Data privacy and genetic testing: Guidance and enforcement from regulators

Begun in 1990, the Human Genome project had the goal of generating the first sequence of the human genome. By 2003, 92% of the genome was mapped and it was declared complete, while the final assembly was completed in January 2022. Today, anyone can download the complete sequence of a human genome from the National Library of Medicine's website.

The increased knowledge of human genomics — and the genomic data that powers it — has led to the development of a host of new health- and wellness-related services. These include things from precision medicine, whereby therapies are tailored to an individual's particular gene profile, to customized diet and exercise regiments, i.e., precision nutrition, to the identification of one's ancestry and long-lost relatives. Genomic data is also used to power innovation in vaccine development, pharmaceutical manufacturing, biofuel development and agriculture, to name just a few emerging domains of use.

Yet, the collection and use of genomic data has eclipsed many information privacy laws and principles designed prior to the advent of things like direct-to-consumer genetic testing services. While the DNA of privacy is evolving in the digital era, the privacy of DNA has not kept pace. Given these developments, U.S. state and federal authorities as well as international regulators have been making data privacy in genetic testing a priority through lawmaking, enforcement actions, guidance and other initiatives.

State genetic privacy laws

Numerous laws at the state level deal with genetic data and testing. Many of these laws prohibit genetic discrimination in areas like employment and health, life and disability insurance. California's Genetic Information Nondiscrimination Act, for example, prohibits genetic discrimination in sectors such as housing, employment, education, mortgage lending and public accommodations.