Have you ever thought about what happens to your genomic data when you submit your DNA to 23andMe? How closely do you read the consent form? And what about when you submit to genomic information for scientific research? Do you know what happens to it after the initial testing?

These are all questions an interdisciplinary team of researchers from the University of Illinois are tackling in a new research theme at the Carl R. Woese Institute for Genomic Biology called “Genomic Security and Privacy (GSP).” The group, which includes Gies College of Business professor Michael Shaw, will seek to understand the best ways to manage consumer genetic information in an era of rapidly improving technology.

“We are seeing new applications for genomics pop up all the time, and they could have a major impact on individuals’ privacy and on society if we don’t fully understand the ramifications,” said Shaw, the Leonard C. and Mary Lou Hoeft Chair of Information Systems at Gies College of Business. “There are new privacy-enhancing computer technologies for genomic data, forensic use by law enforcement, and even gene sequencing the DNA of skeletons. We need to be able to maximize the incredible benefits of this technology, while also mitigating as much risk as possible. It’s a delicate balance.”

One of the more common applications of genomic data is in the direct-to-consumer (DTC) industry like 23andMe. What may seem like either harmless entertainment or an inexpensive way to discover predispositions to medical conditions could turn more sinister if not properly understood. As a business expert, Shaw is especially interested in the economics and commercialism of these DTC applications, as well as the privacy concerns it raises.

“How closely do people read the consent form for these direct-to-consumer services?” Shaw asked. “23andMe can sell your genomic data to drug companies. They may use it to develop medication targeted toward specific medical conditions, which seems like a great idea. But what else can the drug companies do with your personal genomic data that you didn’t consent to?”

The concern with genomic privacy also extends to the medical and research fields. Experts in ethics wrestle with the issue of requiring future consent when new technologies are developed that can glean additional insights from existing genomic data. The proliferation of Electronic Health Records also raises the concern about how genomic data should be stored.

Additionally, sequencing technologies are becoming more accessible and portable. Law enforcement are beginning to use public online genomic databases. This was evidenced in the Golden State Killer case, where the suspect was identified in part through a genetic match to a distant relation in the database.

“The Golden State Killer case and others like it raise serious questions about due process and individual privacy rights,” said Shaw. “It may seem relatively benign now, but we must begin to lay the groundwork for regulation. Should genomic security standards be handled through grassroots efforts, or should they come from the top down via government regulation? These are all ideas we’re excited to explore.”