By Jeff Rice

For the consumer, it couldn’t have been easier — send in a saliva sample and receive a treasure trove of information about family history, risk for certain diseases, and more. Over the last decade or so, the rise of companies like 23andMe and Ancestry.com, coupled with the rapidly expanding technology platforms that drove and supported them and housed and analyzed mounds of data, has put people around the world in touch with their past and their future.

“There were all these exciting breakthroughs happening constantly and revelations of what can be done with the data,” says Forrest Briscoe, professor of management and organization and Frank & Mary Jean Smeal Research Fellow in the Penn State Smeal College of Business.

And yet the ease with which those genetic data can be collected, and shared, also raises several compelling questions: Who owns the data? Who can share them? How should they be used? And, perhaps most importantly, who decides?

For the past few years, Briscoe and others at Penn State have explored these questions, talking to experts in bioscience and business leaders and gauging public opinions. They’ve discovered the answers are not easily found, though the rapid pace at which databases are expanding and the numerous ways the data are being used suggest decisions will need to be made soon.

Forrest Briscoe
Stephen Moyer

Briscoe, who came to Penn State in 2003, focuses much of his research on the ways businesses and other organizations adapt to societal issues, especially ethical concerns. In March 2017, he co-authored a white paper with professor emeritus of organizational behavior Barbara Gray and doctoral student Celeste Diaz Ferraro titled “Innovations in Medical Genomics: What are the Privacy and Security Risks?

That paper was based on interviews with two dozen leaders in the genomic field and outlined the advances in genome sequence technology and the risks of disclosing genetic data. It concluded with an urging of a public exploration of those issues so that stakeholders have options for guarding the safety and privacy of their DNA data.

“What we’ve seen since then is that the people in organizations who are invested in the growth of the field have looked at the ethics of the data a lot — but usually through the lens of people who are heavily invested and realize the potential,” Briscoe says. “Everyday citizens are not as engaged in discussions about the governance of these data and how much control they should have over their own data.”

The Voice of the Ethicist

Part of what has made collaborative and ethical weighing of these issues a challenge, the researchers found, is both the interdisciplinary nature of the field and the variety of organizations — hospitals, consumer genetics companies, biotech companies, and research institutions — that possess genomics databases. How the data are used and managed requires a deep knowledge of the data themselves, which involves biology, medicine, and statistics, but also a knowledge of data science, cloud computing and how to store data on a large scale. Where an ethicist or another who could pose ethical questions might fit in is tricky.

As part of a separate project, Briscoe and Jennifer McCormick, associate professor in the Department of Humanities in the Penn State Clinical and Translational Science Institute, studied hospital tumor boards, which are composed of various types of medical experts who come together to develop treatment plans for cancer patients.

“We have gathered data on these tumor boards to see how the ethicists assigned to them interact with the rest of the team, and it’s really challenging,” Briscoe said. “It’s super-technical. The ethicist needs to have a good enough understanding to dive in but not lose sight of overarching ethical frameworks that should influence decision-making independently of all the technical details.”

Briscoe and his colleagues found that the ethics training and cultures in the organizations that obtain genomic data vary widely. For positions in data science and computing, ethics training often mirrors that found in the corporate world. And it remains unclear how to integrate ethics into the structures and processes of how genetics organizations function and how people in those organizations work together.

“The more forward-thinking organizations are starting to figure out how to incorporate critical thinking into their job training and their academic training,” Diaz Ferraro says, “but that’s a huge hole right now for pretty much all of data science.”

Gauging Public Opinion

Last spring, Briscoe; McCormick; Ifeoma Ajunwa, then a professor of labor relations, law, and history at Cornell University who is now at the University of North Carolina at Chapel Hill; and Allison Gaddis, a since-graduated Penn State Smeal student, reported the results of a national survey of public attitudes regarding genomic governance. In the survey, researchers asked participants if they would provide their DNA data and if they would do so altruistically (under 12 percent said they would) or only if they were compensated (roughly 51 percent said they would, with the remaining 38 percent unwilling to provide the data).

“One thing that we thought we were going to find but didn’t was more sensitivity to the type of organization asking for the data,” Briscoe says.

Public views of these issues were not largely influenced by political affiliation, their analysis showed, nor was the respondents’ willingness to provide their DNA data influenced by their views on privacy in other domains, such as finance. For future research, Briscoe said, he might include the question of what respondents would do with their genetic information.

