Montana Code 30-23-104. Consumer genetic data — privacy notice — consent — access — deletion — destruction
30-23-104. Consumer genetic data — privacy notice — consent — access — deletion — destruction. To safeguard the privacy, confidentiality, security, and integrity of a consumer‘s genetic data, an entity shall:
Terms Used In Montana Code 30-23-104
- Biological sample: means any human material known to contain DNA, including tissue, blood, urine, or saliva. See Montana Code 30-23-102
- Consumer: means an individual who is a resident of this state. See Montana Code 30-23-102
- Entity: means a partnership, corporation, association, or public or private organization of any character that:
(a)offers consumer genetic testing products or services directly to a consumer; or
(b)collects, uses, or analyzes genetic data. See Montana Code 30-23-102
- Express consent: means a consumer's affirmative response to a clear, meaningful, and prominent notice regarding the collection, use, or disclosure of genetic data for a specific purpose. See Montana Code 30-23-102
- Genetic data: means any data, regardless of format, concerning a consumer's genetic characteristics. See Montana Code 30-23-102
- Genetic testing: means :
(a)a laboratory test of a consumer's complete DNA, regions of DNA, chromosomes, genes, or gene products to determine the presence of genetic characteristics of a consumer; or
(b)an interpretation of a consumer's genetic data. See Montana Code 30-23-102
- Guardian: A person legally empowered and charged with the duty of taking care of and managing the property of another person who because of age, intellect, or health, is incapable of managing his (her) own affairs.
- Person: means an individual, partnership, corporation, association, business, business trust, or legal representative of an organization. See Montana Code 30-23-102
- Power of attorney: A written instrument which authorizes one person to act as another's agent or attorney. The power of attorney may be for a definite, specific act, or it may be general in nature. The terms of the written power of attorney may specify when it will expire. If not, the power of attorney usually expires when the person granting it dies. Source: OCC
- Process: means a writ or summons issued in the course of judicial proceedings. See Montana Code 1-1-202
- State: when applied to the different parts of the United States, includes the District of Columbia and the territories. See Montana Code 1-1-201
- Third party: means a person other than the consumer, entity, or processor. See Montana Code 30-23-102
- United States: includes the District of Columbia and the territories. See Montana Code 1-1-201
(1)provide clear and complete information regarding the entity’s policies and procedures for the collection, use, or disclosure of genetic data by making available to a consumer:
(a)a high-level privacy policy overview that includes basic, essential information about the entity’s collection, use, or disclosure of genetic data; and
(b)a prominent, publicly available privacy notice that includes, at a minimum, information about the entity’s data collection, consent, use, access, disclosure, transfer, security, and retention and deletion practices for genetic data;
(2)obtain initial express consent from a consumer, parent, guardian, or power of attorney for the collection, use, or disclosure of the consumer’s genetic data that:
(a)clearly describes the entity’s use of the genetic data that the entity collects through the entity’s genetic testing product or service;
(b)specifies the categories of individuals within the entity that have access to test results; and
(c)specifies how the entity may share the genetic data;
(3)if the entity engages in any of the following, obtain a consumer’s:
(a)separate express consent for:
(i)the transfer or disclosure of the consumer’s genetic data or biological sample to any third party other than the entity’s processors, including the name of the third party to which the consumer’s genetic data or biological sample will be transferred or disclosed with the consumer’s express consent;
(ii)the use of genetic data beyond the primary purpose of the entity’s genetic testing product or service and inherent contextual uses; or
(iii)the entity’s retention of any biological sample provided by the consumer following the entity’s completion of the initial testing service requested by the consumer;
(b)informed express consent for transfer or disclosure of the consumer’s genetic data to third party persons for:
(i)research purposes; or
(ii)research conducted under the control of the entity for the purpose of publication or generalizable knowledge; and
(c)express consent for:
(i)marketing to a consumer based on the consumer’s genetic data;
(ii)marketing by a third-party person to a consumer based on the consumer having ordered or purchased a genetic testing product or service. Marketing does not include the provision of customized content or offers on the websites or through the applications or services provided by the entity with the first-party relationship to the consumer; or
(iii)sale or other valuable consideration of the consumer’s genetic data.
(4)comply with the provisions of 44-6-104 requiring a valid legal process for disclosing genetic data to law enforcement or any other government agency without a consumer’s express consent;
(5)develop, implement, and maintain a comprehensive security program to protect a consumer’s genetic data against unauthorized access, use, or disclosure; and
(6)provide a process for a consumer to:
(a)access the consumer’s genetic data;
(b)delete the consumer’s genetic data;
(c)revoke any consent provided by the consumer; and
(d)request and obtain the destruction of the consumer’s biological sample.
(7)Genetic data and biometric samples of Montana residents collected in the state may not be stored within the territorial boundaries of any country currently sanctioned in any way by the United States office of foreign asset control or designated as a foreign adversary under 15 C.F.R. § 7.4(a). Genetic data or biometric data of Montana residents collected in the state may only be transferred or stored outside the United States with the consent of the resident.