What is Your DNA Worth?

Imagine that on a day just like any other, you grab your mail and start thumbing through the ads and solicitations per usual, and you come across a “pre-approval” letter from a bank offering you a credit card.  You open it expecting to see the typical application and prepaid envelope—but this time you find something else as well.

You pull out the unexpected object, which turns out to be a long cheek swab sealed in plastic, the sort used in forensics labs for DNA sampling.  Reading the application, you find that this is no typical credit offer. The bank has sent you an offer of trade: a sample of your DNA for a beefy credit limit at low interest.

While I don’t expect to receive an offer like this anytime in the immediate future, all signs point to it coming eventually. So the question is: what’s your DNA worth?  Will you accept more credit, or perhaps additional come-ons like reward points toward that vacation you’ve been wanting, for a quick swab along the inside of your cheek?

The news (originally broken by The Wall Street Journal) that VISA submitted a patent application mentioning gathering of DNA data for marketing purposes has many concerned, and legitimately so. It was one thing when your subscription to Men’s Health was cross referenced in a marketing database with your preference for Hollister t-shirts, but delving into DNA is entirely another.

To make sense of what VISA’s plan is all about, and where this may be going, I spoke to Seth Redmore, VP of Product Development at Lexalytics, Inc, a firm that analyzes oceans of collected data from multiple sources for major companies around the globe.

David: Should we be concerned about VISA, or any other banks or corporations, wanting to access our DNA for marketing purposes?

Seth: Before considering the legal/ethical side of this, let's consider whether DNA information could be useful for ad targeting. Taking an obvious example, we're seeing a lot of pharmaceutical advertising on television. Seems like knowing someone's disease proclivities could be useful for targeting pharmaceutical ads.  Perhaps you're genetically prone to gaining weight, or the DNA tells you more about ethnic background (which could play a role in which medications are beneficial or harmful). So, yes, it's probably useful for ad targeting.

Next, we have to ask what exactly is a "DNA database" (the term used in the VISA patent application)?   I would take that to mean a fully sequenced set of DNA records that is tied to individuals. Current DNA "databases" are not fully sequenced, but that will change as cost for sequencing drops.   As the two primary uses of DNA right now are research and law enforcement, those DNA sets are handled differently.  Researchers will sequence the areas that they are interested in, looking for patterns or anomalies.  Law enforcement has a different approach, where they store a certain set of "profiles" that they can use to match to individuals, but this information is useless in indicating anything other than a match to a particular person's DNA.

So, for a "DNA database" to be useful for ad targeting, you need substantially different databases than what's available today (setting aside the fact that we don't even really know what most of our DNA does -- but we'll figure that out eventually).

But merely seeking to access DNA, even if the right databases haven’t been developed yet, is unnerving, no? What about HIPAA (Health Insurance Portability and Accountability Act) protection?

This is where the discussion gets more interesting.  HIPAA regulates "protected health information" in the US.  It turns out that DNA is not specifically mentioned in HIPAA except for a specific section around law enforcement.   (Note that medical providers are explicitly disallowed from sharing DNA information with law enforcement.)   However, since for DNA to be useful for ad targeting it has to be connected to an identity -- that certainly comes under the heading of "protected health information.”

Insurance companies are not allowed to refuse group coverage to an individual with genetic proclivities to a specific disease, but they are allowed to collect samples and charge more for insurance if they so desire.  They are also covered under HIPAA regulations, so they can't share medical information with companies like VISA for use in ad targeting or credit checking, or any other use.

Thus, in order for DNA information to be useful for marketing purposes, the marketing company has to collect it themselves (which gets us back to the example of receiving a better credit card offer if you send back a cheek swab).

While I'm a huge believer in individual freedom and responsibility, I think that taking advantage of people's ignorance in order to get them to give up such a personal piece of information would be wrong, and this issue needs to really be discussed at a regulatory level.   Should companies be allowed to collect DNA for their own, non-medical purposes?  I think that's a very, very important question.

Plus, if VISA or other companies were to start collecting DNA, they then are responsible for managing protected medical information, correct?

Right, and I have to believe that this would be administratively problematic for them.

But, there is already a company where you can do a cheek swab and get a very nice print of basically an electrophoresis of your DNA.   It's art.  That's not really a medical purpose, but you are sending your DNA to them.  Should that be allowed?

My opinion is that, first and foremost, no organization outside of healthcare or law enforcement should be allowed access to DNA information without the originator explicitly and with "informed consent” providing the DNA to that organization.   (Note I didn't use the word "owner" -- there's been some cases where researchers have taken and patented DNA snips out of people, and the case law seems to support those patents, shutting out the individual from which that DNA came).

So draw a bead on exactly why DNA data collection is different than any other personal data collection. People say an awful lot on Facebook and Twitter that is scooped up by data gatherers.

To bring it back to my world of text analytics, there would be a very, very large difference between watching what someone says on twitter and pulling DNA off of the coffee cup they just threw in the trash.   In one case, you are talking in public, in a public forum with no reasonable expectation of privacy.  In the other, we do not expect our innermost medical secrets to be made freely available to anyone who looks for a stray hair in our trash; and we certainly don't expect them to be used to advertise to us.

But, just like people sign up for Facebook applications in order to entertain themselves-- trading all of their contacts and history in order to be entertained--I don't know if you could really prevent people from trading their DNA information for a lower interest rate.   Unless, that is, it was made explicitly illegal to do so. And once it's made illegal, doesn't that become a first amendment issue?

I believe that there is a difference between listening to what someone says and having access to DNA information.   People can change their mind, say different things.  I do so many times a day.   But there is something ultimately fundamental about DNA deserving special protections.

Looking forward, what do you think VISA has in mind for this patent?

My suspicion is that the DNA language was added to the patent not because someone has explicit plans to actually do it, but because they wanted to give examples of possibilities -- making the patent as broad as possible to make it more defensible.  And I think that they didn't really work through the PR repercussions of doing so.

blog advertising is good for you
Posted on August 23, 2012 .