- (a) A direct-to-consumer genetic testing company shall establish legal policies and processes for disclosing genetic data to law enforcement or another government agency without a consumer's express written consent.
- (b) A direct-to-consumer genetic testing company shall develop, implement, and maintain a comprehensive security program to protect consumers' genetic data against unauthorized access, use, or disclosure.
(c) A direct-to-consumer genetic testing company shall establish a process for a consumer to:
- (1) Access the consumer's genetic data;
- (2) Delete the consumer's account and genetic data; and
- (3) Request the destruction of the consumer's biological sample.
(d) Notwithstanding any other provisions of law, a direct-to-consumer genetic testing company may not, without the consumer's written consent, disclose a consumer's genetic data to:
- (1) An entity offering health insurance, life insurance, disability insurance, or long-term care insurance; or
- (2) An employer of the consumer.
Added by Acts 2022, c. 501, § 1, eff. Oct. 1, 2022.