Source: [id: 41018; name: CSO; isActive: true; siteId: 3] -- CSO -- $content.altguid

NDA on DNA

IBM Chief Privacy Officer Harriet Pearson does the right thing.

By

October 18, 2005CSO

When IBM announced last week that it will not use genetic information in employment decisions, acclaim followed. IBM was lauded by privacy advocates, ethicists and its own employees. IBM chief privacy officer Harriet Pearson, who led the effort, got to peek at several e-mails from a few of IBM's 300,000 employees to CEO Sam Palmisano that recounted, she said, excruciatingly personal examples of why such a policy was a Good. Something about the announcement made it feel like a landmark.

That's not an accident. Pearson said in a podcast interview with CSO magazine that genetic data and its privacy implications are just starting to resonate with the public and that was one of the motivating factors for her to develop a policy. "We always scan the environment," she says. "We thought the time was right in terms of where the market is moving and where science is moving."

The key word there is market. So many privacy policies are post-incident, market-outrage driven (think HIPAA). This one was proactive, market driven. Pearson had recognized through one of IBM's own markets, the genetics industry, that the potential for genomics was matched only by a potential for privacy nightmares. "We have industry expertise that we brought to bear," she says.

But also, a few minor nightmares had already come to light, like the $2.2 million settlement between the Burlington Northern and Santa Fe Railway Company and the U.S. Equal Opportunity Commission. According to a New York Times story, BN had attempted to use blood samples without employee consent to get genetic data to prove employee injuries were not caused by work by but rare genetic conditions. The railway denied wrongdoing but agreed not to use genetic tests in the future.

Pearson had also heard a smatteringcertainly not a chorusof concerns voiced through IBM's work on the National Genographic Project with National Geographic. So, the time was right for Pearson to develop a policy and she looked around. What she found was a terribly uneven policy landscape. For example, there is no national law on the use of personal genetic data (one law is in the works), but 30 states have some form of local regulation. Those local laws vary widely. Internationally, some countries have policies while others don'tperhaps not because those without don't care but rather because genetic privacy is assumed. Anyway, it's not clear.

So she decided to simply go ahead and develop what seemed like a smart policy for IBM, and IBM only. "This is policy as it applies to ourselves," Pearson says, showing a marked ambivalence to whether other companies follow her lead, and "we're not involved in lobbying or legislation."

RESOURCE CENTER