How Modern Data Privacy Laws Enables Research

Now that data privacy laws have become more globally widespread, existing institutional systems for data aggregation have been slow to adapt to support general health research.

In this webinar, Luna’s Chief Information and Privacy Officer, Scott Kahn, explores the common framework of General Data Protection Regulation (GDPR) and related regulations and suggests a path forward through privacy-by-design research.

About Scott Kahn

Scott Kahn, PhD. is the Chief Information and Privacy Officer at Luna, a private investor-owned company founded in November 2017. The public benefit corporation is chartered to drive societal value through the aggregation and organization of genomic and health data at a scale and diversity rich enough to solve today’s greatest health challenges. LunaPBC founded LunaDNA, the world’s first community-owned health database that offers shares of ownership to health data contributors. Scott is integrating data privacy and security provisions that comply with GDPR and HIPAA at LunaDNA. Scott is also on the Board of Directors at Rady Children’s Institute for Genomic Medicine and was the former Chief Information Officer and Vice President Commercial, Enterprise Informatics at Illumina. 

About Genetic Alliance

Genetic Alliance, a non-profit organization founded in 1986, is a leader in deploying high-tech and high-touch programs for individuals, families, and communities to transform health systems by being responsive to the real needs of people in their quest for health. The alliance is comprised of 10,000 organizations, 1,200 of which are disease and patient advocacy foundations, and include community health programs, employee wellness programs, local nonprofits, religious institutions, and community-specific programs to grow and expand their reach and mission.

Data Privacy Protection

How To Maintain Data Privacy in Today’s Uber-Connected World

By Bojil Velinov, Head of DevOps and Automation at LunaPBC

2020 may be coming to an end, but it marks the beginning of the decade in which we had the largest amount of baby-boomers entering retirement age.

It is also the decade for coming of age for the last millennia generation. In the previous decade, the telephone, radio, and TV had a big influence on their lives. Now, internet connectivity, social networks, and instant information is changing everything we knew about communication. Both generations benefit from the exposure and existence of technology, or what we now have evolved to call, “high-tech.”

While earlier technologies were rendered as one-directional communication, new technologies have evolved to ingest vast amounts of input, processes, all while delivering information to us more quickly, efficiently, and accurately. Both past and current technologies depend on personal data to validate themselves and improve their services.

In today’s über-connected world, data privacy is more important than ever before. Everywhere we go, we leave behind a trail of data breadcrumbs that share valuable information about who we are and what we do. Whether knowingly or unknowingly, we often victimize ourselves to fulfill our desire for high-tech convenience. But even the simplest activities, like checking the weather or connecting to a free WiFi network, can put our data at risk. With modern internet-connected devices literally in the palm of our hands, we are constantly under indirect surveillance. Sites we visit regularly, products we engage with on social media, articles we read on search engines all contribute to our digital profiles. 

This raises the questions, how much exposure of our private lives is beneficial to ourselves and society? How much of our private data is monetized with no direct benefit to us as the creators? These questions contain many perceptions and tangents and raise many conversations between team leaders at LunaPBC. We strive to understand all arguments related to data collection, but always resort to the unanimous agreement that people belong at the center. Until every company aligns with our values and beliefs, it’s at least assuring to know that data privacy is headed in the right direction, with the implementation of the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). I’m anticipating other federal and state legislative initiatives aimed at protecting individual data on the horizon. 

Privacy is directly connected to our liberties, but liberties don’t exist in a vacuum. We all have to, more-or-less, agree on what’s right even as complex social organisms. For society to not only exist but thrive, liberties should require justice, and achieving this may require individuals to partially share some privacy. In other words, individuals, as integral members of the society, should always be in control of their privacy. Our actions, demands, and understanding of privacy can help us shape a “new” internet, and with that our continuous stream of data.

Obtaining data privacy, reducing your digital vulnerability, and maintaining control starts with protecting your passwords.  

Don’t Make Your Password Easy to Guess

  • 123456 and password are the most commonly used passwords. Don’t use them.
  • Switching a letter for a symbol (p@ssw0rd!) is an obvious trick hackers know well.
  • Avoid favorite sports teams or pop culture references. Use something more obscure.
  • Don’t use a single word like sunshine, monkey, or football. Using a phrase or sentence as your password is stronger. 
  • Don’t use common number patterns like 111111, abc123, or 654321.
  • Adding a number or piece of punctuation at the end doesn’t make your password stronger

Create More Than Just a Strong Password, Create Various Strong Passwords

  • The strength of your passwords directly impacts your online security.
  • Use a password manager to remember all your passwords.

Kicking off the decade with data privacy top of mind can ensure you have yourself safe and secure years ahead. 

