California Broadens Security and Breach Laws, Includes Genetic Data

Sheppard Mullin Richter & Hampton LLP

California recently updated both its data security and breach notice laws to include genetic data. With the passage of AB 825, the data security law now includes in the definition of “personal information” genetic data. The information needs to be “reasonably protected.” While many other states have similar “reasonable protection” requirements in their data security laws, California is one of a handful to specifically list genetic information.

Genetic is now “personal information” subject to data breach notification requirements. This includes the breach notification law that applies to state agencies as well as companies. Genetic data is any data that results from an analysis of a biological sample or an equivalent element from a consumer that concerns genetic material. This includes DNA, RNA, genes, chromosomes, alleles, genomes, alterations or modifications to DNA or RNA, and SNPs.

Both modifications go into effect January 1, 2022.

Putting it Into Practice: Companies will want to review their incident response policies and data security programs prior to the effective date to ensure genetic data is addressed. The inclusion of genetic data into both of these laws shows the increasing regulation of health and medical data outside of HIPAA. (In addition to these amendments, California concluded its 2021 legislative calendar passing a law aimed at direct-to-consumer testing companies collecting genetic data (which we discussed here)). 

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Sheppard Mullin Richter & Hampton LLP | Attorney Advertising

Written by:

Sheppard Mullin Richter & Hampton LLP

Sheppard Mullin Richter & Hampton LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide