Protecting privacy and confidentiality in the age of big

dataDavid B. Resnik, JD, PhD, Bioethicist,

NIH/NIEHSThis research is supported by the NIEHS/NIH. It does not represent the views of the NIEHS, NIH

or US government.October 19-25 | 2015

New York www.medicres.org

Big Data

• Multisite clinical trials• Large international collaborations (genetics,

molecular biology, neuroscience, medicine, ecology, etc.)

• Large epidemiological studies• Genome-wide association studies• Biobanking• Data mining from social media 05/01/23

Some Ethical and Policy Issues• Misconduct• Data management• Publication• Authorship• Conflict of Interest• Intellectual property• Informed consent• Privacy/Confidentiality• RegulatoryThese issues also arise in “little data” but big data adds new levels of

complexity.

05/01/23

Confidentiality/Privacy

• Research regulations and ethical guidelines require investigators to protect the confidentiality and privacy of research subjects.

• Breaches of confidentiality or privacy can harm human subjects in various ways, e.g. discrimination, stigma, embarrassment, and violate their right to control access to private information about themselves.

05/01/23

Measures to Protect Confidentiality and Privacy

• Limiting access to data and samples• Secure storage of data and samples• Electronic security, e.g. passwords, firewalls,

encryption• De-identification of data and samples, with a code

retained to identify data/samples, unless they are completely anonymized

• Certificate of confidentiality obtained from DHHS• Training of the research team on procedures

05/01/23

Informed Consent• Consent documents should inform research subjects about

how their data or samples may be used or shared.• Should inform subjects about sharing with investigators

outside of the research team.• Should give subjects an opportunity to consent to broad

sharing or limited sharing.• Should give subjects the opportunity to withdraw their

data/samples unless they have been completely anonymized.

• Should inform subjects whether they will receive individualized research results.

05/01/23

Sharing Data and Samples• Sharing of data and samples is important for promoting

research collaborations, validating results, and advancing scientific research.

• Promoting sharing is one of the primary reasons for creating a biobank.

• Many funding agencies require broad sharing of data and samples.

• Most journals require investigators to make data accessible to other investigators and sample require data to be deposited on a public website.

05/01/23

The Sharing Dilemma

• Sharing is important for scientific research but it can undermine protection of confidentiality and privacy in some situations.

• What is the best way to share while protecting confidentiality and privacy?

• There are several options.

05/01/23

Restricted Sharing• Data use agreements for sharing data– End users agree to specific uses of the data– Agree not to protect confidentiality and not share

with others without permission– Agree not to try to identify human subjects in de-

identified data• Material transfer agreements for sharing samples– End users agree to specific uses of the samples– Agree to not share with other without permission

05/01/23

Restricted Sharing

• Restricted sharing is definitely appropriate when sharing data/samples with personal identifiers.

• However, limited sharing impedes research because investigators must request access to data/samples and institutions must sign sharing agreements.

• This can take time and use additional resources.

05/01/23

Open Sharing

• De-identified data are deposited on a publicly available website.

• Anyone can download the data.

05/01/23

Open Sharing• Open sharing is certainly appropriate for non-human

DNA, but it perhaps not for human DNA because it may be possible to re-identify de-identified genomic data.

• Statisticians have developed methods for re-identifying individuals in de-identified genomic datasets based on a sample of their DNA.

• Statisticians have also developed ways to identify individuals from their phenotypic, genealogical or demographic data in some cases. This is much easier to do when you have a small, unique population.

05/01/23

NIH Genomic Data Sharing

In 2007, the National Institutes of Health (NIH) implemented a human genomic data sharing policy requiring that 1) individual, identified data be shared by restricted access and that 2) aggregate, de-identified data be shared on its publicly available websites (dbGaP or NCI). The NIH revised this policy in 2010, after learning about the possibility of re-identification of individuals. Most human genomic data is now available only by restricted access with some degraded data still available publicly.

05/01/23

Degrading Data

• Degrading of data may still be an option for open sharing.

• However, degrading may limit the value of data to other researchers.

• Even degraded data might be identifiable in the future due to advancements in science, technology, and statistics advance.

05/01/23

Waiver of Confidentiality/Privacy• Some studies deal with the problem of loss of

confidentiality by asking subjects to waive confidentiality/privacy protections.

• In the Personal Genome Project (Harvard Medical School), subjects agree to make their identifiable genomic, medical, and demographic data available on a public website.

• They are presumably motivated by a desire to help advance science and are not too concerned about loss of confidentiality/privacy.

05/01/23

PGP consent, page 9.“By signing this consent form, you authorize the PGP to publish your specimen analysis data and other personal information you have submitted to the PGP. This means that the PGP may publish this data and information without legal restriction and without your being asked to provide any additional consent. The PGP will publish the data and information on a publicly accessible website and database. It may also publish the data and information in other formats and/or media. Your ability to withdraw your consent once the PGP has published all or some of this data and information is limited, and is described in Article X of this consent form. There may be risks to you associated with the publication of this data and information. Those risks are described in Article X of this document.”

05/01/23

Waiver of Confidentiality/Privacy

• Will subjects understand the implications and risks of waiving confidentiality/privacy? The PGD consent form is complex and 24 pages long.

• What about risks to family members who do not consent to this sharing—might they be identified? The PGD prohibits monozygotic twins from participating unless both consent, but what about other family members?

• The decision cannot be effectively reversed once data are made public.

05/01/23

Social Media

• Social media (Facebook, etc.) is a valuable resource for social scientists to study social networks, social interactions, public opinions, etc.

• In some cases, social scientists just observe public behavior; in other cases, they may interact with users through experimental manipulations or by creating fake identities.

05/01/23

Facebook StudyIn January 2012, researchers from Facebook, Cornell University, and the University of San Francisco conducted a study in which the manipulated 689,003 users’ news feeds to determine whether emotional states can be transmitted when people interact. They found that the emotional content of the newsfeed (positive or negative) is associate with the subsequent postings (positive or negative). The effect was not large but it was significant. Users who participated in the study did not sign a consent form, although the Facebook user agreement included some language pertaining to research. The lead author, Adam Kramer, apologized to Facebook users for the way the study was conducted and the anxiety it caused. If Facebook had done the study without collaborators from Cornell, it would have required no IRB review. The Cornell IRB determined (after the fact) that its faculty member’s role did not need IRB review because the faculty member did not have access to private data.

05/01/23

Questions• Are social media interactions public or private?• Do users of social media understand what they

are sharing may be viewed by the public and how to control their settings to protect their privacy?

• Is it acceptable to conduct social media research without consent? With minimal consent?

• Is it acceptable for researchers to create fake profiles to interact with social media users in order to study them?

05/01/23

Additional Questions

• Thanks for your attention and participation.

05/01/23