Addition: Questions around personal genomics - sharing vs. privacy
There was something bugging me while writing my last post on some issues with personal genomics, because I seemed to remember I had another point that I wanted to bring up. Now it came back to me. The point was about the technicalities of sharing genomic data.
Now, the last post was mostly me bitching about the current mode of personal genomics, 23andme and all, and how I don't think it's a good idea to hand over your genomics data to some US-based company with very clearly stated commercial interests. (Just to summarize on that: Having commercial interests is not a bad thing in itself in my book, but I'm a bit of a tough sell if you want me to share my data for what seems like mostly your commercial interest, and doubly so if these data are not exclusively mine to disclose.)
But there is another point worth discussing around the topic of personal genomics which is a little more forward-pointing, maybe. Let's say we agree that personal genomics are here to stay. Let's say that getting your genome, or portions thereof, sequenced becomes part of diagnostic routine, or even part of your routine medical examinations. That is, your genomic data or parts thereof become part of your medical record. How do we handle that?
As far as I can tell, there has been a certain separation of competences and sharing of data on a need-to-know basis even among your doctors. Professional discretion or not, it's fairly unnecessary in all but some freaky, borderline sci-fi cases, to share your cardiologist's findings with your dentist. And I think that's a good set of walls right there.
Now, with all these genome-wide association studies, lots of potential markers for all kinds of medical conditions and predispositions for behaviours showing up, I wonder whether we can come up with a scheme that empowers a person to share some, but not all of their genomic data with whomever they choose. Some results from a SNP genotyping may be relevant to a dentist. Some may be relevant to a gynecologist, such as a genetic predisposition for breast cancer, but others you may feel uncomfortable sharing with anyone but the persons you've elected to be trustworthy on certain subjects - say, markers that are associated with predisposition to addictions, or clear indications for Huntington's disease. At this point, I have to disclose, again, that my background is in computer security, and in this field, I've come to appreciate the concept of Defense-in-Depth. One of the things this concept teaches you is to only grant access on a need-to-have basis, and having grown up in a privacy-conscious environment, I think this is a good operating principle.
So, for me, the question is, how do we enable people to partially share their genomic information on a need-to-know basis? How do we implement this technologically, and how do we implement this UI-wise? I think that answering this questions is worthy of the engineer's attention, because a success at solving this problem means that we don't have to choose between privacy and the benefit of data sharing - that we may get to have both, with the individual having the power to make an informed and enforceable choice between these two extremes.
This may also have quite an impact on crowd-sourcing genomics projects that rely on people sharing data - they may benefit from individuals who are confident that they can make an informed and enforced choice concerning the disclosure of their genomic data.
Any ideas on how to achieve this are welcome, but I have a hunch that the much-condemned digital rights management (DRM) technology may actually see a use-case that is in the service of the informed individual, rather than being a servant to commercial interests.
If you have any suggestions regarding this, drop me a line/comment.