IBM recently announced that it will not use genetic information on its 300,000 worldwide employees and job applicants when making hiring and benefits decisions.
The decision was widely praised as an astute extension of the company's anti-discrimination policies. Advocacy groups such as the The Genetic Alliance supported it. A raft of other companies are now thinking about the pros and cons of peeking at the genetic profiles of their employees and even their customers.
Many experts fear that the use of genetic information may create a new underclass of unemployable, uninsurable citizens who simply lost the genetic lottery. (And some wags have suggested they may wind up working at IBM if other companies don't match its policy.)
There's also the danger that DNA may become the ultimate biometric identifier, serving as a superpassword for everything from computers to health services - with huge risks if it's compromised.
"IBM recognized that this type of information may be a time bomb," says Michael Power, an Ottawa-based partner in the law firm Gowling Lafleur Henderson LLP. "They've recognized that collecting this information might be like opening a Pandora's Box and they've made an ethical decision which we should be applauding."
It's worth noting that the U.S. Congress is currently considering the Genetic Information Nondiscrimination Act and about 40 U.S. states already have laws regulating the use of genome data. IBM may just be at the head of a very large pack.
Power says that there are major gaps in Canadian legislation regarding the collection and use of genetic information, starting with the fact that some of the relevant laws vary from province to province.
So, he says, "you have genetic privacy in the employer-employee context in B.C., Alberta and Quebec now, but not in the other provinces that have not enacted similar legislation."
What about the much-ballyhooed federal Personal Information Protection and Electronic Document Act (PIPEDA), which came fully into force in 2004?
"PIPEDA is really an e-commerce law and it needs to be revisited," Power says. "For example, it doesn't cover personal and journalistic use of information. When the paparazzi were trying to get a sample of Prince Harry's DNA to see if Prince Charles was really his father, that would be fair game under PIPEDA."
The biggest loophole, says Power, is that we have a consent-driven regime in Canada. "As long as somebody gives you consent to look at their genetic information, you're off to the races."
He sees some serious problems in giving out your DNA data. For example, you might release genetic information for one purpose, say, to help save somebody's life, and then find it used for other things, such as lawsuits.
Giving out your genetic information, even to legitimate businesses, may also have consequences for others.
"If I was the only living member of my family and you got my DNA," says Power, "you'd just know stuff about me. But in fact you can also make inferences about my relatives as well."
This might result in, say, a brother being turned down for life insurance. Of course the company would not have obtained the brother's consent to use the genetic information, but, as Power points out, "they could probably find another reason to say no."
Canadians do seem ready to give up highly personal information in return for something they really want, according to Joe Pendleton, a former Edmonton police officer who is now manager of the special investigations unit of Alberta Government Services.
He told a packed audience at the recent Information Management at the Crossroads conference that a Vancouver-based individual advertised well-paying high technology-sector jobs.
All applicants received a notice that they were shortlisted, but "because of our company's high security standards, we require further information including your date of birth, social insurance number and banking details.”
It was, of course, a sophisticated attempt at identity theft.
"Every time we think we've seen everything," Pendleton laments, "they come up with something else."
Misappropriation of your genetic information may be that Next Big Thing. Using your DNA info, a fraudster might have no trouble "proving" that he was you, and accessing your credit, services and your good name.
"Many identity-theft victims are emotionally shattered by the damage to their reputations and go so far as to change their names, even though it means giving up their heritage," says Pendleton.
While you can modify your name, and even your credit card and bank account numbers, your DNA stays with you for life. Once somebody has it, there's no getting it back.
While genetic information is considered reliable for identification and even forensic purposes, there are huge problems in using it to predict your future health status. Many diseases involve multiple genes, and factors in the environment and lifestyle that interact in complex ways we don't fully understand.
The high-profile 2004 announcement of an "alcoholism gene" is a good example. The actual research concerned mice, not humans, and the scientists simply found an association between having the so-called CREB gene (which produces cyclic AMP response-binding protein) and voluntarily drinking alcohol. In real life, you might be a Buddhist monk who never touches a drop, yet you'd still have the alky gene and potentially be denied insurance.
International security expert and author Bruce Schneier believes the U.S. is working on a massive government DNA database. He cites a bill in the U.S. Senate that would require DNA samples from people who are arrested or detained, even if they're not convicted.
Even an accused Calgary rapist, Wafid Delaa, is getting into the fray, claiming that his Charter rights were violated when a phony chewing gum taste test was used to get his genetic material.
Michael Power notes that our privacy laws are not static and suggests that a number of Canadian laws be reviewed in the light of what he calls “the next generation issue of genetic privacy.”
In a recent Ottawa presentation he raised thought-provoking questions around the regulation of genetic information depositories, and whether the unauthorized collection of DNA information should be made a crime. He also mused that perhaps your genetic information should be defined as your private property.
Best advice for individuals now is to keep your DNA close to home. For businesses, keep an eye on what the IBMs of the world are doing. Be thoughtful, but try not to be at the head of any DNA data parades.
(Tom Keenan is a professor at the University of Calgary and an expert on technology and its social implications. He can be reached at keenan@businessedge.ca)
