I’d like to draw your attention to an interesting report commissioned by the Wellcome Trust that investigates public attitudes towards collection and use of personal data. As with any research, it is possible to understand the data in many ways, but I would like to offer an interpretation that I believe explains many of the attitudes expressed by participants in the study.
The graph above (from page five of the report) lays out privacy concerns on two axes: the degree to which data collection is compulsory and the degree of potential concern about privacy issues. Participants were asked to place different data types on the graph according to their own perceptions of risk. Putting aside the question as to whether these axes are the appropriate way to frame the question, some general clusters emerge in the graph. First, the collection of financial information is in the upper-right quadrant; it is both compulsory and a grave cause for concern. The lower-left quadrant is generally populated by the types of information you might reveal in subscribing to an online video service, buying a travel ticket, etc.
Based on this background, the report highlights specific types of health data. I was initially surprised by how some of these data types were placed. For example, participants predictably ranked their NHS health records as highly compulsory, but also of middling concern regarding privacy. I would have expected slightly more discomfort given high-profile data breaches within the NHS. Genetic data — labeled as “genetic data with no identifying information” — was also in a relatively non-intuitive location: neither compulsory nor optional, but of no particular concern privacy-wise. Ancestry information was clustered with supermarket loyalty cards.
In a superficial reading of these data, privacy of healthcare data does not appear to be something that people in the UK worry much about. But this explanation is a bit facile; there are findings described in the report that contradict this interpretation. For example:
…there was also a strong feeling that personal health data are confidential, private and sensitive, and should not be shared outside secure, authorised bodies such as the NHS, and especially not with private companies such as employers, insurance providers and drug manufacturers.
Population health data were regarded as anonymous, of benefit to all, and reassuring to be collected for the common good, especially in the long term. However, the possibility of individual identification was a cause for concern…
And from the research conclusions:
People acknowledge that their personal data are often held by others such as public officials and customer service personnel, and while it is recognised that this might be inevitable, it still leaves people with a sense of powerlessness that they do not control their own data.
Indeed, the notion of control over private data surfaces in many parts of the report, which ultimately concludes that “anonymity/consent issues are paramount.”
What, then, to make of the way participants placed health care data on the graph from shown above? My conclusion is that the public are simply not aware of potential privacy concerns with healthcare data, especially genetic data. There is a tendency to think that genomic data can be effectively anonymized. Work such as this (from Yaniv Erlich’s lab at MIT), have not yet entered the popular imagination. This is especially clear when you consider the low importance the participants place on ancestry data — precisely the kind of information that is so helpful in reidentification attacks.
The Wellcome study participants, like most well-meaning citizens, embrace uses of their private data in the public interest. The fundamental question — the one we are addressing with Genecloud — is how to balance the public good with individual privacy. We do not believe that these goals are mutually exclusive; an informed public will demand that we address both of these problems. In this post-Snowden era, I am confident that it will not take very many catastrophic privacy failures before the public takes notice.