Biotechnology and IT Governance: Ethical and Security Implications for IT Professionals

In an era of accelerating technological innovation, biotechnology and information technology are converging to create transformative opportunities. Biotechnology has become the backbone of personalized medicine, genetic engineering, and data-driven healthcare breakthroughs.¹ Yet with these advancements come significant ethical and security challenges:

• How should genetic data be handled ethically?
• How do we maintain public trust in these emerging technologies?
• Can global collaboration bridge the gaps in regulatory standards?

To manage the complexities of data protection, regulatory compliance, and risk mitigation, enterprises rely on established IT governance frameworks that provide structured guidance for securing sensitive information.

Several frameworks play a critical role in the responsible management of genetic data:

• COBIT^®—A governance framework that provides structured guidance for managing IT risk, securing sensitive data, and ensuring accountability at all levels²
• EU General Data Protection Regulation (GDPR)—Enforces strict privacy protections for personal and genetic data, granting individuals greater control over their information via the right to be forgotten and stringent consent requirements³
• US Health Insurance Portability and Accountability Act (HIPAA)—Establishes privacy and security rules governing the use, storage, and sharing of health-related data, particularly in medical research, genetic testing, and patient records management⁴

The intersection of biotechnology and IT governance has also led to ethical questions, data protection challenges, and regulatory disparities that require global collaboration and innovation to achieve responsible solutions. Real-world examples, such as genetic data breaches and advancements in blockchain technology, highlight the need for transparency, interdisciplinary collaboration, and public engagement in shaping the future of biotechnology.⁵

Protection of Genetic Data

The protection of genetic data is essential to ethical biotechnology. Sensitive information, such as DNA sequences and biomarkers, demands vigorous IT controls to prevent breaches and misuse. IT governance frameworks such as COBIT offer structured solutions for managing the data life cycle and ensuring security at all stages of data management, from storage to deletion.⁶ For example, encryption and role-based access ensure that only authorized personnel can handle sensitive data.⁷ This security measure protects individual privacy and builds trust between enterprises and stakeholders.

In addition, cloud-based data storage solutions have introduced new challenges in data governance. While cloud-based storage solutions offer scalability and cost efficiency, research from IBM found that more than 85% of cloud data breaches result from human error.⁸ Given the likelihood of an employee-related security incident, enterprises must implement strict cloud security protocols and ensure robust training programs for employees managing sensitive genetic data.

Dynamic consent frameworks represent an innovative approach to data governance, enabling individuals to grant or withdraw consent dynamically through digital platforms. This approach enhances transparency and fosters trust, which is crucial for long-term collaboration between patients and biotechnology enterprises.⁹ For example, Genomics England utilizes dynamic consent systems to engage patients while adhering to ethical standards.¹⁰

The protection of genetic data is essential to ethical biotechnology.

Genetic data breaches, such as those involving Ancestry.com and MyHeritage, emphasize the urgent need for governance frameworks that prevent unauthorized access and adapt to the evolving landscape of cybersecurity threats. In 2018, the MyHeritage data breach exposed the details of 92 million accounts, highlighting the significant gaps in cybersecurity protocols among genetic testing companies.¹¹ Although no genetic information was compromised, the breach demonstrated the potential for catastrophic consequences if genetic data is not adequately protected.

These incidents underscore the critical need for continual investment in security frameworks. However, investing in a framework alone is insufficient; frameworks must be effectively implemented through robust controls, processes, and organization-wide actions to ensure meaningful security improvements.

Mitigating Risk Through Emerging Technology

Blockchain enhances genetic data security through immutability. However, to reconcile the GDPR's right to be forgotten, organizations are leveraging solutions such as hybrid blockchain models and zero-knowledge proofs (ZKP), which enable selective data erasure while preserving security. For example, systems such as Nebula Genomics have implemented blockchain solutions to provide users with complete ownership of their genetic data, setting a precedent for the broader biotechnology industry.¹² While blockchain has traditionally been associated with financial sectors, its application in healthcare presents unique opportunities to address longstanding challenges, such as ensuring data integrity and empowering users with greater control over their information.¹³

Blockchain also enables smart contracts, which automate data access based on predefined conditions to ensure compliance with ethical and legal standards. Additionally, AI-driven monitoring can enhance security by detecting anomalies and providing real-time alerts in the event of unauthorized access attempts.

While these technologies hold significant promise, they also have inherent risk and should be cautiously implemented. AI systems, for instance, can unintentionally introduce vulnerabilities if they are not trained on diverse datasets, potentially leading to biased decision-making or false positives in anomaly detection. Additionally, the complexity of integrating blockchain and AI may make these systems more challenging to secure and audit. A misconfigured AI model could be exploited by malicious actors, compromising the integrity of the entire system.

