A Genetic Information Privacy Act in California

State Senator Thomas Umberg (D, Orange County) has introduced a bill, SB 980, to offer new protections for consumers of genetic testing. He explains:

The fact that the Pentagon just warned all of the country’s military personnel to avoid home DNA tests should raise bright red flags for all consumers. Direct-to-Consumer genetic testing companies have, to date, gone largely unregulated by either state or national governments. This has led to the disclosure of consumers’ private biological information to third parties.

This is certainly timely. Indeed, it should probably be seen not only as good for consumers but also good for the Direct-to-Consumer genetic testing (DTC) industry. Over the last few months, the industry has been attracting criticism and losing customers. Sensible regulation should be helpful to the companies involved.

Federal legislation has effectively stalled since 2008, when the Genetic Information Nondiscrimination Act (GINA) was passed almost unanimously (the libertarian Ron Paul was the only No vote). GINA was focused on preventing discrimination in health insurance and employment. Even then, however, there was criticism that it did not adequately address direct-to-consumer (DTC) genetic testing, which was just starting its rapid growth. 

Since the federal government isn’t adequately regulating the DTC industry, states are beginning to act. This may not be a complete list: 

• In Nevada, it is unlawful to obtain or retain “any genetic information of a person without informed consent” with some specified exceptions. 
• In Alaska, “a DNA sample and the results of a DNA analysis performed on the sample are the exclusive property of the person sampled or analyzed.” 
• The Florida legislature just passed a Bill to prevent life, disability and long-term care insurance companies from using genetic tests for coverage decisions (they are not covered by GINA or other Federal or State protections).
• New York has had a Law about the Confidentiality of Genetic Tests since 1996, and is considering the “It’s Your Data Act” and other proposals.
• Maryland has a law about genetic privacy that is focused on health insurance, and several other bills have been introduced. 
• Illinois has amended its 2008 Genetic Information Privacy Act, to specify how a request for consent to disclose must be framed. 
• A Missouri bill would prohibit disclosure of any biometric data, specifically including DNA, “for any purpose other than for a purpose the individual reasonably expects.”

There is already a California Consumer Privacy Act, which came into effect on January 1st, 2020; detailed regulations are still in process. The state’s proposed Genetic Information Privacy Act builds on that by insisting on the prior written consent of any individual whose genetic information may be passed on. The bill specifies exactly how that consent should be obtained: in a separate document, in at least 14-point type, with exactly specified wording, and including the possibility of revoking permission.

The new bill is not the only effort underway in California attempting to provide greater privacy protection for residents and their genetic data. For over a year, the Center for Genetics and Society (CGS), the Equal Justice Society (EJS) and an individual plaintiff, the author of this post, have been pursuing a lawsuit arguing that the state is violating the California Constitution’s privacy protections. Details on the content and progress of Center for Genetics and Society v. Becerra, as it is known, can be found here. In short, hundreds of thousands of innocent people have their DNA included in the criminal database, though their information ought to be removed. The case was dismissed by the lower court, but an appeal has been filed.