“For most people, the relevance of your genomic data is going to be these probabilistic risk scores that tell you you’ve got, for example, an 18 percent increased risk relative to baseline of some disease developing over the next 10 years,” Briscoe says. “Do you want to know that information?”

Regardless, those data are relevant to other parties because current technologies allow them to conceivably use genomic data to obtain the identities of those who provide them. If some characteristics are known about an individual, that individual — and his or her specific genetic markers — could be re-identified in a DNA database. Genetic information can even be ascertained if an individual’s data for a certain gene are not in that database, but the data of their relatives are.

“There’s a fundamental challenge here: as humans, our brains aren’t really wired for a data-centric world,” Briscoe said. “People invent new ways to reuse old data all the time. So how can we make plans for our genomic data, while anticipating the future uses that are yet to be discovered?

“A decade ago, when 23andMe got going, few customers imagined the data being generated could lead to a new tool for DNA dragnets. But that’s what happened — and predictably, it caused some to become more enthusiastic and others to get more cautious. What use will be discovered next, and how will that change people’s preferences?”

How Much Should Employers Know?

Genomic data have also entered the workplace, with some organizations offering employer-sponsored genetic wellness programs.

As part of a research initiative with the Rock Ethics Institute at Penn State, Briscoe worked with psychology student and Schreyer Honors Scholar Nick Banerjee to survey a group of students about their attitudes toward these types of programs, creating a mock brochure similar to what employers might use. They found that students held generally positive opinions about genetic wellness programs, though some were leery of employer intentions.

“Even though there are a lot of protections in place, there still seemed to be a sense of distrust in the employer providing that program,” says Banerjee, who presented the findings in a virtual poster at the Undergraduate Research Fair and Exhibition. “A lot of the students, even though they’d love to do something like this, prefer that it come from a healthcare provider over their employer.”

Briscoe and Banerjee would like to compare the students’ responses with similar surveys of the general public.

“These programs provide aggregated data back to the employer with the idea that as an employer, if you knew one condition or another was more prevalent in your workforce, you could take independent actions to keep your employees healthier,” Briscoe says. “But this is a new idea, and it remains to be seen how they will go about it while protecting employees from discrimination and also protecting their personal health data.”

Once a company has possession of genomic data, whether it is a 23andMe or through an employer wellness program, those data are routinely shared via partnerships with other organizations. The terms of these arrangements are often unclear, and in some cases, data may leave the U.S. Some countries have laws that state you cannot take bio samples out of the country, but those laws do not apply to data. The lack of consistent regulation — or any regulation — poses potential risks, and that means the burden often falls on the organizations that collect or possess the data to be transparent about how they are using them.

“Some businesses are very aware of public sentiment, but it really is about leadership and what path they want to chart through a very competitive arena,” Diaz Ferraro says. “It can be very difficult in today’s modern economy to find a path that is both respectful of privacy and profitable, because many business models are based on using your data for someone else’s benefit. Not enough people are aware of how much data are being collected on them and how they are being used. I think if more were, there might be more public concern about oversight.”

What are the Rules and Who Should Decide?

Genetics have been studied since the 19th century, and business models that have monetized the public’s curiosity about their own data have been around for over a decade. However, as technologies proliferate and the marketplace expands, the standards for how data are shared and used have not kept pace. The rapid rate at which society has embraced digital solutions to many aspects of daily living has highlighted concerns and created a sense of urgency regarding logistical and ethical issues.

Briscoe, Gray, and Diaz Ferraro are currently researching how the rules of exchange in the genomic data marketplace are evolving and how they might be applied to other developing marketplaces, exploring issues of privacy and ownership but also those of equity and inclusion.

Briscoe has put these and similar issues in front of students in his ethical leadership course, where he urges them to consider the various responsibilities of business leaders. He developed a framework known as PAUSE — which stands for privacy, accuracy, use, security, and equity — that helps students work through issues that might influence how an organization uses data.

“Initially I was thinking that would only apply to industries where the product is about data,” he says, “but in teaching the executive MBAs, almost everybody has data responsibilities, often to do with customers, always to do with employees.”

Understanding ethical influence in the decision-making process is important for Briscoe’s students, particularly when encountering issues with few clear solutions, and will be for the current and future leaders of genomic data organizations as well.

“Business leaders always have to think about the economics, too,” Briscoe said. “Somebody’s paying you for access to or use of the data, so you can’t just take an ethical position that you want to just protect it all forever. You want the use of it to align with the interests of the customers or stakeholders, which can be societally beneficial too. It’s a balancing act.”

Read Innovations in Medical Genomics: What are the Privacy and Security Risks?