Similarly, the use of blockchain technology in genetic data management poses challenges, such as the immutability of records, which might conflict with privacy laws, such as the right to be forgotten under the GDPR. Without proper oversight and ethical governance, the benefits of these technologies could be overshadowed by unintended consequences, such as privacy breaches or misuse of sensitive data.

Rigorous testing, robust security measures, and adherence to ethical standards are critical to ensuring the responsible deployment of blockchain and AI in genetic data management. These precautions can help minimize risk while maximizing the transformative potential of emerging technologies. As technology evolves, regulatory bodies face increasing challenges in ensuring ethical compliance while fostering innovation, calling for a stronger international collaboration in biotechnology governance.¹⁴

Regulatory Frameworks and International Collaboration

Biotechnology governance varies widely across countries, making it difficult to ensure consistent ethical standards. For instance, the European Union has stringent data protection laws under the GDPR, while the United States relies on a sectoral approach that lacks centralized oversight. These differences complicate cross-border research, especially in projects involving genetic data.¹⁵

Emerging economies such as those in Brazil and India are becoming significant players in biotechnology research but face limitations due to their developing regulatory frameworks. These countries often emphasize innovation to compete in the global market, but this focus can sometimes challenge their commitment to ethical oversight. For example, India's National Biotechnology Development Strategy fosters innovation in genetic research and biopharmaceuticals.¹⁶ However, it acknowledges existing ethical governance gaps, particularly in data protection and genetic testing regulations. Similarly, Brazil's Biosafety Law enables advancements in biotechnology but has faced criticism for insufficient enforcement mechanisms and ambiguities in ethical standards for human genetic research.¹⁷

International collaboration, such as through the Nagoya Protocol,¹⁸ could help create unified policies that balance innovation with accountability, ensuring equitable access to biotechnology advancements while addressing ethical disparities. By learning from these experiences, frameworks can be designed to ensure innovation and equitable access while addressing ethical disparities in research practices.

Entities such as the International Society for Computational Biology (ISCB)¹⁹ are critical in bridging regulatory gaps. For example, ISCB's efforts in promoting global bioinformatics standards have facilitated cross-border research compliance, enabling seamless collaboration between researchers across different regulatory environments. These efforts have significantly aligned genomics and computational biology practices, fostering transparency and standardization. International initiatives such as these ensure that advancements in biotechnology are conducted responsibly and in compliance with ethical standards, even as different countries operate under varying regulatory frameworks.

The rise of data localization laws, which require data to be stored within a country's borders, poses new challenges for biotechnology enterprises.

Similarly, treaties such as the Nagoya Protocol²⁰ govern access to genetic resources and equitable benefit sharing, ensuring that countries benefit from biodiversity-based research while maintaining ethical standards. A similar approach could be applied to biotechnology governance. The Nagoya Protocol could inspire frameworks ensuring equitable access to clustered regularly interspaced short palindromic repeats (CRISPR) technology for developing countries, fostering innovation while addressing global disparities in scientific advancement.

International agreements can help establish ethical standards for emerging biotechnological innovations by mandating transparent research practices and equitable benefit sharing. Such frameworks could ensure that advancements in gene editing, synthetic biology, and other innovative fields are not limited to developed nations but benefit the global community.

The rise of data localization laws, which require data to be stored within a country's borders, poses new challenges for biotechnology enterprises. While these laws aim to enhance national security, they often conflict with the global nature of genetic research. For example, genome-wide studies typically require data from diverse populations, making localized data storage impractical. Resolving these conflicts requires collaboration among governments, researchers, and technology providers to establish protocols that respect national interests and scientific goals.

Interdisciplinary Collaboration

The merging of biotechnology and IT governance demands interdisciplinary collaboration to address complex ethical and security challenges. Stakeholders, including bioinformaticians, IT auditors, legal experts, and ethicists, must work together to create robust governance frameworks. For example, the genetic engineering technique CRISPR-Cas9 development required both molecular biologists and data analysts to ensure precision in gene-editing technologies.²¹ Collaborative approaches can help bridge gaps in understanding the technical, ethical, and societal implications of such advancements. Effective IT governance requires continuous collaboration between bioinformaticians, cybersecurity specialists, and policymakers to navigate evolving challenges in genetic data security and ethical compliance.

Public Perception and Trust

Building public trust is essential for the widespread adoption of biotechnological solutions. Scandals, such as the unauthorized genetic modification of human embryos in China, have underscored the risk of ethical lapses.²² Governments, research enterprises, and private entities must prioritize transparency by openly sharing research methodologies, objectives, and potential risk. Public awareness campaigns can also dispel misconceptions about emerging technologies such as nanobiotechnology and blockchain-based data systems, ensuring informed community engagement.

