Tri-Council Policy Statement (TCPS) 2 Core Practice Exam

Protecting privacy in genetic data sharing depends on governance that restricts who can access the data and what they can do with it. The best mechanism combines controlled access with explicit restrictions on attempts to re-identify individuals. When access is controlled, a data access committee reviews each request, and a data use agreement sets allowed purposes, security measures, and a clear ban on re-identification. This approach acknowledges that de-identified data can still carry re-identification risk, so access is limited to qualified researchers under oversight, with consequences for trying to re-identify. Open sharing would greatly increase privacy risks, and de-identification alone isn’t enough for genetic data; consent is important but does not substitute for the governance and technical safeguards that controlled access provides.