As a privacy lawyer, including genetic privacy, our practice focuses on helping clients navigate the complex landscape of laws and regulations that protect genetic information. This includes federal laws like the Genetic Information Nondiscrimination Act (GINA), state-specific comprehensive privacy laws such a as the California Consumer Privacy Act (CCPA) as well as state-specific laws such as the California Genetic Information Privacy Act (GIPA) and the Illinois Genetic Information Privacy Act (GIPA), as well as international frameworks like the General Data Protection Regulation (GDPR).
Overview of Relevant Laws
- HIPAA: The Health Insurance Portability and Accountability Act primarily regulates health information, including genetic data, within healthcare settings. GINA further enhances HIPAA by treating genetic information as protected health information.
- GINA: Prohibits genetic discrimination in employment and health insurance. It ensures that genetic information is not used to make employment or insurance decisions.
- State Privacy Laws:
- California GIPA: Focuses on protecting genetic data collected by companies like 23andMe, requiring explicit consent for data collection and use.
- Illinois GIPA: Prohibits the use of genetic information for insurance underwriting and has seen recent class actions against employers for requesting family medical history.
- CCPA and CPRA: While not exclusively focused on genetic data, these laws provide broad protections for personal data, including genetic information, collected from California residents.
- Other State Privacy Laws: There are numerous other comprehensive privacy laws similar to the CCPA that would also apply in the context of genetics privacy.
- GDPR: Applies to companies handling genetic data of EU residents, emphasizing consent and data subject rights.
- Other International Laws: There are many countries with comprehensive privacy laws that could be relevant in genetics privacy scenarios.
Recent Developments and Insights
23andMe Bankruptcy
The recent bankruptcy filing by 23andMe highlights significant concerns about the future of genetic data privacy. With millions of DNA profiles, there are fears about potential data misuse or unauthorized access. Despite assurances from 23andMe that it will prioritize data privacy in any sale, some users have deleted their data.
Illinois GIPA Class Actions
Over 30 lawsuits have been filed under Illinois’ GIPA, targeting companies that require job applicants to disclose family medical history. These cases represent a new legal challenge, particularly for industries like transportation and logistics, where physical fitness assessments are common. Early court decisions have favored plaintiffs, but there remains uncertainty about what constitutes genetic information.
Practice Focus
Our practice is dedicated to advising clients on compliance with these laws, navigating the complexities of genetic data privacy. If you are a business seeking to ensure compliance with evolving regulations, we can guide you through this rapidly changing legal landscape.
Inquire About Our Genetic Privacy Law Services
- Employers and Insurance Companies Continue Targeted with Deluge of Claims Under the Illinois Genetic Information Privacy Act: The Illinois Genetic Information Privacy Act, 410 ILCS 513/1, et seq. (“GIPA”), which was passed in 1998 and amended in 2008, had until recently received little attention from the plaintiffs’ bar. That changed last August, after a court granted certification in a federal GIPA class action involving alleged unauthorized disclosure of consumers’ genetic information to unknown third-party developers by a website that sold DNA analysis reports. Read More →
- Data privacy and genetic testing: Guidance and enforcement from regulators: Begun in 1990, the Human Genome project had the goal of generating the first sequence of the human genome. By 2003, 92% of the genome was mapped and it was declared complete, while the final assembly was completed in January 2022. Today, anyone can download the complete sequence of a human genome from the National Library of Medicine’s website. Read More →
- Privacy authorities in Canada and UK announce joint probe of 23andMe data breach: Canadian and British privacy regulators are together probing the global data breach of the genetic testing company 23andMe, authorities in the two countries announced Monday. Read More →
- Seventh Circuit Affirms Dismissal of Lawsuit Alleging Violation of Genetic Right to Privacy, Rebuffing Claims Premised on Stock Purchase of Genetic Testing Company: The Seventh Circuit issued a ruling which affirmed the dismissal of claims filed under Illinois’s Genetic Information Privacy Act. Bridges, et al. v. Blackstone, Inc., No. 22-2486 (7th Circ. 2023). Because this decision limits in most instances the circumstances under which claims could be brought under the statute in the context of a corporate transaction, it is a win for defendants in future filed cases. Read More →
- The DNA of Genetic Privacy Legislation: Montana, Tennessee, Texas, and Virginia Enter 2024 with New Genetic Privacy Laws Incorporating FPF’s Best Practices: In 2023, four states enacted new genetic privacy laws regulating direct-to-consumer genetic testing companies. This blog post provides details on what these new laws cover and how they compare to FPF’s widely-adopted Best Practices for Consumer Genetic Testing Services. Read More →
- FTC Says Genetic Testing Company 1Health Failed to Protect Privacy and Security of DNA Data and Unfairly Changed its Privacy Policy: The Federal Trade Commission charged that the genetic testing firm 1Health.io left sensitive genetic and health data unsecured, deceived consumers about their ability to get their data deleted, and changed its privacy policy retroactively without adequately notifying and obtaining consent from consumers whose data the company had already collected. Read More →