A direct-to-consumer genetic testingcompany shall:
Terms Used In Utah Code 13-60-104
Biological sample: means any human material known to contain DNA, including tissue, blood, urine, or saliva. See Utah Code 13-60-102
company: means an entity that:
(a)
offers consumer genetic testing products or services directly to consumers; or
(b)
collects, uses, or analyzes genetic data that a consumer provides to the entity. See Utah Code 13-60-102
Consumer: means an individual who is a resident of the state. See Utah Code 13-60-102
Express consent: means a consumer's affirmative response to a clear, meaningful, and prominent notice regarding the collection, use, or disclosure of genetic data for a specific purpose. See Utah Code 13-60-102
Genetic data: includes :
(i)
raw sequence data that result from sequencing all or a portion of a consumer's extracted DNA;
(ii)
genotypic and phenotypic information obtained from analyzing a consumer's raw sequence data; and
(iii)
self-reported health information regarding a consumer's health conditions that the consumer provides to a company that the company:
(A)
uses for scientific research or product development; and
(B)
analyzes in connection with the consumer's raw sequence data. See Utah Code 13-60-102
Genetic testing: means :
(a)
a laboratory test of a consumer's complete DNA, regions of DNA, chromosomes, genes, or gene products to determine the presence of genetic characteristics of the consumer; or
Process: means a writ or summons issued in the course of a judicial proceeding. See Utah Code 68-3-12.5
(a)
provide to a consumer:
(i)
essential information about the company’s collection, use, and disclosure of genetic data; and
(ii)
a prominent, publicly available privacy notice that includes information about the company’s data collection, consent, use, access, disclosure, transfer, security, retention, and deletion practices;
(b)
obtain a consumer’s initial express consent for collection, use, or disclosure of the consumer’s genetic data that:
(i)
clearly describes the company’s use of the genetic data that the company collects through the company’s genetic testing product or service;
(ii)
specifies who has access to test results; and
(iii)
specifies how the company may share the genetic data;
(c)
if the company engages in any of the following, obtain a consumer’s:
(i)
separate express consent for:
(A)
the transfer or disclosure of the consumer’s genetic data to any person other than the company’s vendors and service providers;
(B)
the use of genetic data beyond the primary purpose of the company’s genetic testing product or service; or
(C)
the company’s retention of any biological sample provided by the consumer following the company’s completion of the initial testing service requested by the consumer;
(ii)
informed consent in accordance with the Federal Policy for the Protection of Human Subjects, 45 C.F.R. part 46, for transfer or disclosure of the consumer’s genetic data to a third party for:
(A)
research purposes; or
(B)
research conducted under the control of the company for the purpose of publication or generalizable knowledge; and
(iii)
express consent for:
(A)
marketing to a consumer based on the consumer’s genetic data; or
(B)
marketing by a third party person to a consumer based on the consumer having ordered or purchased a genetic testing product or service;
(d)
require valid legal process for the company’s disclosure of a consumer’s genetic data to law enforcement or any government entity without the consumer’s express written consent;
(e)
develop, implement, and maintain a comprehensive security program to protect a consumer’s genetic data against unauthorized access, use, or disclosure; and
(f)
provide a process for a consumer to:
(i)
access the consumer’s genetic data;
(ii)
delete the consumer’s account and genetic data; and
(iii)
destroy the consumer’s biological sample.
(2)
Notwithstanding Subsection (1)(c)(iii), a direct-to-consumer genetic testing company with a first-party relationship to a consumer may, without obtaining the consumer’s express consent, provide customized content or offers on the company’s website or through the company’s application or service.
Renumbered and Amended by Chapter 327, 2023 General Session