Prioritize the Safety of Your Health Data

Here’s Why You Should Prioritize the Safety and Security of Your Health Data

By Lena Huang, LunaDNA Contributor

Over the past few decades, scientists and researchers have made great strides in understanding how to use genomic data to drive important medical discoveries.

However, as the scientific community continues to gain access to genomic data at rapid speeds, concerns about the privacy of that data are emerging. Today, there are hundreds of companies that offer genetic testing for thousands of disease-causing genes. Many of these companies also offer whole-exome sequencing, in which all of an individual’s protein coding genes are analyzed for mutations that may cause disease. While this testing can save lives, it also creates a large amount of data that may or may not be secure.

Over the past few decades, scientists and researchers have made great strides in understanding how to use DNA data to drive important medical discoveries. However, as the scientific community is beginning to gain access to more data than ever before, concerns about the privacy of that data are emerging.

Today, there are many companies that offer genetic testing for disease-causing genes. Some of these companies also offer whole-exome sequencing, in which all of an individual’s protein-coding genes are analyzed for mutations that may cause disease. While this testing can save lives, it also creates a large amount of data that may or may not be secure.

DNA data plays a significant role in accelerating medical breakthroughs, so it’s no wonder why more tools are becoming readily available to drive discovery. Advances in technology allow doctors to analyze genetic data quicker and can be used to discover a person’s risk for developing disease, including getting neurological diseases, such as Huntington’s disease or Alzheimer’s disease. Although the advances in health technology have allowed people to better understand their risk for certain conditions and diseases, this information could be used adversely if it falls into the wrong hands.

For example, what if an insurance company could discriminate if they knew a person was at a greater risk for arrhythmia, stroke, or heart attack? What if an employer could fire an employee if it discovered that person was genetically predisposed to developing dementia in the next 10 years? What if an employee did not know his or her employer had access to this genetic information?

Sadly, cases of genetic discrimination are already happening. In 2012 in Palo Alto, Calif., Colman Chadam was asked to transfer middle schools because he was a carrier of cystic fibrosis (CF), even though he was unaffected by the disease. Two children with CF were already attending the school, and because individuals with CF should avoid contact with others who have the disease due to cross infection, their parents petitioned the school district for Chadam to be transferred. Chadam’s parents filed a genetic discrimination lawsuit so he could attend the school.

In 2012, employees of Atlas Logistics Group Retail Services in Atlanta were asked to submit to a cheek swab in an attempt to identify who had been vandalizing one of its warehouses. Two employees recognized the dangers of submitting their personal genetic information and learned that they shouldn’t have to under the Genetic Information Nondiscrimination Act (GINA). GINA makes it illegal to discriminate against employees or applicants because of genetic information. GINA also states that it is “an unlawful employment practice for an employer to request, require, or purchase genetic information with respect to an employee.”

How can we avoid potentially dangerous situations involving our own DNA? It is up to individuals to be informed and do their research on the companies that store and use their data.

So before sending in a saliva sample or DNA data, be sure the company you’re sending it to will strip all information of personal identifiers. Make sure any company that you send data to understands the importance of privacy and will keep your data secure. Understanding how companies plan to use your data not only allows you to maintain control but also helps you avoid situations where your personal information ends up in the wrong hands. Read the privacy and terms of use policies when your personal data is involved.

The control of data privacy is all about being able to decide who can access your data, under the conditions and for the purposes that resonate with you,” says Scott Kahn, Chief Information Officer at LunaPBC. “Isn’t this a better model of control than having institutions make these decisions for you?”

LunaDNA takes your privacy seriously. All personal information is removed and de-identified from any health or DNA data that is given to LunaDNA. Personal information is stored on a separate database from the health data so that there is no connection. All data is securely encrypted to protect your privacy. Finally, you are in control of your data, and it never leaves the LunaDNA platform. Researchers can only access the de-identified data on the platform and cannot export the information. You can choose to access or delete your information at any time.

Discoveries depend on research which relies on data. We think data use should permissioned by you. Contributing to science by sharing health and genetic information will allow researchers to perform important studies that are needed for medical breakthroughs. During this exciting time, remember that while sharing DNA data is absolutely vital to advancing the field, it is equally important that you share it safely.

Directly drive health discovery by joining the Tell Us About You study. The more we come together to contribute health data for the greater good, the quicker and more efficient research will scale, and improve the quality of life for us all.  

Click here to get started.

LunaDNA is Approved by the SEC

LunaDNA Is Approved By The SEC to Offer Ownership Shares to Individuals for Sharing Data

SOLANA BEACH, Calif., Dec. 5, 2018  — LunaDNA LLC announced today that its securities offering has been qualified and its platform is now open to U.S. residents. LunaDNA is the first community-owned health and DNA data platform to offer ownership shares for contributing personal health information.

The Final Offering Circular for the offering is available at the U.S. Securities and Exchange Commission (SEC) website here. U.S. residents can sign up at to contribute data and obtain shares.

