§ 59.1-597 – Other requirements applicable to direct-to-consumer genetic testing companies

Every direct-to-consumer genetic testing company shall:

1. Implement and maintain reasonable security procedures and practices to protect a consumer’s genetic data against unauthorized access, destruction, use, modification, or disclosure; and

2. Develop procedures and practices to allow a consumer to easily (i) access the consumer’s genetic data; (ii) delete the consumer’s genetic data, except any data required by state or federal law to be retained by the direct-to-consumer genetic testing company and any account the consumer may have created with the direct-to-consumer genetic testing company; and (iii) revoke express consent to storage of the consumer’s biological sample and request destruction of such biological sample.