If your genetic data, or even a relative's, has made its way online—albeit posted anonymously—it's simple for researchers to uncover your identity. So simple it surprised the researchers themselves. All they needed to suss out a person's name, and the names of members of that person's family tree, was DNA information, the person's age, and their home region. That just so happens to be the details that accompany the extensive amounts of genetic data that have been put in an NIH database for researchers' free use as part of the 1000 Genomes Project. "I've been worried about this for a long time," says one expert.
The New York Times recounts a researcher's experiment to track people down using the data. He compared patterns from a posted DNA string to those in a genealogical database. That gave him the subject's grandfathers' last names; from there, some quick Googling provided a family tree. "Oh my God, we really did this," the researcher said. He believes his team could track down the names of some 12% of middle-class and wealthy white males, the types who are likely to submit DNA data. Other experts, however, say there's no need to fret. "It is hard to imagine what would motivate anyone to undertake this sort of privacy attack in the real world," notes one. The NIH has since erased people's ages from its database.