select search filters
briefings
roundups & rapid reactions
Fiona fox's blog
Scientists comment on UK Biobank’s Oversight Committee report into data security.
Professor John Danesh, BHF Professor of Epidemiology and Medicine, Department of Public Health and Primary Care, University of Cambridge; Faculty member, Wellcome Sanger Institute; Access Committee member, UK Biobank, said:
“UK Biobank is a jewel in the crown of UK science — and today’s report from its Oversight Committee is a reminder of both the importance of that resource and the responsibility that comes with it.
“The report is a serious response to an incident earlier this year involving an illegal attempt to breach UK Biobank’s access rules. UK Biobank’s swift action prevented any data from being sold, and no study participants are known to have been re-identified because of that incident.
“The nine recommendations in today’s report focus on strengthening governance, security, and oversight. They reinforce UK Biobank’s existing trajectory towards a secure data environment that brings researchers to the data, rather than the data to the researcher. These are sensible steps.
“There is, however, a need for a clear-sighted, long-term view of the balance between data access and security. UK Biobank is a uniquely powerful resource for medical discovery – one of the most valuable population-scale biomedical datasets in the world – and it is critical to science to help patients. More than 18,000 peer-reviewed scientific papers have already been published using UK Biobank data, contributing to key advances in cancer, heart disease, dementia, diabetes and many other conditions.
“Locking data away is the only sure way to keep it completely safe, but it would also render UK Biobank unable to fulfil its purpose. Unwarranted restriction on responsible access carries a real cost. Those costs can be measured in delayed discoveries and slower progress for patients. The costs are rarely visible, but no less real for that.
“The right response to this incident is not to curtail access to this invaluable resource, but to make that access more secure, more transparent, and more rigorously overseen. The recommendations in today’s report point in the right direction.
“Continued vigilance, strong governance, and transparency will help sustain the public trust placed in UK Biobank by its participants. That trust must be repaid through both the protection of their data and the delivery of the scientific and health benefits that motivated their participation in the first place.”
Professor Ewan Birney CBE FRS FMedSci, Director of EMBL-EBI, said:
“The data breach of UK Biobank data in China last month was a serious concern both for participants and the overall community. It was right that UK Biobank both acted quickly to remove these listings, started the review process leading to the current report and paused all access over this time. This report is independent, thorough and makes some strong recommendations which will further improve the security of UK Biobank data whilst still providing access to responsible and authorised research. UK Biobank is the best cohort in the world, and much of the research on human biology and health is happening in this cohort along with others around the world – this is research that provides huge benefits in our understanding with practical outcomes such as better diagnoses and more effective therapeutics.”
Professor Andrew Morris, Director of Health Data Research UK, said:
“The publication of UK Biobank’s investigation and the decision to make it public is very welcome. The report appears to be commendably open and straightforward in establishing what went wrong. It sets out clear actions UK Biobank will take to improve the security of participants’ data.
“That openness matters: transparency is essential if participant trust is to be earned and maintained after an incident of this kind.
“The report appears to be a thorough and candid investigation into what went wrong, acknowledging both the immediate breach and the wider opportunities to strengthen governance, monitoring, communication and technical controls. Its recommendations are practical and, if implemented in full, should go a long way towards reducing the risk of similar incidents in future — with proposed changes to the output checking system, stronger oversight, faster participant communication, and enhanced security capability.
“In particular, it is good to see recognition that it took too long to contact Biobank participants high in the report’s recommendations. The 500,000 participants who consented to take part in UK Biobank have contributed to remarkable research and deserve to be put first.
“The two recommendations on preventing downloads of data and dealing with data already downloaded are welcome and necessary, and will be significant for Biobank to work through. Checking of outputs leaving a secure data environment is a critical safeguard, and the report states that the Biobank data environment will not re-open for research until such a system is in place.
“It is also important not to lose sight of why health data are used for research in the first place: when handled responsibly, they enable outstanding science that is relevant to health and wellbeing, by powering discoveries that improve prevention, diagnosis and treatment of diseases relevant to people globally. The report strikes the right balance between tightening security and preserving the scientific value of the resource.
“The key test now is delivery. Publication of the report is a positive step, but restoring confidence will depend on visible implementation, independent scrutiny, and continued engagement with participants. The scientific community now has both the responsibility and the opportunity to work in partnership with citizens, collaborate closely, and help deliver the changes needed to strengthen security, demonstrate trustworthiness, and support the highest quality systems that underpin health data research for the public good.”
Anna Steere, Head of Understanding Patient Data, said:
“The Oversight Committee’s report marks an important step in setting out clear actions for UK Biobank to tighten governance, improve oversight and enhance security – all essential to maintaining confidence in the use of health data.
Consented cohort participants make an exceptional contribution to health research in support of the public good, so it is right to recognise that UK Biobank responded quickly and openly, while also showing that systems and safeguards must continue to evolve to meet the highest standards.
As these measures are implemented, UK Biobank will need not only to strengthen protections, but to communicate them clearly to participants and the wider public. Maintaining trust will depend on transparency, accountability and clear evidence that lessons have been learned – not least to avoid any wider impact on public confidence in how health data is used across the NHS.”
https://www.ukbiobank.ac.uk/news/report-into-data-security-at-uk-biobank-published/
Declared interests
Prof John Danesh: Professorial Fellow, Jesus College, Cambridge. Faculty Member, Wellcome Sanger Institute. Director, Health Data Research UK-Cambridge.
Ewan Birney is a long established paid consultant to Oxford Nanopore, which is one of the companies that have provided genome sequencing for UK Biobank.
Prof Andrew Morris: Andrew Morris is Director of Health Data Research UK, the national institute for health data science; is Professor of Medicine and Vice Principal at the University of Edinburgh; is President of the Academy of Medical Sciences; has minority (<1.5%) shareholding in Aridhia Informatics; and a small number of shares in GSK (<£5,000).
For all experts, no reply to our request for DOIs was received.