
DNA Testing Firm Goes Bankrupt; Who Gets the Data? - phsr
http://www.wired.com/threatlevel/2009/11/dna/
======
leelin

      Academic researchers have shown that anonymized data can
      be correlated with other data to identify people.
    

Very true. Just in the last year or so, the credit reporting agencies figured
out how to match anonymized subprime mortgage borrower information with their
own database of individual credit scores.

[http://www.equifax.com/cs7/Satellite?c=EFX_News_C&childp...](http://www.equifax.com/cs7/Satellite?c=EFX_News_C&childpagename=US/EFX_News_C/PressReleasePage&cid=1187889849347&p=1182374863790&packedargs=locale%3Den_us&pagename=EFX/Wrapper)

Then they sell the joined database to hedge funds and banks (still
anonymized). They that before a borrower defaults on his mortgage, he'll first
max out all his credit cards. Also, late credit card payments appear within 30
days. Late mortgage payments tend to take 60 days of delinquency before
blipping on any radars.

Fortunately it's hard to argue today that this practice is hurting anyone. In
fact, some day this could help good borrowers stand out better and receive a
lower interest rate.

------
mstahl
The Wired article references the below quote from timesonline.co.uk:

"Industry experts said that Saga would want to maximise returns on its
investment, and could still make wider use of data that some subscribers may
find uncomfortable. Pooled and anonymised information, for example, could be
sold to academic researchers or pharmaceutical companies."

Personally, I find the concern to be a little premature based on the terms of
deCODE's privacy policy.

"deCODE will under no circumstances provide any 3’rd party, including
insurance companies, health management organizations, hospitals, and
government agencies, access to any of your personal data or data derived from
your samples"

Pooled and/or anonymised information would fall under "data derived from your
samples" and therefore would be a breach of the policy.

~~~
sokoloff
Yes, but if someone (say a health insurance co) were to buy deCODE, that
purchasing entity would no longer be a 3rd party.

------
jacquesm
Another candidate for an 'up-front' end of life policy or a we we-destroy-
your-data guarantee.

Imagine this companies assets get bought up by a health insurance company.

What is the status of a privacy policy anyway if companies as a whole can be
bought and sold.

~~~
dschobel
A privacy policy probably doesn't have much standing but if the privacy
clauses were terms of the contract which both parties agreed to then any
purchasing company would still have to abide by them.

~~~
jacquesm
Sure, but the privacy policy is already broken at that point. The data is
already in the hands of a third party, the one that bought the assets.

Bankruptcy is weird that way, stuff that normally would not be transferable
can suddenly end up in the weirdest places.

Foreign companies could buy up the assets, and not be bound.

