Privacy Law Essentials: California’s Genetic Information Privacy Act | Hinshaw Privacy & Cyber Bytes – Insights on Compliance, Best Practices, and…

Posted: October 15, 2021 at 2:03 am

California Governor Newsom signed the Genetic Information Privacy Act (GIPA) into law on October 6, 2021. GIPA requires direct-to-consumer genetic testing companies to comply with certain privacy and data security requirements such as requiring consumers' affirmative consent regarding the collection, use, maintenance, and disclosure of genetic data, and enabling consumers to access and destroy their genetic data.

GIPA applies to companies that:

Licensed medical providers who are actively diagnosing or treating a patient's medical condition.

GIPA covers "genetic data," which is defined as any data, regardless of the format, that results from analysis of a biological sample from a consumer or from another element enabling equivalent information to be obtained, and concerns genetic material. Genetic material includes, but is not limited to, DNA, RNA, genes, chromosomes, alleles, genomes, alterations or modifications to DNA or RNA, SNPs, uninterpreted data that results from analysis of the biological sample, and any information extrapolated, derived, or inferred from materials in this list.

Genetic data does not include de-identified data, or a biological sample to the extent that data or a biological sample is collected, used, maintained, and disclosed exclusively for scientific research under very particular circumstances described in the law.

GIPA creates safeguards for privacy, security, and confidentiality for consumers of direct-to-consumer genetic testing. It ensures that consumers receive the required notice and have the ability to revoke consent for the use, collection, or disclosure of the consumer's genetic data.

Under GIPA, companies must do the following, among other requirements identified within the statute:

Consumers who have suffered injury in fact and lost money or property as a result of the violation of GIPA will have a private right of action. The California Attorney General and local government counsel will also prosecute GIPA through civil penalties.

GIPA will go into effect on January 1, 2022.

Continued here:
Privacy Law Essentials: California's Genetic Information Privacy Act | Hinshaw Privacy & Cyber Bytes - Insights on Compliance, Best Practices, and...

Related Post

Comments are closed.

Archives