UK Biobank Boss Blames 'Few Bad Apples' for Data Incident

The head of UK Biobank, Professor Sir Rory Collins, has attributed a recent data incident to 'a few bad apples' within the organization. The incident involved medical data from 500,000 participants being listed for sale on a website in China. According to the UK government, datasets containing de-identified information about volunteers, made available to researchers at three academic institutions, were found to have been posted for sale on Alibaba last week.

The listings were swiftly removed before any purchase took place, but the charity is now facing scrutiny over how the incident occurred. Sir Rory expressed his anger and upset over the incident, revealing that the institutions concerned have been banned from its platform. In response to the incident, UK Biobank is temporarily suspending all access to its online research platform while it implements additional controls to prevent similar incidents in the future.

The Biobank is a collection of health data from UK volunteers, which has contributed to improvements in the detection and treatment of diseases such as dementia, certain cancers, and Parkinson's. Its online research platform allows scientists at approved academic institutions worldwide to access its datasets, which include de-identified medical information about participants. Sir Rory told the BBC that 'in this case, a few bad apples have taken those data off the platform and they have listed the data for sale.' He acknowledged that it is impossible to entirely rule out that individuals could be identified using its de-identified data and other information, but emphasized that there is no evidence to suggest this has taken place.

Technology minister Ian Murray informed MPs that the data involved did not include participants' names, addresses, contact details, or telephone numbers. However, it could include information such as gender, age, month and year of birth, socioeconomic status, lifestyle habits, and measures from biological samples. The organization has referred itself to the UK's data watchdog, the Information Commissioner's Office (ICO), which is making enquiries into the incident.

The ICO emphasized that organizations have a responsibility under the law to handle people's medical data carefully and securely. A comprehensive and forensic board-led investigation of the incident will also be conducted. Sir Rory acknowledged that the organization can always do more to prevent potential misuse but must balance making data available for scientific discovery with protecting it.

Photo by Aron Van de Pol on Unsplash