BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
Preserving the Privacy of Genetic Information
1. Preserving the Privacy
of Genetic Information
Ann Cavoukian, Ph.D.
Information and Privacy Commissioner
Ontario, Canada
University of Toronto
Biotechnology Law and Policy
January 16, 2013
2. Presentation Outline
1. What is Privacy?
2. Privacy by Design: The Gold Standard
3. What is Genetic Information?
4. Issues Relating to the Use of Genetic
Information
5. Does Genetic Information Require Special
Data Protection?
6. Issues Relating to Research Biobanks
7. Conclusions
3. Early IPC Papers
on Genetics and Privacy
• Genetic Engineering: The Ultimate Threat to Privacy,
Ann Cavoukian, Ph.D., – International Workshop on Access
and Privacy Laws – April 14, 1989;
• Confidentiality Issues in Genetics: The Need for Privacy,
Ann Cavoukian, Ph.D., – Symposium of the Council of
Europe on Biometrics, France – November 30, 1993;
• Genetic Privacy: The Right “Not to Know,”
Ann Cavoukian, Ph.D., – 10th World Congress on Medical
Law, Israel – August 28, 1994;
www.ipc.on.ca
4.
5. “I will focus my comments primarily on the workplace
and the prospect of using genetic screening in workplace
hiring practices to detect certain diseases, traits or
behavioral disorders which prospective employees may
bring with them to the job. It may be used to detect both
occupational and non-occupationally-related traits. It is
in this area, as well as that of the insurance industry,
where I believe the greatest discrimination will arise: the
potential exists for creating a class of people who may
become unemployable and uninsurable.”
— Ann Cavoukian, Ph.D.,
Confidentiality Issues in Genetics: The Need for Privacy,
Symposium of the Council of Europe on Bioethics, France,
November 30, 1993
www.ipc.on.ca/english/Resources/Presentations-and-Speeches/Presentations-and-Speeches-Summary/?id=101
7. What is Privacy?
• Informational Privacy: Data Protection
• Freedom of choice; control over one’s information;
informational self-determination;
• Personal control over the collection, use and
disclosure of any recorded information about an
identifiable individual.
8. Fair Information Practices:
A Brief History
• OECD Guidelines on the Protection of Privacy and Transborder
Flows of Personal Data, 1980;
• CSA Model Code for the Protection of Personal Information, 1996;
• EU Directive on Data Protection, 1998;
• Canada Personal Information Protection and Electronic
Documents Act (PIPEDA), 2000;
Ontario:
• Freedom of Information and Protection of Privacy Act (FIPPA), 1988;
• Municipal Freedom of Information and Protection of Privacy Act
(MFIPPA), 1991;
• Personal Health Information Protection Act (PHIPA), 2004.
9. How is Genetic Information
Protected in Canada?
• Canadian Charter of Rights and Freedoms:
• Federal, provincial and territorial privacy statutes:
- Public sector privacy and access legislation;
- Private sector privacy legislation;
- Health sector privacy legislation;
• Federal, provincial and territorial human rights statutes;
• Professional codes, standards of practice and ethical
duties of confidentiality of health professions;
• Provincial laws governing regulated health professions.
11. Why We Need Privacy by Design
Most privacy breaches remain
undetected – as regulators, we
only see the tip of the iceberg
The majority of privacy breaches remain
unchallenged, unregulated ... unknown
Regulatory compliance alone, is unsustainable as
the sole model for ensuring the future of privacy
13. Adoption of “Privacy by Design”
as an International Standard
Landmark Resolution Passed to Preserve
the Future of Privacy
By Anna Ohlden – October 29th 2010 - http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacy
JERUSALEM, October 29, 2010 – A landmark Resolution by
Ontario's Information and Privacy Commissioner, Dr. Ann Cavoukian,
was approved by international Data Protection and Privacy
Commissioners in Jerusalem today at their annual conference. The
resolution recognizes Commissioner Cavoukian's concept of Privacy
by Design - which ensures that privacy is embedded into new
technologies and business practices, right from the outset - as an
essential component of fundamental privacy protection.
