Skip to main content Accessibility help
Hostname: page-component-5959bf8d4d-9mpts Total loading time: 0.268 Render date: 2022-12-07T18:07:05.767Z Has data issue: true Feature Flags: { "useRatesEcommerce": false } hasContentIssue true

Communicating Identifiability Risks to Biobank Donors

Published online by Cambridge University Press:  07 December 2017


Recent highly publicized privacy breaches in healthcare and genomics research have led many to question whether current standards of data protection are adequate. Improvements in de-identification techniques, combined with pervasive data sharing, have increased the likelihood that external parties can track individuals across multiple databases. This article focuses on the communication of identifiability risks in the process of obtaining consent for donation and research. Most ethical discussions of identifiability risks have focused on the severity of the risk and how it might be mitigated, and what precisely is at stake in pervasive data sharing. However, there has been little discussion of whether and how to communicate the risk to potential donors. We review the ethical arguments behind favoring different types of risk communication in the consent process, and outline how identifiability concerns can be incorporated into either a detailed or a simplified method of communicating risks during the consent process.

Special Section: Open Forum
Copyright © Cambridge University Press 2017 

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)



1. Barbaro M, Zeller T, Jr. A face is exposed for AOL searcher no. 4417749. New York Times, August 9, 2006, at A1; Sweeney L. Uniqueness of simple demographics in the U.S. population. Laboratory for International Data Privacy Working Paper, 2000; Narayanan A, Shmatikov V. Robust de-anonymization of large sparse datasets. IEEE Symposium on Security and Privacy 2008;8:111–25.

2. Lowrance, WW, Collins, FS. Identifiability in genomic research. Science 2007;317:600602;CrossRefGoogle ScholarPubMed Wjst, M. Caught you: Threats to confidentiality due to the public release of large-scale genetic data sets. BMC Medical Ethics 2010;11:21–4;CrossRefGoogle ScholarPubMed Erlich, Y, Narayanan, A. Routes for breaching and protecting genetic privacy. Nature Reviews Genetics 2014;15:409–21;CrossRefGoogle ScholarPubMed Shringapure, SS, Bustamente, CD. Privacy risks from genomic data-sharing beacons. American Journal of Human Genetics 2015;97:631–46.CrossRefGoogle Scholar

3. Dove, ES. Biobanks, data sharing, and the drive for a global privacy governance framework. Journal of Law, Medicine, & Ethics 2015;43:675–89.Google ScholarPubMed

4. Solomon Cargill, S. Biobanking and the abandonment of informed consent: An ethical imperative. Public Health Ethics 2016;9:255–63.CrossRefGoogle Scholar

5. Ogbogu, U, Burninham, S, Ollenberger, A, Calder, K, Du, L, El Emam, K, et al. Policy recommendations for addressing privacy challenges associated with cell-based research and interventions. BMC Medical Ethics 2014;15:17.CrossRefGoogle ScholarPubMed

6. Jacobs, KB, Yeager, M, Wacholder, S, Craig, D, Kraft, P, Hunter, DJ, et al. A new statistic and its power to infer membership in a genome-wide association study using genotype frequencies. Nature Genetics 2009;42:1253–7.CrossRefGoogle Scholar

7. Mascalzoni, D, Hicks, A, Pramstaller, P, Wjst, M. Informed consent in the genomics era. PLoS Medicine 2008;5:1302–5.CrossRefGoogle ScholarPubMed

8. Ohm P. Changing the rules: General principles for data use and analysis. In Lane J, Stodden V, Bender S, Nissenbaum H, eds. Privacy, Big Data, and the Public Good Frameworks for Engagement. Cambridge: Cambridge University Press; 2014:96–111.

9. Parker, L. Using human tissue: When do we need consent? Journal of Medical Ethics 2011;37:759–61.CrossRefGoogle ScholarPubMed

10. Marko–Varga, G, Baker, MS, Boja, ES, Rodriguez, H, Fehniger, TE. Biorepository regulatory frameworks: Building parallel resources that both promote scientific investigation and protect human subjects, Journal of Proteome Research 2014;13:5319–24;CrossRefGoogle ScholarPubMed Hewitt, RE. Biobanking: The foundation of personalized medicine. Current Opinion in Oncology 2011;23:112–9.CrossRefGoogle ScholarPubMed

11. Mora, M, Angelici, C, Bignami, F, Bodin, A-M, Crimi, M, Di Donato, J-H, et al. The EuroBioBank Network: Ten years of hands-on experience of collaborative, translational biobanking for rare diseases. European Journal of Human Genetics. 2015;23:1116–23.CrossRefGoogle Scholar

12. Scott, CT, Caulfield, T, Borgelt, E, Illes, J. Personal medicine—The new banking crisis. Nature Biotechnology 2012;30:141–7.CrossRefGoogle ScholarPubMed

13. Skopek, JM. Reasonable expectations of anonymity. Virginia Law Review 2015;101:694.Google Scholar

14. Also see Skopek JM. Anonymity, the production of goods, and institutional design. Fordham Law Review 2014;82:1751–1809.

15. For a discussion of different interpretations of anonymization, see Schmidt H, Callier S. How anonymous is ‘anonymous’? Some suggestions towards a coherent universal coding system for genetic samples. Journal of Medical Ethics 2012;38:304–9.

16. If a third party holds the key-code connecting an identifying number to the patient, the patient’s information is considered pseudonymized. If no key-code exists, the information is considered completely anonymized. We group pseudonymization and anonymization together here because identifiability issues apply equally to both.

