNA of man who died in 1827 despite having no body to work with

January 16, 2018
An international team of researchers led by a group with deCODE Genetics, a biopharmaceutical company in Iceland, has partly recreated the DNA of a man who died in 1827, despite having no body to take tissue samples from. ...

Epigenetics study helps focus search for autism risk factors

January 16, 2018
Scientists have long tried to pin down the causes of autism spectrum disorder. Recent studies have expanded the search for genetic links from identifying genes toward epigenetics, the study of factors that control gene expression ...


Adjust slider to filter visible comments by rank

Display comments: newest first

5 / 5 (1) Jan 17, 2013
I agree that it is not full proof system of safeguarding data, but from what I've read from 23andme discussions over the last 2 years, people who said that they also participate in the 1000 genome project were typically posting their data to other places/boards/programs or were being very open about their identity. I think there is a big chance that these people were discussing the potential loss of the privacy with their family members.

This might be different, in the future, for a more typical person that is much more afraid of losing their privacy.
1 / 5 (1) Jan 18, 2013
Excellent Nano!

We are all important. We are all equal. We all have unknown vulnerabilities that can be exposed with the loss of privacy.
*Any thought to remove privacy from people, with or without their consent, which is not specifically for a "real and serious need" for life itself, is not operating in the truth of the very importance of life itself.*

Only a mind that has become ill/warped (completely out of touch with reality) dismisses the obvious threat to life itself that privacy losses expose us to. There are many of us that have yet to connected the dots that it stays this way because the truth says that life is important. Instead, many of us persist in believing there is something to gain in exposing and harvesting the personal information of others.

The ill mind run's down the rabbit hole…. Unable to contend with that their actions and choices are opposite of that with is dictated by the truth and the creator of the truth.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.