Founded by the Public Benefit Corporation LunaPBC, Inc., LunaDNA’s platform is rooted in putting individuals at the center of health research, with unique features for data privacy, voluntary inclusion, transparency, and sharing in the value created from use of their data. The monetary value of LunaDNA share ownership will be expressed through dividends consistent with an individual’s ownership percentage. Holders of shares can increase their holdings over time by contributing more data, and intrinsic value in the database is created as research advances and medical discoveries are accelerated.

This people-first model is designed to address previous industry research challenges such as data silos limitation, data usage non-transparency, and value imbalance. LunaDNA has created a global community for data sharing where community is the core tenet. Members control their inclusion in the database by always having the option to remove consent and delete their data from the platform.

Nothing is more personal than our health and DNA data. LunaDNA, in a precedent-setting move, is enabling individuals to own shares in the company that monetizes their data. This new data paradigm enables a community to control their continued inclusion, learn about studies undertaken with the database, celebrate discoveries, and participate in the financial rewards that come from commercial partnerships.”

Bob Kain, CEO + Co-founder, LunaPBC

Researchers from nonprofits, for-profits, disease organizations, and research communities will be able to query the LunaDNA platform for research studies. Members’ de-identified and aggregated health data provided in response to those queries will help power research at the scope and scale needed for medical breakthroughs. While maintaining anonymity and only with consent, LunaDNA members may further opt-in to receive communications from researchers interested in including them in a research study or trial.

Medical breakthroughs and improving quality of life depend on comprehensive, continuous, real-world health data organized to support medical discovery. People are the best curators of their health data, and we need them as partners in research,” said Dawn Barry, president and co-founder, LunaPBC. “This model brings together social responsibility with technology for real-world, frictionless, passive information capture. We can imagine research as a continuous relationship versus a moment in time transaction.”

Beginning today, you can receive shares for contributing eligible data types, including DNA data files from services such as 23andMe, AncestryDNA, and MyHeritage, on the LunaDNA platform.

About LunaDNA
LunaDNA is the first health and DNA data platform owned by its community of personal health information donors. LunaDNA empowers individuals to share their health data for medical research and the greater good of the community. As community owners in the LunaDNA platform, holders of shares participate in the value created from health discovers and medical breakthroughs.

LunaDNA was created by the privately-owned Public Benefit Corporation LunaPBC, founded in 2017 and headquartered in Solana Beach, California. The LunaPBC team, investors, and advisors are renowned in the patient-advocacy, health, and science fields, including several former chief executives of Illumina, industry academics, and financial executives.

LunaDNA does not provide genetic testing services, as it focuses on aggregating health information that individuals already own to accelerate health research. LunaDNA does not endorse any specific genetic testing company.

Forward Looking Statements
The matters contained in the discussion above may be considered to be “forward-looking statements” within the meaning of the Securities Act of 1933 and the Securities Exchange Act of 1934, as amended by the Private Securities Litigation Reform Act of 1995. Those statements include statements regarding the intent, belief or current expectations or anticipations of LunaDNA and LunaPBC and members of LunaPBC’s management team. Factors currently known to management that could cause actual results to differ materially from those in forward-looking statements include the following: LunaDNA’s ability to attract and retain members; breaches of network security or the misappropriation or misuse of personal and health data; dependence on LunaPBC for funding; market demand for analysis of genomic information and LunaDNA’s ability to recruit researchers to query the database; the need to comply with complex and evolving U.S. and foreign laws and regulations; dependence on third parties to generate data contributed by members; competition; dependence on LunaPBC as manager of LunaDNA, including dependence of key personnel of LunaPBC; the ability of LunaPBC to unilaterally change LunaDNA’s operating agreement and management services agreement; potential for disruption from network outages; failure to maintain the integrity of systems and infrastructure; liabilities as a result of privacy regulations; failure by LunaPBC to adequately protect intellectual property rights or allegations of infringement of intellectual property rights; the general non-transferability of shares and the lack of a trading market for the shares; uncertainty in the ability of LunaDNA to earn sufficient revenue, after expenses, to have sufficient funds to pay dividends to holders of shares; the discretion of LunaPBC as to the declaration of dividends on the shares; lack of voting rights and other typical shareholder rights; potential adverse effects of LunaPBC’s conflicts of interest; and the limited recourse of LunaDNA share holders against LunaPBC for its actions as manager. These and additional factors to be considered are set forth under “Risk Factors” in LunaDNA’s Final Offering Circular and in its other filings with the Securities and Exchange Commission. LunaDNA undertakes no obligation to update or revise forward-looking statements to reflect changed assumptions, the occurrence of unanticipated events or changes to future operating results or expectations, except as otherwise required by law.

For more information visit and view the Final Offering Circular here.