KLS Keeping Law Simple Legislation in plain English

Straight-ahead summaries built from the official bill text. We keep the source links front and center and leave the decision up to you.

Back to Wyoming

HB0086 • 2022

Genetic data privacy-amendments.

AN ACT relating to genetic data privacy; prohibiting the collection, retention and disclosure of genetic data as specified; providing exceptions; providing for a civil cause of action by the attorney general as specified; providing definitions; specifying applicability; and providing for an effective date.

Privacy Technology
Enacted

This bill passed the Legislature and reached final enactment based on the latest official action.

Sponsor
BlockChain/Technology
Last action
2022-03-08
Official status
enrolled
Effective date
7/1/2022

Plain English Breakdown

The summary provided is a close match to the bill's content but requires slight adjustments to align with the exact wording of the legislation.

Amendments to Genetic Data Privacy Laws

This act updates Wyoming's laws on genetic data privacy by defining key terms, setting rules for how companies can handle genetic information, and allowing the attorney general to take legal action if these rules are broken.

What This Bill Does

  • Updates definitions related to genetic testing and data in line with current practices.
  • Specifies that direct-to-consumer genetic testing companies must obtain clear consent from customers before collecting, using, or sharing their genetic information.
  • Requires companies to provide detailed privacy policies about how they handle genetic data.
  • Prohibits the disclosure of genetic data without a consumer's written permission, except in certain legal situations.
  • Allows the attorney general to sue companies if they violate these rules.

Who It Names or Affects

  • Direct-to-consumer genetic testing companies
  • Consumers who use genetic testing services
  • The Wyoming Attorney General

Terms To Know

Genetic data
Information about a person's genes or DNA, including raw sequence data and health information used for research.
Informed consent
A clear agreement from someone allowing their genetic data to be collected, used, or shared by a company.

Limits and Unknowns

  • The act does not apply to health information protected under federal laws like HIPAA.
  • It only applies to companies that offer direct-to-consumer genetic testing services in Wyoming.

Bill History

  1. 2022-03-08 LSO

    Assigned Chapter Number 18

  2. 2022-03-08 Governor

    Governor Signed HEA No. 0008

  3. 2022-03-04 Senate

    S President Signed HEA No. 0008

  4. 2022-03-03 House

    H Speaker Signed HEA No. 0008

  5. 2022-03-03 LSO

    Assigned Number HEA No. 0008

  6. 2022-03-03 Senate

    S 3rd Reading:Passed 30-0-0-0-0

  7. 2022-03-02 Senate

    S 2nd Reading:Passed

  8. 2022-03-01 Senate

    S COW:Passed

  9. 2022-02-28 Senate

    S Placed on General File

  10. 2022-02-28 Senate

    S01 - Judiciary:Recommend Do Pass 5-0-0-0-0

  11. 2022-02-24 Senate

    S Introduced and Referred to S01 - Judiciary

  12. 2022-02-24 Senate

    S Received for Introduction

  13. 2022-02-24 House

    H 3rd Reading:Passed 59-0-1-0-0

  14. 2022-02-23 House

    H 2nd Reading:Passed

  15. 2022-02-22 House

    H COW:Passed

  16. 2022-02-18 House

    H Placed on General File

  17. 2022-02-18 House

    H01 - Judiciary:Recommend Do Pass 9-0-0-0-0

  18. 2022-02-15 House

    H Introduced and Referred to H01 - Judiciary 60-0-0-0-0

  19. 2022-02-11 House

    H Received for Introduction

  20. 2022-02-09 LSO

    Bill Number Assigned

Official Summary Text

Bill Summary - 22LSO-0291
Bill No.:

HB0086

Effective:

7/1/2022 12:00:00 AM

LSO No.:

22LSO-0291

Enrolled Act No.:

HEA No. 0008

Chapter No.:

18

Prime Sponsor:

Select Committee on Blockchain, Financial Technology and Digital Innovation Technology

Catch Title:

Genetic data privacy-amendments.

Subject:

Genetic data privacy.

Summary/Major Elements:

Amends existing genetic data privacy laws to update definitions in accordance with current practices and in line with other states.

Specifies the rights of consumers with respect to their genetic data, how that data is to be handled by genetic testing companies, and the information required to be disclosed to an individual submitting a genetic sample to a genetic testing company.

Authorizes the attorney general to bring an action on behalf of consumers when genetic testing companies have violated the provisions of this act.
The above summary is not an official publication of the Wyoming Legislature and is not an official statement of legislative intent.

While the Legislative Service Office endeavored to provide accurate information in this summary, it should not be relied upon as a comprehensive abstract of the bill.