Full Article:
http://www.science20.com/newswire/landmark_resolution_passed_preserve_future_privacy
14. Privacy by Design:
The 7 Foundational Principles
1. Proactive not Reactive:
Preventative, not Remedial;
2. Privacy as the Default setting;
3. Privacy Embedded into Design;
4. Full Functionality:
Positive-Sum, not Zero-Sum;
5. End-to-End Security:
Full Lifecycle Protection;
6. Visibility and Transparency:
Keep it Open;
7. Respect for User Privacy:
Keep it User-Centric.
www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf
15. Ontario’s Personal Health Information
Protection Act (PHIPA)
The definition of personal health information includes
personally identifying information about an individual
in oral or recorded form, if the information:
• Relates to the physical or mental health of the
individual, including information that consists of the
health history of the individual’s family; or
• Relates to the donation by the individual of any body
part or bodily substance of the individual or is derived
from the testing or examination of any such body part
or bodily substance.
17. What is Genetic Information?
• “Biological samples” can be defined as biological material in which
DNA (deoxyribonucleic acid) is present and which contain the
genetic makeup of an individual.
— EC Directive on Data protection, 1995
• “Genetic data” is information about heritable characteristics of
individuals.
— UNESCO International Declaration on Human Genetic Data, 2003
• In Canada, “genome" is defined as the totality of the DNA
(deoxyribonucleic acid) sequence of a particular cell.
— Assisted Human Reproduction Act, 2004
18. U.S. Definition of Genetic Information
• The Genetic Information Nondiscrimination Act defines “genetic information” as
information about:
– an individual’s genetic tests;
– genetic tests of the individual’s family members;
– genetic tests of any fetus of an individual or family member who is a pregnant
woman, and genetic tests of any embryo legally held by an individual or family
member utilizing assisted reproductive technology;
– the manifestation of a disease or disorder in the individual’s family members;
– any request for or receipt of genetic services or participation in clinical research that
includes genetic services (genetic testing, counseling, or education) by an individual
or family member.
• The Genetic Information Nondiscrimination Act does not define genetic
information to include information about the sex or age of any individual.
• A ‘genetic test’ is defined as an analysis of human DNA, RNA, chromosomes,
proteins, or metabolites that detects genotypes, mutations, or chromosomal
changes.
19. Primer on Genetics
• DNA is the chemical compound that contains the instructions needed
to develop and direct the activities of nearly all living organisms;
• An organism’s complete set of DNA is called its genome –
approximately 3 billion DNA base pairs make up the human genome;
• DNA sequencing means determining the exact order of bases in a
string of DNA;
• Researchers can use DNA sequencing to search for genetic variations
that may play a role in the development or progression of a disease;
• DNA research also makes possible the prospect of “personalized
medicine” – individualized care and treatment based on the unique
genetic makeup of every individual and the molecular nature of
diseases.
20. Unique Features of Genetic Information
• Identifying – not only at an individual level but also family or
parentage level;
• Ubiquitous – can be gathered from a small amount of material and
is permanent rather than transitory information;
• Longevity – can be kept for indeterminate lengths of time, making
access and reuse for future purposes possible;
• Predictive – highly predictive for some single gene disorders
(e.g., Huntington’s disease), less predictive for most other
disorders;
• Individual and familial in nature – this poses unique concerns
relating to privacy.
21. How is Genetic Information Used?
• Predict, diagnose, treat and prevent health conditions;
• Personalize medicine;
• Reproductive decision making, family planning and
paternity testing;
• Insurance and employment to assess risks and
susceptibility to toxins;
• Law enforcement – forensic identification;
• Research – biobanks.
22. Trends in Genetic Information
• Growth in publicly funded research biobanks (e.g.,
Canadian Longitudinal Study on Aging, CartaGene,
Ontario Health Study);
• Growth in access to genetic testing in health care settings
and through genetic testing companies;
• Research projects making genetic information available
in the public domain (e.g., George Church’s Personal
Genome Project);
• Websites encouraging the sharing of health information
(e.g., Patients Like Me);
• Genetic testing is becoming cheaper and faster;
• Predictive capacity of genetic tests increasing.
24. Problems in Using
Genetic Information
• Over-information: testing may reveal personal
information about an individual, as well as his or her
family members;
• May not necessarily be predictive – may only indicate
a predisposition;
• When genetic information is used for a secondary
purpose outside of a medical or research context, it may
result in discrimination, particularly in insurance and
employment contexts;
• Any non-medically required genetic testing may interfere
with an individual’s right “not” to know.
