ARTICLE
19 October 2021

California Broadens Security And Breach Laws, Includes Genetic Data

SM
Sheppard Mullin Richter & Hampton

Contributor

Sheppard Mullin is a full service Global 100 firm with over 1,000 attorneys in 16 offices located in the United States, Europe and Asia. Since 1927, companies have turned to Sheppard Mullin to handle corporate and technology matters, high stakes litigation and complex financial transactions. In the US, the firm’s clients include more than half of the Fortune 100.
California recently updated both its data security and breach notice laws to include genetic data. With the passage of AB 825, the data security law now includes in the definition of "personal information" genetic data.
United States California Privacy

California recently updated both its data security and breach notice laws to include genetic data. With the passage of AB 825, the data security law now includes in the definition of "personal information" genetic data. The information needs to be "reasonably protected." While many other states have similar "reasonable protection" requirements in their data security laws, California is one of a handful to specifically list genetic information.

Genetic is now "personal information" subject to data breach notification requirements. This includes the breach notification law that applies to state agencies as well as companies. Genetic data is any data that results from an analysis of a biological sample or an equivalent element from a consumer that concerns genetic material. This includes DNA, RNA, genes, chromosomes, alleles, genomes, alterations or modifications to DNA or RNA, and SNPs.

Both modifications go into effect January 1, 2022.

Putting it Into Practice: Companies will want to review their incident response policies and data security programs prior to the effective date to ensure genetic data is addressed. The inclusion of genetic data into both of these laws shows the increasing regulation of health and medical data outside of HIPAA. (In addition to these amendments, California concluded its 2021 legislative calendar passing a law aimed at direct-to-consumer testing companies collecting genetic data (which we discussed here)).

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More