17. OECD. Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, 2013; available at (last accessed 25 Aug 2017).

18. Similarly, the European Union General Data Protection Regulation, which will go into effect May 25, 2018, requires explicit consent whenever personal data is collected, including notification of the purposes for which the information will be used, but does not specify the communication of identifiability risks. Available at (last accessed 25 Aug 2017).

19. OECD. Guidelines on Human Biobanks and Genetic Research Databases, 2009; available at Accessed 08/25/2017.

20. Council for International Organizations of Medical Sciences (CIOMS) and the World Health Organization (WHO). International Ethical Guidelines for Health-Related Research Involving Human Subjects, 2016, at 44; available at (last accessed 25 Aug 2017).

21. WMA. Declaration of Taipei on Ethical Considerations Regarding Health Databases and Biobanks, 2016; available at (last accessed 25 Aug 2017).

22. Directive 95/46/EC of the European Parliament and of the Council of October 24, 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Available at (last accessed 25 Aug 2017).

23. For an attempt to model identifiability risks, see Malin B, Loukides G, Benitez K, Clayton EW. Identifiability in biobanks: Models, measures, and mitigation strategies. Human Genetics 2011;130:383–92.

24. Ohm, P. Broken promises of privacy: Responding to the surprising failure of anonymization. UCLA Law Review 2010;57:1701–77.Google Scholar

25. Article 29 Data Protection Working Party. Opinion 05/2014 on anonymisation techniques, April 10, 2014; available at (last accessed 25 Aug 2017).

26. See note 24, Ohm 2010, at 1705.

27. See note 1, Barbaro, Zeller 2006, at A1; Sweeney 2000; Narayanan, Shmatikov 2008.

28. Yakowitz J. Tragedy of the data commons. Harvard Journal of Law & Technology 2011;25, at 37.

29. See note 28, Yakowitz 2011, at 40.

30. There are a number of strategies that data controllers employ to protect against such attacks. For a review, see El Amam K. Guide to the De-Identification of Personal Health Information. Boca Raton, FL: CRC Press; 2013.

31. van Leeuwen CJ, Vermeire TG. Risk Assessment of Chemicals. An Introduction. Dordrecht: Springer; 2007.

32. See, for example, the debate initiated in Cavoukian A, Castro D. Big data and innovation, setting the record straight: De- identification does work, 2014; available at (last accessed 25 Aug 2017); Narayanan A, Felten EW. No silver bullet: De-identification still doesn’t work, 2014; available at (last accessed 25 Aug 2017); El Emam K, Arbuckle L. De-identification: A critical debate, 2014; available at (last accessed 25 Aug 2017).

33. Laurie G, Jones KH, Stevens L, Dobbs C. A review of evidence relating to harm resulting from uses of health and biomedical data. Nuffield Council on Bioethics Working Party on Biological and Health Data 2014; available at (last accessed 25 Aug 2017).

34. Office for Civil Rights. Annual Report to Congress on Breaches of Unsecured Protected Health Information for Calendar Years 2013 and 2014. Washington, DC: United States Department of Health and Human Services; 2015.

35. El Emam, K., Jonker, F, Arbuckle, L, Malin, B. A systematic review of re-identification attacks on health data. PLoS One, 2011;6:e28071.CrossRefGoogle ScholarPubMed

36. See note 2, Erlich, Narayanan 2014.

37. See note 2, Shringapure, Bustamente 2015.

38. Taylor M. Genetic Data and the Law: A Critical Perspective on Privacy Protection. Cambridge: Cambridge University Press; 2012.

39. See note 2, Wjst 2010.

40. See note 3, Dove 2015.

41. See note 15, Schmidt H, Callier 2012.

42. Beauchamp T. Autonomy and consent. In Miller F, Wertheimer A, eds. The Ethics of Consent: Theory and Practice. Oxford: Oxford University Press; 2009:55–74.

43. Faden R, Beauchamp T. A History and Theory of Informed Consent. Oxford: Oxford University Press; 1986, at 278.

44. See note 5, Ogbogu et al. 2014.

45. See note 17, OECD 2013.

46. See note 9, Parker 2011.

47. Barocas S, Nissenbaum H. Big data’s end run around anonymity and consent. In: Lane J, Stodden V, Bender S, Nissenbaum H, eds. Privacy, Big Data, and the Public Good: Frameworks for Engagement. Cambridge: Cambridge University Press; 2014:44–75.

48. See note 47, Barocas, Nissenbaum 2014, at 58.

49. McGuire AL, Besko LM. Informed consent in genomics and genetic research. Annual Review of Genomics & Human Genetics 2010;11:361–81.

50. See note 8, Ohm 2014.

Cited by

Save article to Kindle

To save this article to your Kindle, first ensure is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.

Note you can select to save to either the or variations. ‘’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

Find out more about the Kindle Personal Document Service.

Communicating Identifiability Risks to Biobank Donors
Available formats

Save article to Dropbox

To save this article to your Dropbox account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you used this feature, you will be asked to authorise Cambridge Core to connect with your Dropbox account. Find out more about saving content to Dropbox.

Communicating Identifiability Risks to Biobank Donors
Available formats

Save article to Google Drive

To save this article to your Google Drive account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you used this feature, you will be asked to authorise Cambridge Core to connect with your Google Drive account. Find out more about saving content to Google Drive.

Communicating Identifiability Risks to Biobank Donors
Available formats

Reply to: Submit a response

Please enter your response.

Your details

Please enter a valid email address.

Conflicting interests

Do you have any conflicting interests? *