Arizona Laws 44-8002. Direct-to-consumer genetic testing company requirements; prohibition
A. A direct-to-consumer genetic testing company shall:
Terms Used In Arizona Laws 44-8002
- Biological sample: means any material part of a human, discharge from a human or derivative of a human, including tissue, blood, urine or saliva, that is known to contain DNA. See Arizona Laws 44-8001
- company: means an entity that offers genetic testing products or services directly to consumers that involve collecting from a consumer of either genetic data or biological samples and from which the company derives genetic data for analysis. See Arizona Laws 44-8001
- Consumer: means an individual who is a resident of this state. See Arizona Laws 44-8001
- Express consent: means a consumer's affirmative response to a clear and prominent notice regarding collecting, using or disclosing genetic data for a specific purpose. See Arizona Laws 44-8001
- Genetic testing: means any laboratory test of a consumer's complete DNA, regions of DNA, chromosomes, genes or gene products to determine the presence of a consumer's genetic characteristics. See Arizona Laws 44-8001
- including: means not limited to and is not a term of exclusion. See Arizona Laws 1-215
- Person: means an individual, partnership, corporation, association, business, business trust or legal representative of an organization. See Arizona Laws 44-8001
- Process: means a citation, writ or summons issued in the course of judicial proceedings. See Arizona Laws 1-215
1. Provide clear and complete information regarding the company’s policies and procedures for collecting, using or disclosing genetic data by making available to a consumer both of the following:
(a) A high-level privacy policy overview that includes basic, essential information about the company’s collection, use or disclosure of genetic data.
(b) A prominent, publicly available privacy notice that includes information about the company’s data collection, consent, use, access, disclosure, transfer, security and retention and deletion practices.
2. Obtain a consumer’s consent for collecting, using or disclosing the consumer’s genetic data, including:
(a) Initial express consent that clearly describes the uses of the genetic data collected through the genetic testing product or service and that specifies who has access to test results and how the genetic data may be shared.
(b) Separate express consent for any of the following:
(i) Transferring or disclosing the consumer’s genetic data to any person other than the company’s vendors and service providers.
(ii) Using genetic data beyond the primary purpose of the genetic testing product or service and inherent contextual uses.
(iii) Retaining any biological sample provided by the consumer following completion of the initial testing service requested by the consumer.
(c) Informed consent in compliance with the federal policy for the protection of human research subjects prescribed by Title 45 of the Code of Federal Regulations, Part 46 for transferring or disclosing the consumer’s genetic data to third-party persons for research purposes or research conducted under the control of the company for the purpose of publication or generalizable knowledge.
(d) Express consent for marketing to a consumer based on the consumer’s genetic data or for marketing by a third-party person to a consumer based on the consumer having ordered or purchased a genetic testing product or service. For the purposes of this subdivision, marketing does not include providing customized content or offers on websites or through applications or services provided by the direct-to-consumer genetic testing company with the first-party relationship to the consumer.
3. Require a valid legal process for disclosing genetic data to law enforcement or any other government agency without a consumer’s express written consent.
4. Develop, implement and maintain a comprehensive security program to protect a consumer’s genetic data against unauthorized access, use or disclosure.
5. Provide a process for a consumer to do all of the following:
(a) Access the consumer’s genetic data.
(b) Delete the consumer’s account and genetic data.
(c) Request and obtain the destruction of the consumer’s biological sample.
6. Disclose genetic data only in accordance with section 12-2802.
B. Notwithstanding any other provision in this section, a direct-to-consumer genetic testing company may not disclose a consumer’s genetic data to any entity offering health insurance, life insurance or long-term care insurance or to any employer of the consumer.