Wednesday, November 11, 2009

Privacy with Genomics and Personalized Medicine

Today there is a movement within the Genomic Industry, in recruiting medical facilities and individuals for contributing to the Genomic databases. Secure storage, data transfer and analysis represent major challenges that really need to be addressed. Much of the personal genomic sequences today are being published on the web, some publicly available, which poses some serious privacy concerns.

There is a push for soliciting more people to volunteer in the name of medicine R&D towards enabling more personalized medicine in the future. The key is to use DNA information to prevent and treat disease. There are good reasons for using DNA sequences in medicine, but making it available on the internet will also pose major vulnerabilities in your privacy, it opens up a Pandora's box of prejudices and biases for insurance coverage, employment, and more. It also gives social engineers data to feed for profit on you. So, it's important to stop and think about handling this major 'identifier' of yourself to the World Wide Web.

Should you decide to get a DNA sequence for personalized medicine, the best approach is to request from the research or medical facility the certification and accreditation on their security controls in place for managing this type of data. Ask them if they certified HIPAA & FISMA accredited.

More about:
HIPAA - http://www.hhs.gov/ocr/privacy/
FISMA - http://csrc.nist.gov/groups/SMA/fisma/index.html

Stop, Think Prior to Posting Personal Identifiers on the Web

Today there is significant peer pressure within this global generation of many social individuals using the internet and web based media tools. Unfortunately many of you internet users have not considered the importance of protecting your personal identifiers (personal traits, habits, and information) and have made yourselves very open (vulnerable) to the international front in using the many creative tools, i.e., blog spots, MySpace, Facebook, Twitter, and other media tools. Readers be aware, the more you communicate about yourself, the more information your future employers can find out, your insurance companies can mine on you, and especially
malicious social engineers can collect on how to appeal to you, capture your attention to them, etc. Today there are many internet lurkers with an agenda to take advantage of your 'trust' (using what ever information they can gather to appeal to your trust). Also other's make money off of collecting information on you for providers, such as investigations services for insurance companies, corporate human resources, and more.

Also see http://socialengineeringdefense.blogspot.com/ to learn about defense from advanced social engineering.

Advice today: always be alert to how much information you are giving out on your personal identifiers (driver license numbers, social security numbers, passwords, address, phone numbers, banks information, credit reports, and especially genome sequences).
Social engineers look for more identifiers such as live style habits, your personal desires, your reactions to things, etc. on these open public channels. You may want to review what information you have already given out, to know what some have collected on you already and can be using. Think before you post. There are thousands of social engineers out there gathering the data and profiling (especially if you work in any area that they may profit from).