FPF and Privacy Analytics Identify “A Practical Path Toward Genetic Privacy”


Paper highlights de-identification standards, re-identification research, and emerging technical, contractual, and policy protections that can safeguard genetic data while supporting research.

Genomic data is arguably the most personal of all personally identifiable information (“PII”). Techniques to de-identify genomic data to limit privacy and security risks to individuals–while that data is used for research and statistical purposes–are at the center of discussions among stakeholders engaged in genetic research. 

The Future of Privacy Forum (FPF) and Privacy Analytics have partnered to publish “A Practical Path Toward Genetic Privacy in the United States.” The white paper is intended to highlight the personal nature of genetic data, describe existing regulatory requirements, and discuss emerging developments regarding the de-identification & re-identification of genetic data while highlighting consensus practices organizations are taking to safeguard genomic information.

“Genetics has become increasingly valuable to cutting-edge medical research, with implications from public health to rare disease diagnostics,” said Katelyn Ringrose, FPF Policy Fellow. “Observing this evolution, FPF and Privacy Analytics collaborated to create a practical path forward; one which will protect the privacy of those individuals who contribute their genomes to fuel such incredible discoveries.” 

The white paper explores and drives discussion around two prominent examples of privacy engineering solutions applicable to genetic privacy: differential privacy and secure (multi-party) computation. Although technical solutions like these show promise in protecting genetic data, companies should also follow emerging privacy and security-centric norms that are evolving in the space, including the use of:

  1. Access Controls – Depending on the nature of the data and its identifiability, access controls can limit access to certain individuals and institutions. 
  2. Contractual Controls – Researchers and institutions can be required to enter into a data use agreement prior to being able to access data, in order to ensure that that data is accessed only for legitimate purposes and that identifiability remains low.
  3. Security Protocols – Organizations sharing genetic data can create specific security protocols dictating how researchers utilize data in open access or controlled-access data repositories. 

FPF hopes that this white paper will help guide stakeholders in the genetics arena, including those stakeholders providing and utilizing genetic data to identify health risks, learning more about rare diseases, and creating new treatments and precise diagnostics. We look forward to continuing to support cutting-edge research, while aiming to mitigate the risks associated with the use of genetic data. 

The Future of Privacy Forum works on issues regarding de-identification, ethics, and health data

Read the White Paper

For additional information about this publication or the Future of Privacy Forum’s health working group, please contact Rachele Hendricks Sturrup ([email protected]) and Katelyn Ringrose ([email protected]).