JMIR Publications

ABSTRACT

Background:

Genetic data is widely considered inherently identifiable. However, genetic datasets come in many shapes and sizes and the feasibility of privacy attacks depends on their specific content. Assessing the re-identification risk of genetic data is complex, yet there is a lack of guidelines or recommendations that support data processors in performing such an evaluation.

Objective:

We aimed to get a comprehensive understanding of privacy vulnerabilities of genetic data and create a summary that can guide data processors in assessing the privacy risk of genetic datasets.

Methods:

We conducted a two step search, in which we first identified 21 reviews published 2017-2023 on the topic of genomic privacy, and then evaluated all references cited in the reviews (N=1645) to identify N=42 unique original research studies that demonstrate a privacy attack on genetic data. We then evaluated the type and components of genetic data exploited for these attacks, as well as the effort and resources needed for their implementation and their probability of success.

Results:

From our literature review, we derived nine (non mutually exclusive) features of genetic datasets that are both inherent to any genetic data and informative about privacy risk: Single nucleotide polymorphism (SNP) content, short tandem repeat (STR) content, biological modality/type of data, analysis method, data format/level of processing, germline vs. somatic variation content, structural variation content, single nucleotide variant (SNV) content and aggregated sample measure content.

Conclusions:

Based on our literature review, the evaluation of these nine features covers the great majority of privacy critical aspects of genetic data and thus provides a foundation and guidance for assessing genetic data risk.