Current Bill Text

Read the full stored bill text 
22LSO-0291

ORIGINAL House

Bill No
.
HB0086

ENROLLED ACT NO. 8,

HOUSE OF REPRESENTATIVES

SIXTY-SIXTH LEGISLATURE OF THE STATE OF WYOMING
2022 Budget Session

AN ACT relating to genetic data privacy; prohibiting the collection, retention and disclosure of genetic data as specified; providing exceptions; providing for a civil cause of action by the attorney general as specified; providing definitions; specifying applicability; and providing for an effective date.

Be It Enacted by the Legislature of the State of Wyoming:

Section 1.

W.S. 35
‑
32
‑
105 is created to read:

35
‑
32
‑
105.

General provisions; limitations.

(a)

The provisions of this chapter applicable to direct to consumer genetic testing companies shall not be waived.

(b)

The disclosure of genetic data pursuant to this chapter shall comply with all state and federal laws for the protection of privacy and security. This chapter shall not apply to protected health information that is collected by a covered entity or business associate governed by the privacy, security and breach notification rules issued by the United States Department of Health and Human Services (Parts Regulations) 160 and 164 of Title 45 of the Code of Federal Services (Parts Regulations) established pursuant to the federal Health Insurance Portability and Accountability Act of 1996 (P.L. 104
‑
191) and the federal Health Information Technology for Economic and Clinical Health Act (P.L. 111
‑
5).

Section 2
.

W.S. 35
‑
32
‑
101(a)(intro), (iii), (v), (vi)(A), (B) and by creating new paragraphs (vii) through (xi), 35
‑
32
‑
102(a), (b)(intro), (xi) and by creating new
subsections (c) and (d), 35
‑
32
‑
103 and 35
‑
32
‑
104(b) and by creating a new subsection (c) are amended to read:

CHAPTER 32
GENETIC
INFORMATION
DATA
PRIVACY

35
‑
32
‑
101.

Definitions.

(a)

As used in this chapter
unless otherwise defined
:

(iii)

"Genetic
analysis
testing
" means
a
any laboratory
test of an individual's
complete
DNA,
gene products or
regions of DNA,
chromosomes
to determine the presence or absence of
or genes to determine the presence of
genetic characteristics
in
of
an individual
or family
;

(v)

"Genetic
information" means information about the
data" means any data, regardless of its format, that concerns an individual's
genetic characteristics
.

of an individual or members of an individual's family that are the results of genetic analysis;
Genetic data includes:

(A)

Raw sequence data that result from sequencing of an individual’s complete extracted or a portion of the extracted DNA;

(B)

Genotypic and phenotypic information that results from analyzing the raw sequence data, including any familial inferences therefrom; and

(C)

Self reported
health information that an individual submits to a company regarding the individual's health conditions and that is used for scientific research or product development and analyzed in connection with the individual's raw sequence data.

(vi)

"Informed consent" means the signing of a consent form or forms in writing or by electronic signature as defined in W.S. 40
‑
21
‑
102(a)(viii) by an individual or an individual's authorized representative which includes a description of:

(A)

Any genetic
analysis
testing
to be performed and how the genetic
analysis
testing
or resulting genetic
information
data
will be used;

(B)

How any genetic
information
data
will be retained or disclosed;

(vii)

"Biological sample" means any material part of a human, discharge therefrom or derivative thereof known to contain deoxyribonucleic acid (DNA), such as tissue, blood, urine or saliva;

(viii)

"Consumer" means a natural person who is a resident of the state of Wyoming;

(ix)

"Deidentified data" means data that cannot be used to infer information about or otherwise be linked to an identifiable individual, and that is subject to:

(A)

Administrative and technical measures to ensure that the data cannot be associated with a particular individual;

(B)

Public commitment by the company to maintain and use data in deidentified form and not attempt to reidentify data; and

(C)

Legally enforceable contractual obligations that prohibit any recipient of the data from attempting to reidentify the data.

(x)

"Direct to consumer genetic testing company" or "company" means any person that offers consumer genetic testing products or services directly to consumers or who collects, uses or analyzes genetic data provided by a consumer;

(xi)

"Express consent" means a consumer
'
s affirmative response to a clear, meaningful and prominent notice regarding the collection, use or disclosure of the consumer's genetic data for a specific purpose.

35
‑
32
‑
102.

Genetic testing; prohibitions; exceptions.

(a)

Except as provided in subsection (b) of this section, no person conducting genetic
analysis
testing
shall do any of the following without the informed consent of the individual or the individual's authorized representative:

(i)

Obtain an individual's genetic
information
data
;

(ii)

Perform
a
genetic
analysis
testing
on an individual;

(iii)

Retain an individual's genetic
information
data
;

(iv)

Disclose an individual's genetic
information
data
.