A significant source of skepticism toward biotechnology stems from a history of ethical violations in medical research. Historical ethical violations, such as the case of Henrietta Lacks—whose cells were used in research without her consent²³—have significantly contributed to distrust in medical research. Research institutions must adopt transparent practices to rebuild trust, such as publishing methodologies and collaborating with public stakeholders through community outreach programs. Additionally, targeted public education initiatives, particularly in digital literacy and fact-checking programs, can counter misinformation and promote informed engagement with biotechnology advancements.²⁴

Misinformation on social media can further amplify public skepticism, particularly regarding technologies that are in the public eye.²⁵ Educational campaigns led by trusted institutions can counter misinformation by providing accurate, accessible information. Partnering with schools and community organizations can also help demystify complex technologies such as gene editing and synthetic biology.

Ethical Considerations in Innovative Technologies

AI and machine learning (ML) are transforming drug research and personalized medicine. For example, AI algorithms can analyze vast data sets of genetic markers to predict risk of disease and tailor treatment plans. However, ethical challenges arise when AI models unintentionally encode biases, potentially exacerbating health disparities. Blockchain for genetic data frameworks must ensure fairness in AI applications by enforcing transparency in algorithm development and regular audits for bias detection.²⁶

Bioprinting, the process of creating tissues and organs using 3D printing technology, is another groundbreaking innovation. This technology has the potential to address the shortage of organs for transplantation but raises ethical questions about accessibility and the commodification of human tissue. Policymakers must establish clear regulations to prevent exploitation and ensure equitable access to these life-saving advancements.²⁷

Synthetic biology involves designing and constructing new biological parts, devices, and systems. This field holds immense potential, from creating biofuels to developing synthetic vaccines. However, creating artificial life forms presents unprecedented ethical dilemmas, including the possibility of unintended ecological consequences. For example, synthetic organisms could disrupt biodiversity or introduce unforeseen ecological impacts if released into natural ecosystems. Governance frameworks such as COBIT can provide mechanisms to track synthetic biology projects, ensure compliance with safety standards, and manage associated risk.²⁸

Case Studies: Ethical Failures and Lessons Learned

Several high-profile incidents have demonstrated both the potential risk and ethical challenges in biotechnology and genetic data management. The Tuskegee Syphilis Study (1932–1972) highlights the importance of informed consent and participant welfare in research ethics. Participants were misled about their condition and denied treatment so that researchers could observe the progression of the disease, resulting in unnecessary suffering and death.²⁹

In 2018, Chinese scientist He Jiankui announced the birth of the first gene-edited babies, sparking outrage worldwide. His experiment violated ethical guidelines by failing to ensure informed consent and subjecting embryos to unknown risk.³⁰ This case highlights the need for stricter global regulations and collaborative enforcement mechanisms to prevent similar breaches in the future.

Modern governance frameworks emphasize informed consent, transparency, and participant welfare to prevent such egregious ethical violations from recurring.

Modern governance frameworks emphasize informed consent, transparency, and participant welfare to prevent such egregious ethical violations from recurring. Conversely, successes such as the CRISPR-based development of sickle cell therapies³¹ illustrate how modern governance frameworks can ensure ethical oversight while driving innovation.

Conclusion and Future Directions

Biotechnology represents the forefront of human innovation, offering solutions to some of the world's most pressing challenges. However, its power must be wielded responsibly. By addressing ethical concerns through robust frameworks, interdisciplinary collaboration, and public engagement, the biotechnology sector can ensure that its advancements serve humanity equitably and sustainably.

Frameworks such as COBIT, GDPR, and HIPAA provide structured solutions for managing data governance, compliance, and risk, while tools such as dynamic consent systems and blockchain allow individuals to maintain control over their genetic information. Collaboration among ethicists, scientists, policymakers, and the public is essential to achieve a balance between innovation and moral responsibility. By fostering an inclusive, ethical approach to biotechnology, society can unlock its transformative potential while ensuring that no one is left behind.³²

