While there seems to be an epidemic of data theft lately, red tape surrounding release of data to legitimate groups might threaten our ability to learn about real-world epidemics.
It seems that everyone and anyone is stealing your data recently. Companies as diverse as Sony, Lockheed Martin and Citibank have all been forced to admit hackers had their way with their computers. Meanwhile, the Chinese government has been accused of hacking Google.
But one group can't seem to get its hands on data -- health researchers who are supposed to be able to get it.
Matt Walsh is an epidemiologist at the University of Wisconsin-Madison in the Department of Population Health Sciences. He's one of thousands of researchers around the country who construct government-sponsored health research projects that require access to large sets of population data. For example, if researchers are studying the impact of exercise on breast cancer patients, they need to identify a control group from the general population to pair up with the experimental group. It's no small task -- a scientist might need to find 100 50-year-old women in a small geographic area who don't smoke and are of average weight.
Traditionally, this has been done by picking through databases provided by state motor vehicle agencies, which tend to be the largest repositories of population information available. Census data is more complete, but usually isn't available for years, and then it's stale.
But in recent years, Walsh noticed that it was become harder and harder to obtain government driver license lists. So instead of studying the health effects of a new drug or a virus outbreak, he decided to study access to government driver license data. His results -- published this month in the American Journal of Epidemiology -- show that in about half the country, epidemiologists are out of luck.
"It ends up costing the taxpayers more because we have to do additional procedures to find control groups," Walsh said. "The irony is data brokers and other people who shouldn't have access to the data still find a way to get it."
This research red tape dates back to the late 1980s, when there was a celebrated case of data abuse involving the death of actress Rebecca Schaeffer. At the time, many states would sell license lists to marketers and others as a source of revenue. But a deranged fan purchased Schaeffer's private information from the California Department of Motor Vehicles, stalked her, and killed her.
Congress responded in 1994 with the Drivers Privacy Protection Act, which made most forms of sale or sharing of the information illegal. As the law took effect during the next several years, exceptions were carved out for government agencies performing their normal function-- law enforcement agencies are an obvious example. So is government-sponsored health research. States can also obtain express consent from residents, and then sell or share their data.
But the law, and a few subsequent big-dollar lawsuits, have made many states gun-shy. That anxiety is obvious in Walsh's study.
Over the past two years, he asked every state motor vehicle agency if -- under hypothetical research conditions -- it would release driver data to him. From a researchers' point of view, the findings were troubling: 22 states denied him access; eight states never gave a response – some didn’t even have a contact person for data requests; and another four states said they couldn't respond to his hypothetical. Only 16 states said they would supply the data.
"Yet in all the textbooks, it still says that driver license lists are a source of control groups. They haven't been updated," he said.
A map of the results published in Walsh's report, titled "Availability of Driver’s License Master Lists for Use in Government-Sponsored Public Health Research," suggests Eastern states are more likely to hand data over to researchers. In a large swath of the country, from Indiana to Washington and down to Louisiana, the answer was “no.”
Moreover, Walsh found only one state even attempted to get its residents' permission to share their data: Wisconsin. Drivers there have the chance to check a consent box that's similar to the organ donation box on license applications. About 70 percent don't do so.
"That creates its own problems, because we see that more educated people .. .tend not to check, and that skews the lists we can get," Walsh said.
The box does not allow consumers to discriminate between sharing their information for research, and sharing it for marketing.
Walsh doesn't spite supporters of the Driver Privacy Protection Act. In fact, he said he was relieved on one level that the data was hard to get.
"It's definitely good that someone can't just call and get the data," he said. On the other hand, making health research more difficult is an unintended consequence of the law. "It's hard to decide where the correct balance should be."
There are other ways to get control data for the population at large, Walsh said, but they are both inferior and expensive.
"It's very helpful to have the most accurate, complete list of everyone in the population," he said. "It would be nice if we had a perfect list of everyone. In Sweden, everyone is a national registry. ...The further we get away from that, the harder it is for us to stay competitive."
Comments begin below. Comment anonymously by sending an e-mail to BobSullivan@feedback.msnbc.com.