(b)

Except as otherwise prohibited by law, an individual's genetic
information
data
may be obtained, retained, disclosed and used without informed consent for:

(xi)

Services limited to storage, retrieval, handling or transmission of genetic
information
data
by a third party service provider pursuant to a contract or other obligation;

(c)

To safeguard the privacy, confidentiality, security and integrity of a consumer
'
s genetic data, a direct to consumer genetic testing company shall:

(i)

Provide clear and complete information regarding the company
'
s policies and procedures for the collection, use or disclosure of genetic data by making available to a consumer:

(A)

A high
‑
level privacy policy overview that includes essential information about the company's collection, use or disclosure of genetic data; and

(B)

A prominent, publicly available privacy notice that includes, at a minimum, information about the company
'
s data collection, consent, use, access, disclosure, transfer, security and retention and deletion practices.

(ii)

Obtain a consumer
'
s consent for the collection, use or disclosure of the consumer
'
s genetic data including, at a minimum:

(A)

Initial express consent that describes the uses of the genetic data collected through the genetic
testing product or service, and specifies who has access to test results and how the genetic data may be shared;

(B)

Separate express consent for transferring or disclosing the consumer
'
s genetic data to any person other than the company
'
s vendors and service providers, or for using genetic data beyond the primary purpose of the genetic testing product or service and inherent contextual uses;

(C)

Separate express consent for the retention of any biological sample provided by the consumer following completion of the initial testing service requested by the consumer;

(D)

Informed consent in compliance with the federal policy for the protection of human research subjects, 45 C.F.R. § 46, for transfer or disclosure of the consumer
'
s genetic data to third party persons for research purposes or research conducted under the control of the company for the purpose of publication or generalizable knowledge; and

(E)

Separate express consent for marketing to a consumer based on the consumer
'
s genetic data, or for marketing by a third party person to a consumer based on the consumer having ordered or purchased a genetic testing product or service. Marketing does not include the provision of customized content or offers on the websites or through the applications or services provided by a direct to consumer genetic testing company with a first
‑
party relationship to the customer.

(iii)

Require valid legal process for disclosing genetic data to law enforcement or any other government agency without a consumer
'
s express written consent;

(iv)

Develop, implement and maintain a comprehensive security program that protects a consumer
'
s genetic data against unauthorized access, use or disclosure; and

(v)

Provide a process for a consumer to:

(A)

Access the consumer
'
s genetic data;

(B)

Delete the consumer
'
s account and genetic data; and

(C)

Request and obtain the destruction of the consumer
'
s biological sample.

(d)

Notwithstanding any other provisions in this section, a direct to consumer genetic testing company shall not disclose a consumer
'
s genetic data to any entity offering health insurance, life insurance or long
‑
term care insurance, or to any employer of the consumer without the consumer
'
s written consent.

35
‑
32
‑
103.

Genetic data; inspection; retention.

(a)

An individual or the individual's authorized representative may inspect, correct and obtain genetic
information
data
about the individual.

(b)

A person conducting genetic
analysis
testing
shall destroy an individual's genetic
information
data
upon
request by the individual or the individual's authorized representative unless:

(i)

The
information
data
was obtained pursuant to W.S. 35
‑
32
‑
102(b); or

(ii)

Retention of the
information
data
is necessary for a purpose disclosed to the individual or representative in the informed consent.

(c)

Genetic
information
data
about an individual obtained pursuant to W.S. 35
‑
32
‑
102(b) shall be used solely for the purposes obtained and shall be destroyed or returned to the individual or the individual's authorized representative upon completion of the purposes for which the
information
data
was obtained or in accordance with law.

35
‑
32
‑
104.

Criminal penalty; private right of action.

(b)

An individual whose rights have been violated under the provisions of this chapter may bring a civil action to enjoin or restrain any violation of this chapter and may in the same action seek damages from the person violating this chapter.
Prior to filing an action under this subsection the individual shall give notice in writing to the alleged violator stating fully the nature of the alleged violation.

The alleged violator shall have not more than sixty (60) days from the date notice is provided to cure any violation.

If, after sixty (60) days the violation has not been cured, the individual may bring a civil action.
A prevailing party in an action brought under this subsection may recover all costs and expenses reasonably associated with the action, including but not limited to reasonable attorney fees.

(c)

The attorney general may bring an action in the name of the state or as parens patriae on behalf of consumers to enforce this chapter. In any action brought by the attorney general to enforce this chapter, a person found to have violated this chapter shall be subject to a civil penalty of two thousand five hundred dollars ($2,500.00) for each violation, the recovery of actual damages incurred by consumers on whose behalf the action was brought and costs and reasonable attorneys
'
fees incurred by the office of the attorney general.

Section 3.

This act shall not apply to contracts for direct to consumer genetic testing entered into prior to July 1, 2022.

Section 4
.

This act is effective July 1, 2022
.

(END)

Speaker of the House

President of the Senate

Governor

TIME APPROVED: _________

DATE APPROVED: _________

I hereby certify that this act originated in the House.

Chief Clerk

1