25. The Right to Know or “Not” to Know
• Historically, maintaining the ability to control one’s
personal information has revolved around the concept of
the “right to know” – namely, the right of access to one’s
own personal information that others may have in their
custody and control;
• In the context of genetic testing and the information
arising from it, however, the right to know may be
transformed into the right “not to know;”
• Genetic tests may reveal information that an individual
wishes “not to know” such as non-paternity or certain risk
factors for conditions that are not amenable to treatment
(no known cure).
26. Predictive Value of
Genetic Information
• Most diseases involve interactions among numerous
genes, environmental factors, life style choices, etc. (e.g.,
arthritis, heart disease, most cancers);
• Single gene disorders are rare and predictive value varies;
• For a highly penetrant single-gene disorder, a test result is
determinative (e.g., Huntington’s disease);
• Other single-gene positive test results may not predict the
development of a given condition (e.g. BRCA-gene
associated with hereditary breast-cancer);
27. Genetic Testing and Employment
• May be used by employers to avoid the hiring
of individuals they believe are likely to:
• have a high risk of absenteeism;
• take a stress or sick leave;
• resign or retire early for health reasons;
• file for workers' compensation; or
• use health care benefits excessively.
28. Genetic Testing and Insurance
• Individuals are required to disclose information
necessary to assess risk, including medical and family
history;
• Insurance companies can exclude individuals with
higher risks or applicants may hide risk status;
• If insurance companies are permitted to request the
results of genetic testing, individuals may avoid
medically-indicated genetic tests out of insurability
concerns;
• Forcing individuals to undergo genetic testing, may
interfere with one’s right “not to know.”
29. Attitudes about Genetic Testing
• Half of the Canadians surveyed indicated that genetic testing raised
issues around privacy;
• Residents of Ontario, women and university-educated Canadians
were more concerned than other Canadians;
• Concerns included confidentiality and privacy of information, use of
genetic test results for unintended purposes and the potential impact
on insurance coverage;
• Over two-thirds of Canadians opposed the use of genetic testing
to determine who is insurable and at what premiums, while only
one in ten supported it;
• More than eight in ten Canadians opposed employers use of
genetic tests to make hiring and promotion decisions, while only
one in ten favoured it.
31. Does Genetic Information Require
Special Protection?
The overarching question is threefold:
• Although genetic information is currently protected under
existing privacy and human rights legislation, does this
legislation provide sufficient protection?
• If not, is additional legislation required?
• What is the best way to protect genetic information?
32. Genetic Exceptionalism
• In Article 4 of the UNESCO International Declaration on
Human Genetic Data, human genetic information is given
a special status, since;
(a) it can be predictive of genetic predispositions
concerning individuals;
(b) it has a significant impact on the family;
(c) it contains information the significance of which is
not necessarily known at the time of the sample and;
(d) it has a cultural significance for certain
persons/groups.
33. Of Volume, Depth and Speed
• Professors Lisa Austin and Trudo Lemmens argued that
there is a need for appropriate regulatory measures with
regards to genetic testing and privacy due to:
1. The volume of information that may be extracted
from one sample;
2. The speed of testing;
3. Its link with computer technology.
34. International Legislation and Conventions for
Genetic Information – Some Examples
• Helsinki Declaration: Recommendations Guiding Physicians in
Biomedical Research;
• The UNESCO International Declaration on Human Genetic Data;
• EU Data Protection Directive;
• Human Genome Organization Statement on Human Genetics
Databases;
• Bilbao Declaration;
• Council of Europe, Convention on Human Rights and Biomedicine;
• European Convention on Human Rights;
• U.S. Genetic Information Nondiscrimination Act of 2008.
35. Canadian Expert on Genomics –
Professor Bartha Knoppers
• Director of the Centre of Genomics and Policy, Faculty of
Medicine, Dept. of Human Genetics, McGill University;
• Former Chair of the International Ethics Committee of the
Human Genome Organization (HUGO);
• Member of the International Bioethics Committee of the
United Nations, Educational, Scientific and Cultural
Organization (UNESCO) which drafted the Universal
Declaration on the Human Genome and Human Rights;
• Founded the Population Project in Genomics and
CARTaGENE;
• Served on the Board of Genome Canada.
