Texas Business and Commerce Code 503A.005 – Requirements for Certain Uses or Disclosure of Genetic Data and Biological Sample
(a) A direct-to-consumer genetic testing company shall:
(1) develop, implement, and maintain a comprehensive security program to protect an individual’s genetic data against unauthorized access, use, or disclosure; and
(2) make publicly available:
(A) a high-level privacy policy overview that includes basic, essential information about the company’s collection, use, or disclosure of genetic data; and
(B) a prominent privacy notice that includes information about the company’s data collection, consent, use, access, disclosure, transfer, security, retention, and deletion practices.
(b) Before collecting, using, or disclosing an individual’s genetic data, a direct-to-consumer genetic testing company shall provide to the individual information about the company’s collection, use, and disclosure of genetic data the company collects through a genetic testing product or service, including information that:
(1) clearly describes the company’s use of the genetic data;
(2) specifies the persons who have access to test results; and
(3) specifies the manner in which the company may share the genetic data.
(c) A direct-to-consumer genetic testing company shall provide a process for an individual to:
(1) access the individual’s genetic data;
(2) delete the individual’s account and genetic data; and
(3) destroy or require the destruction of the individual’s biological sample.