Slashdot Mirror
When a DNA Testing Firm Goes Bankrupt, Who Gets the Data?
wiedzmin writes "DeCODE Genetics, a genetics research firm from Iceland, has filed for bankruptcy in the US, and Saga Investments, a US venture capital firm, has already put in a bid to buy deCODE’s operations, raising privacy concerns about the fate of customer DNA samples and records. The company hasn’t disclosed how many clients signed up for its service, but provides a number of customer testimonials on its site, including Dorrit Mousaieff, Iceland’s first lady."
Clearly, the answer is that any samples and documentation should be destroyed. A typical way of doing this is to shred any paper documentation, and incinerate it along with any tissue or DNA samples.
I spliced in a trojan to my DNA. If I'm cloned in anything but my specific method, I'll instead turn out as a 70ft tall dinosaur human hybrid with fire breath, laser beam eyes, and the ability to fly. I dare them to clone me.
sell the customer data to some health insurance company.
“This clearly introduces a layer of uncertainty beyond what people expected when they signed up,” she told the Times. “People do need to double check what they are signing up to. These companies often use broad consent, and I worry whether people know what their data might be used for in the long term.”
Personally I feel like your genetic information is always YOUR data. Call it a biological copyright if you wish. There's only one you, and you inherited the code used to make you.
This is as close to a modern inalienable right as I've yet seen.
Businesses are so concerned with making money they dont think ahead. In a previous job we got rid of a proprietary system because we moved to a new one. No one thought about all the old records during this transaction. Well, we had access the the DB, but it was coded in such a way that the fields were a jumble of crap and would have taken forever to pull apart to get the records. I asked the proprietary company if they had a way to dump the records to PDF for easy reading and storage. Nope... This company was in business for 7+ years and they had no way to mass export records? They developed a half assed way to get it done, and I had to come up with a solution for the slack they left. So, not only did my company not think of this before hand, neither did the proprietary company. It is no surprise this company did the same Why does no one even consider this as a possibility? Companies dont last forever, so why has no one even considered this? The people that have their DNA at the company are now subject to the whim of whatever happens because it is guaranteed their contracts do not state "if we go under, your data will be destroyed". Good game people, good game.
Sell it to researchers, since insurance company wouldnt benefit much from such a small set of DNA samples. Or else just discard everything except DNA of famous people (in case they have any) and auction it!
DNA information and it wants to be free--just like Hollywood movies, Britney Spears songs, and videogames! Let it be free!!
I can see the future now: The Pirate Bay of Cloning Data!!
As Alfred E. Newman once said: "What, me worry?"
Customer data should be considered the property of the customer; the decision as to what happens to that data should be accountable to the owner of that data which would be the person who provided that data in the first place. The data should not be transferred to a third party without permission from the owner of that information.
Sigs are too short to say anything truly profound so read the above post instead.
I'm wondering what their data retention policy is. I'm not sure about most companies or industries but AFAIK most businesses, financial companies and law firms are obligated to keep records for 7 to 10 years. Some might keep longer. Now I can understand if these guys want to keep the info for 2 year, in case there's an unsatisfied customer who wants their money back (for example, had test done elsewhere and theirs is different). If the retention policy of this industry permits indefinite, then there should be laws to protect customers including not only retention but sharing of information and proper deletion of records.
We sent off some DNA in our family last winter, and I was surprised at the lack of legalese in the paperwork.
In particular, nowhere in any of it did it state that we were surrendering any property rights [i.e. the documents addressed neither the physical property of the biological material, nor the intellectual property of the DNA code].
On the other hand, because of the lack of legalese in the paperwork, it also didn't say that the DNA facilities were surrendering any property rights [or the ability to assert property rights in the future], either.
But I'd be shocked if the courts ruled for the creditors rather than for the "patients", unless there was some very explicit contracts in which the "patients" surrendered their property rights [although, even there, I wouldn't be surprised if a court ruled that such a contract were invalid, on e.g. 13th Amendment grounds].
Seriously, that's a good way to make easy money. Auction off your genome!
Trends can be pulled out from anonymized data fairly easily, and with a surprising degree of accuracy. From TFA:
Academic researchers have shown that anonymized data can be correlated with other data to identify people.
With the sheer amount of data contained in a DNA sample, even a partial sample would be enough to compromise an individual's identity. With enough information, practically any other piece of information can be obtained.
You do not have a moral or legal right to do absolutely anything you want.
Yeah. It's like asking, "when a bank goes out of business, who gets the money in the accounts?"
