On May, 25 2009 the Italian Data Protection Authority (DPA) disclosed the results of an investigation over the DNA forensics database run by the Carabinieri’s Raggruppamento Investigativo Speciale (RIS.) [1. One of the three main police force in Italy. The others are Polizia di Stato and Guardia di Finanza]
According to the laconic press release, the DPA ordered RIS to enforce stricter security measures to track who access the database. Although the DPA (as often) didn’t release the full decision, it is a legitimate inference to say that RIS didn’t take DNA security seriously enough. DPA decision shares the same (flawed) cultural milieu of the Italian National DNA Database Institution Bill, soon to become into full force. The DPA objected nothing about RIS ( (as well as the NDNAD bill) to retain both biological sample and DNA profile. By doing so, the DPA laid the foundation for the most pervasive, State-controlled citizen mass privacy violation.
Current DNA profiling methods, such as the SNPs (read “snips”) are powerful enough to allow the identification of a person, without the need of preserving the biological sample that provided the genetic profile. By saying that Carabinieri (and the Parliament) are allowed to do the contrary, means bear the effective risk of having analysis of a very diferrent (and uncontrolled) kind to be performed on the genetic code of the inhabitant of the Italian NDNAD.
Pandora’s pot would be – then – ready to be opened.