Levine Legislation to Protect Genetic Data Passes California State Legislature

For immediate release:

(SACRAMENTO, CA) – Legislation by Assemblymember Marc Levine (D – Marin County) to require Californians to be notified by a company or government agency if there has been a breach of their genetic data passed the Legislature on Wednesday. AB 825 (Levine) was approved by the State Senate on a vote of 30 to 0 on Friday and approved by the State Assembly on a bipartisan vote of 75 to 0.

In 2019, Assemblymember Levine authored AB 1130 (Chapter 750 of 2019), which required Californians to be notified if there was a breach of their biometric data and certain identification numbers. While genetic data is sometimes considered biometric data, genetic data was not captured in the definition in AB 1130, and Assemblymember Levine introduced AB 825 to address this gap and provide protections for this very sensitive data.

Since there is little regulation around genetic data, companies are left to make their own policies around a high volume of genetic data. As of early 2019, more than 26 million consumers have added their DNA to at least one of the four leading commercial ancestry databases. This sensitive information in the wrong hands risks far more than impacting our credit score; it could negatively impact our health privacy, make us susceptible to genetic discrimination and subject us to a new generation of identity theft at the hands of genetic data thieves. In recent years, there have been numerous high profile data breaches at sites like GEDmatch and Vitagene, leaving people’s personal information exposed. In the case of the Vitagene breach, one consumer did not find out about the breach of her data until she was asked about it by a journalist for a story.

“Just as a company or government agency must disclose to an individual if their personal financial information or other identifying information is breached, it’s critical that we do the same with our most personal data, our genetic information,” said Assemblymember Levine. “AB 825 ensures that entities with this data adopt security procedures for this sensitive information and are transparent with Californians when there’s a breach of their data by providing them timely notification.”