Endnotes

¹ Dzau, V. J.; Ginsburg, G. S.; et al.; “Realizing the Full Potential of Precision Medicine in Health and Health Care,” Vital Directions for Health & Health Care: An Initiative of the National Academy of Medicine, National Academy of Medicine, 2017
² ISACA^®, COBIT^®Framework: Introduction and Methodology, USA, 2019
³ Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation [or GDPR]) (OJ L 119, 4.5.2016, p. 1)
⁴ US Department of Health and Human Services, “HIPAA for Professionals,” USA, 2024
⁵ Mittelstadt, B. D.; Floridi, L.; “The Ethics of Big Data: Current and Foreseeable Issues in Biomedical Contexts,” Science and Engineering Ethics, vol. 22, 2015, p. 303-341, 
⁶ ISACA, “COBIT Framework”
⁷ Sandhu, R.S.; Coyne, E. J.; et al.; “Role-Based Access Control Models,” Computer, vol. 29, iss. 2, 1996, p. 38-47
⁸ IBM, IBM Security X-Force Threat Intelligence Index 2023, 2023
⁹ Kaye, J.; Whitley, E. A.; et al.; “Dynamic Consent: A Patient Interface for Twenty-First Century Research Networks,” European Journal of Human Genetics, vol. 23, 2015, p.141-146
¹⁰ Genomics England, “Consent and Participation in the 100,000 Genomes Project – Public Attitudes,” 18 July 2018
¹¹ Reuters, “Security Breach at MyHeritage Website Leaks Details of Over 92 Million Users,” 5 June 2018
¹² Grishin, D.; Obbad, K.; et al.; “Data Privacy in the Age of Personal Genomics,” Nature Biotechnology, vol. 37, 2019, p. 1115-1117
¹³ Krawiec, R.; “Blockchain: Opportunities for Health Care,” Deloitte
¹⁴ Tait, J.; Banda, G.; Proportionate and Adaptive Governance of Innovative Technologies: The Role of Regulations, Guidelines, and Standards, BSI
¹⁵ Kaye, J.; Heeney, C.; et al.; “Data Sharing in Genomics—Re-shaping Scientific Practice,” Nature Reviews Genetics, vol. 10, 2009, p. 331-335
¹⁶ Department of Biotechnology, Ministry of Science and Technology, Government of India, National Biotechnology Development Strategy 2021-2025, India 
¹⁷ Presidency of the Republic, Civil House, Deputy Directorate for Legal Affairs, Law No. 11,105, of March 24 2005, Brazil, 2005
¹⁸ Convention on Biological Diversity, Nagoya Protocol on Access to Genetic Resources and the Fair and Equitable Sharing of Benefits Arising from Their Utilization to the Convention on Biological Diversity, 2014
¹⁹ International Society for Computational Biology
²⁰ Convention on Biological Diversity, Nagoya Protocol
²¹ Doudna, J. A.; Sternberg, S. H.; A Crack in Creation: Gene Editing and the Unthinkable Power to Control Evolution, Houghton Mifflin Harcourt, USA, 2017
²² National Academy of Medicine, National Academy of Sciences, et al., Heritable Human Genome Editing, The National Academies Press, USA, 2020
²³ Beskow, L.; “Lessons from HeLa Cells: The Ethics and Policy of Biospecimens,” Annual Review of Genomics and Human Genetics, vol. 17, 2016
²⁴ Lewandowsky, S.; Ecker, U. K. H.; et al.; “Beyond Misinformation: Understanding and Coping with the “Post-Truth” Era,” Journal of Applied Research in Memory and Cognition, vol. 6, iss. 4, 2017, p. 353-369
²⁵ Mittelstadt, “The Ethics of Big Data”
²⁶ Jobin, A.; Ienca, M.; et al.; “The Global Landscape of AI Ethics Guidelines,” Nature Machine Intelligence, vol. 1, 2019, p. 389-399
²⁷ World Health Organization, Human Genome Editing: A Framework for Governance, 12 July 2021
²⁸ ISACA, “COBIT Framework”
²⁹ US Centers for Disease Control and Prevention, “About The Untreated Syphilis Study at Tuskegee,” 4 September 2024, USA
³⁰ Cyranoski, D.; "The CRISPR-Baby Scandal: What’s Next for Human Gene-Editing," Nature, vol. 566, 2019, p. 440-442
³¹ Singh, A.; Irfan, H.; et al.; “Revolutionary Breakthrough: FDA Approves CASGEVY, the First CRISPR/Cas9 Gene Therapy for Sickle Cell Disease,” Annals of Medicine and Surgery, vol. 86, iss. 8, 2024, p. 4555-4559,  
³² ISACA, “COBIT Framework”

ALEXIS COLLIER, CEH, SECURITY+

Is a health information system management officer in the US Army Reserves and a cybersecurity expert specializing in health informatics, governance, risk management, and project management. As an AI expert contributor for biomedical informatics at Snorkel AI, she has contributed to developing AI solutions for biomedical informatics and healthcare technology. Collier is also an accomplished educator who has created online courses on health informatics and nonprofit management. Her research explores workplace stress and burnout in nursing, while her thought leadership focuses on advancing healthcare systems. As the executive director of CARRY, Collier drives initiatives that promote community empowerment and education. More about her can be found on her website, www.alexiscollier.com, and at www.linkedin.com/in/alexiscollier.