36. U.S. GINA
• The Genetic Information Nondiscrimination Act (GINA) is a
federal law in the U.S. that prohibits discrimination in health
insurance coverage and employment, based on genetic
information;
• GINA provides a baseline level of protection against genetic
discrimination; individual state laws may have additional
protections;
• GINA prohibits health insurers or health plan administrators
from requesting or requiring genetic information of an
individual or an individual’s family members, or using it for
decisions regarding coverage or pre-existing conditions,
or even asking if a genetic test has ever been conducted.
37. CalGINA
• The California Genetic Information Nondiscrimination
Act (CalGINA) came into effect on January 1, 2012;
• CalGINA amends existing anti-discrimination laws to
prohibit genetic discrimination in areas such as housing,
mortgage lending, education and public accommodations;
• CalGINA extends the protection provided by the federal
GINA to additional areas.
38. Canada – Not Much Luck:
Bills C-508 and C-445
• A private member’s bill was introduced unsuccessfully in
2010 to prohibit discriminatory practices based on
genetic characteristics;
• A similar private member’s bill was again introduced in
October, 2012 and is pending before Parliament;
• Neither bill included a definition of “genetic testing” or
“genetic characteristics;”
• Private member’s bills rarely result in legislation.
39. Canada –
Insurance and Genetic Information
• The Canadian Life and Health Insurance
Association (CLHIA) has issued a Position
Statement on the use of genetic information;
• It states that insurers will not require an applicant to
undergo genetic testing, but if testing has been
conducted and the information is available, insurers
will request access and expect to see test results;
• This is the opposite of what is permitted in the U.S.
in the context of health insurance.
40. UK –
Insurance and Genetic Information
• The Association of British Insurers and the Government
have agreed on a voluntary moratorium, recently
extended to 2017, on the use of predictive genetic test
results for life insurance policies under £500,000 or
critical illness policies under £300,000;
• Above these amounts, insurers can only use genetic test
results if the test, the disease and product have been
approved;
• Currently, insurers may only use genetic test results for
Huntington’s disease when selling life insurance.
41. Germany –
Insurance and Genetic Information
• In 2009, the German Federal Parliament passed the
Human Genetic Examination Act which prohibits
insurers from demanding genetic examinations or
analyses or demanding the results of such examinations
or analyses, except in limited circumstances;
• Insurers may only request genetic test results for life
insurance, occupational disability insurance and
pension insurance where the policy pays out more than
€300,000 or an annuity of more than €30,000 annually.
42. Council of Europe –
Insurance and Genetic Information
• The Council of Europe issued a Consultation Document
on Predictivity, Genetic Testing and Insurance in 2012;
• The goal of the consultation was to elicit comments on
a legislative framework to protect genetic information;
• The issue of whether to legislate in respect of genetic
information in the insurance context remains unresolved
in Europe.
44. Research Biobanks
• There is a trend towards setting up large scale population
biobanks and establishing collaborations among biobanks
to study the widest possible range of gene-gene, gene-
environment and gene-lifestyle interactions;
• Growing pressure to publicize research results and raw
data from medical journal editors, funding agencies, and
other regulatory bodies;
• For example, the National Institutes for Health Research
(NIHR) and the Canadian Institutes of Heath Research
(CIHR) have “public access” policies related to research
results, which must be respected.
45. Case Study: Iceland
Commercialization of Gene Pool
• In 1999, Iceland’s parliament approved the creation of a health
sector database;
• The legislation gave a single company, deCODE Genetics,
monopoly to create a comprehensive genetic database for the entire
population of 280,000 people;
• Iceland’s advantages as a site of population research include its
relatively homogeneous population, national health system with
extensive stores of health data, and detailed genealogical records;
• Individuals could opt out of having their information included –
by 2001, 7% of the population had opted out;
• The Icelandic Medical Association (IMA) launched a worldwide
campaign to protest the commodification of an individual’s DNA.
46. Iceland: Privacy and Trust
• In a report to the World Medical Association, Iceland’s
doctors cited these specific concerns:
• Invasion of privacy: The IMA describes the plan as a
“great threat to personal privacy. The data in the database
are encrypted but not anonymous; a key is available to
connect names to the coded information;”
• Breach of patient–physician trust: Iceland’s doctors
argue that the transfer of medical records to third parties
will undermine the confidence between patients and
physicians;
• Ethics: “Is it ethical to sell or give away individual
genetic data without obtaining informed consent from
patients?” … No!