Can you be Even More Awesome?!
23andMe, a US company who has been collecting samples for two-three years now has had two rounds of layoffs in the last six months, the second of which was a third of the company. I think this should be a real concern for the customers of any of these companies, Navigenics, Pathways, deCODE, 23andMe etc.
I dont know or understand your reference nor do I get your response. Are you saying I was incompetent or they were? If you say I am, you havent seen their SQL fields... It was seriously an entire chart in one field with Java code and HTML code inside. I would have had to parse it all out where they already did. Uh.. reread what you quoted about the PDF dumps, the company had no idea what we were doing in the way I stated my question. You have the full picture, I approached it a different way to them. So, GG on assumption. Third point, the reasoning for the PDF dump was made clear to them in how I approached them with the situation. So again, GG on assumption. Troll elsewhere, you are terrible at it.
I'm no expert in the field of datamining, but while academics have demonstrated that anonymized web searches can be correlated with other data to identify people, can the same be said for DNA data? I'd think you'd need minimum a close relatives name and genetic info already.
Nah, x% of the the sample population is susceptible to breast cancer, along with the sample groups demographics is really valuable data without knowing the name of anyone.
It was interesting work but the management were clueless about software development. That's another company on my resume that no longer exists. Damn.
Sorry my bullshit sensor overloaded.
Q: how does one annonymize DNA data?
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
IMHO you should only be able to sell a copy or "license" to use your DNA sequence, but that "license" should not be transferable to the next buyer.
Its odd that people blindly accept contracts without reading them or negotiating the terms. When submitting data like this to a database held by a third party, you'd better make damn sure there are stipulations in the contract to protect YOUR data! otherwise DON'T DO IT.
One more thing, if you give anyone any iota of information, expect that information to never again be private.
But the company called Íslensk Erfðargreining is still running as before - and nothing has changed with their contracts between them and their donators or the government.
I have no reason why we should distrust the new owners of the company any less then the previous ones.
Exception Duck - may or may not contain chicken.
The original firm should have to contact all the customers who's DNA they have, tell them what's going on, and give them the option to either have the data destroyed, or left alone under the same privacy policy once the new company comes in.
How? Mitosis of course...
Excuse me, but please get off my Pennisetum Clandestinum, eh!
" raising privacy concerns " is a ubiquitous trigger cliche tossed out by people who want to inflame and enrage. It is as hollow as 'raising awareness' because neither are things that are raised, they are things you become, or become more so.
In this case, the persons or agents raising 'concern' are Wired and Times, who just might want readers so they can get ad money, and a lawyer that specializes in genomics, who just might want to attract clients for a law suit from which he'll collect big time (despite the fact that the as yet imaginary court battle would be over IP and privacy, neither of which are related to genomics). Oh, and a spokescritter from a group dedicated to watching tech and waving their arms, calling out 'Danger, Will Robinson' any time they can pretend something technological might be involved in anything that they can yell about and hope those who notice will join up and pay dues -- oh yes, so they can collect some cash too.
TFA states specifically who has the data and what they can and cannot do with it. In purchasing the assets of DeCODE, Saga is bound by law to protect the data. Despite this clear statement, the writers see fit to have "privacy advocates", that is, people who appoint themselves to speak on others' behalf without asking them, be 'concerned' that Saga will do this anyway.
In other words, the only people for whom this is an issue have a vested (ie. financial) interest in there being an issue, many of which have no relationship or arrangement with the persons whose data in involved in this imaginary 'concern' beyond their imaginary right to speak for those individuals.
I call BS on the bunch of them. There's not a single DeCODE client among them*. The only person interviewed who is actually involved is the CEO of DeCODE, who knows what needs to be done and is doing it. Not even Iceland's first lady is concerned, and wouldn't even be involved in this imaginary issue if it weren't for the fact that the Wired writer knew her premise was weak without an actual imaginary victim, so she dug until she found someone who was a client and tossed her name out in close proximity to concocted claims about privacy and such in order to lend the color of legitimacy to an otherwise transparent FUD spew.
"I may be synthetic, but I'm not stupid." -- Bishop 341-B
Íslensk Erfðagreining wich is the company that handles everything concerning the data and the research can not by law hand over the data to a second company. Decode is the parent company of Íslensk Erfðagreining. A little bit of research would have gotten you the knowledge that they can only use the private and medical information that they have gotten in research purposes and can never hand it over. This article just smells like fud to me.
If she's Icelands first lady, how did Icelanders procreate before she came along?
Ladies don't procreate all that much. Sluts do...