Any reputable research organization should keep all data under lock and key. Within the lab, individuals' data should be listed by an ID code, not by name. And only aggregate data (statistical results combined across multiple people) should ever be published. Heck, I have to follow these procedures, and I do the most benign sort of behavioral testing.
If you follow MichelleC's suggestions and they check out okay, your data will be very well protected.
(I would not worry at all about the DNA being kept for future analysis, provided future uses receive all the same protections as one-time use, which they should.)