47. Iceland: Supreme Court
• In 2004, Iceland’s Supreme Court ruled that that the law
creating the database did not comply with the country's
privacy protections;
• Article 71 of the Icelandic constitution: “Everyone shall
enjoy the privacy of his or her life, home and family;”
• The court also ruled that simply removing or encrypting
information such as name and address were not sufficient
to prevent the identification of individuals in the database;
• The ruling created a legal precedent for living relatives
seeking to prevent the transfer of their records into the
database.
48. Iceland: Lessons Learned
• Failure to ensure that the Data Protection Commissioner and the
Icelandic Medical Association were on board impeded construction
of the database;
• Before the end of 2003, deCODE Genetics announced that it did not
expect to ever construct or operate the health sector database
authorized by the legislation and proceeded to construct a database
based on informed consent;
• Iceland is now invoked as a bad model for handling consent and other
ethical and legal aspects of state-sponsored genomics;
• Has led to international agreement that encryption architectures
cannot replace informed consent for population genomics projects.
50. Consent Issues in the Context of
Genetic Information
• Can an individual consent to the collection, use and disclosure
of genetic information that has implications for extended family
members?
• Since genomics projects are longitudinal and open-ended and risks
cannot be identified in advance, can consent for future uses be truly
considered to be “informed?”
• Proposed alternative forms of consent include one-time, project
specific consent; presumed consent (opt-out consent); blanket or
open consent; an authorization model (e.g., through directives);
reconceptualizing research as a primary use to enable reliance on
implied consent.
51. Anonymized and Aggregate Genetic
Information
• Genetic data which has been anonymized or aggregated does not
have the potential to be identified;
• Where there is no reasonable possibility of identifying a specific
individual, either directly, indirectly, through manipulation or
linkage of information, there is no need to provide privacy
protections (Health Insurance Portability and Accountability Act);
• Under PHIPA, “identifying information” means information that
identifies an individual or for which it is reasonably foreseeable in
the circumstances that it could be utilized, either alone or with
other information, to identify an individual;
• Only identifying information is included in the definition of
personal health information in PHIPA.
52. Can Genetic Information be
De-identified?
• Some argue that genetic information can never be de-
identified, for example, even a few dozen gene markers
may provide enough data to uniquely identify an individual;
• Dr. Khaled El Emam has described methods that may be
used to ensure that the risk of re-identification is very low,
but notes that improved methods for de-identification of
genome sequences or genomic data are needed;
• Even if parts of a DNA sequence are suppressed, a skilled
geneticist can most likely reconstruct the missing
sequences.
53. Designing Genetic Information Policy
“The routine availability of identifiable genetic
information about individuals may have effects that reach
far beyond the provision of medical care. As the amount of
detailed genetic information grows, society may be
required to re-examine the basic principles of health and
life insurance, review the rules that govern employment
and hiring, reconsider the confidentiality rules that are
part of the doctor-patient relationship, and in general,
re-assess the way in which individuals are categorized and
treated in a variety of social and economic relationships.”
U.S. Congress, house of representatives,
committee on government operations,
Designing Genetic Information Policy
Washington D.C., 1992
54. Conclusions
• Genetic information raises serious privacy and human rights issues,
not only for the individual, but their families as well;
• In Canada, genetic information is currently protected by federal,
provincial and territorial privacy and human rights statutes, but not
as well as in the United States and other jurisdictions;
• The U.S., EU and U.K., have gone much further than Canada,
introducing legislation to prevent genetic information from being
used to discriminate, in employment and insurance contexts;
• This begs the question of whether genetic information requires
further protection in Canada – I believe it does;
• We must embed Privacy – by Design, into all systems involving
genetic information, and doe so now, otherwise we will be courting
Privacy – by Disaster.
55. How to Contact Us
Ann Cavoukian, Ph.D.
Information & Privacy Commissioner of Ontario
2 Bloor Street East, Suite 1400
Toronto, Ontario, Canada
M4W 1A8
Phone: (416) 326-3948 / 1-800-387-0073
Web: www.ipc.on.ca
E-mail: info@ipc.on.ca
For more information on Privacy by Design,
please visit: www.privacybydesign.ca