(1) A direct-to-consumer genetic testing company shall:

lawyer at desk

Ask a business law question, get an answer ASAP!
Thousands of highly rated, verified business lawyers.
Click here to chat with a lawyer about your rights.

Terms Used In Utah Code 13-60-104

  • Biological sample: means any human material known to contain DNA, including tissue, blood, urine, or saliva. See Utah Code 13-60-102
  • company: means an entity that:
         (4)(a) offers consumer genetic testing products or services directly to consumers; or
         (4)(b) collects, uses, or analyzes genetic data that a consumer provides to the entity. See Utah Code 13-60-102
  • Consumer: means an individual who is a resident of the state. See Utah Code 13-60-102
  • Express consent: means a consumer's affirmative response to a clear, meaningful, and prominent notice regarding the collection, use, or disclosure of genetic data for a specific purpose. See Utah Code 13-60-102
  • Genetic data: includes :
              (7)(b)(i) raw sequence data that result from sequencing all or a portion of a consumer's extracted DNA;
              (7)(b)(ii) genotypic and phenotypic information obtained from analyzing a consumer's raw sequence data; and
              (7)(b)(iii) self-reported health information regarding a consumer's health conditions that the consumer provides to a company that the company:
                   (7)(b)(iii)(A) uses for scientific research or product development; and
                   (7)(b)(iii)(B) analyzes in connection with the consumer's raw sequence data. See Utah Code 13-60-102
  • Genetic testing: means :
         (8)(a) a laboratory test of a consumer's complete DNA, regions of DNA, chromosomes, genes, or gene products to determine the presence of genetic characteristics of the consumer; or
         (8)(b) an interpretation of a consumer's genetic data. See Utah Code 13-60-102
  • Person: means :
         (24)(a) an individual;
         (24)(b) an association;
         (24)(c) an institution;
         (24)(d) a corporation;
         (24)(e) a company;
         (24)(f) a trust;
         (24)(g) a limited liability company;
         (24)(h) a partnership;
         (24)(i) a political subdivision;
         (24)(j) a government office, department, division, bureau, or other body of government; and
         (24)(k) any other organization or entity. See Utah Code 68-3-12.5
  • Process: means a writ or summons issued in the course of a judicial proceeding. See Utah Code 68-3-12.5
     (1)(a) provide to a consumer:

          (1)(a)(i) essential information about the company’s collection, use, and disclosure of genetic data; and
          (1)(a)(ii) a prominent, publicly available privacy notice that includes information about the company’s data collection, consent, use, access, disclosure, transfer, security, retention, and deletion practices;
     (1)(b) obtain a consumer’s initial express consent for collection, use, or disclosure of the consumer’s genetic data that:

          (1)(b)(i) clearly describes the company’s use of the genetic data that the company collects through the company’s genetic testing product or service;
          (1)(b)(ii) specifies who has access to test results; and
          (1)(b)(iii) specifies how the company may share the genetic data;
     (1)(c) if the company engages in any of the following, obtain a consumer’s:

          (1)(c)(i) separate express consent for:

               (1)(c)(i)(A) the transfer or disclosure of the consumer’s genetic data to any person other than the company’s vendors and service providers;
               (1)(c)(i)(B) the use of genetic data beyond the primary purpose of the company’s genetic testing product or service; or
               (1)(c)(i)(C) the company’s retention of any biological sample provided by the consumer following the company’s completion of the initial testing service requested by the consumer;
          (1)(c)(ii) informed consent in accordance with the Federal Policy for the Protection of Human Subjects, 45 C.F.R. Part 46, for transfer or disclosure of the consumer’s genetic data to a third party for:

               (1)(c)(ii)(A) research purposes; or
               (1)(c)(ii)(B) research conducted under the control of the company for the purpose of publication or generalizable knowledge; and
          (1)(c)(iii) express consent for:

               (1)(c)(iii)(A) marketing to a consumer based on the consumer’s genetic data; or
               (1)(c)(iii)(B) marketing by a third party person to a consumer based on the consumer having ordered or purchased a genetic testing product or service;
     (1)(d) require valid legal process for the company’s disclosure of a consumer’s genetic data to law enforcement or any government entity without the consumer’s express written consent;
     (1)(e) develop, implement, and maintain a comprehensive security program to protect a consumer’s genetic data against unauthorized access, use, or disclosure; and
     (1)(f) provide a process for a consumer to:

          (1)(f)(i) access the consumer’s genetic data;
          (1)(f)(ii) delete the consumer’s account and genetic data; and
          (1)(f)(iii) destroy the consumer’s biological sample.
(2) Notwithstanding Subsection (1)(c)(iii), a direct-to-consumer genetic testing company with a first-party relationship to a consumer may, without obtaining the consumer’s express consent, provide customized content or offers on the company’s website or through the company’s application or service.

  Previous section
Next section  
 Part 1 Contents