The "Alabama Genetic Data Privacy Act" (HB21) is designed to enhance consumer privacy regarding genetic information by imposing stringent requirements on genetic testing companies. The bill mandates that these companies must protect the confidentiality of customers' genetic data and obtain express consent from consumers for various uses of their biological samples and genetic information. Key provisions include the requirement for companies to provide clear privacy policies, obtain initial and ongoing consent for data use, and allow consumers to access, delete, or revoke consent regarding their genetic data. The legislation also establishes civil penalties for violations, enforceable by the Attorney General, and includes specific definitions for terms such as "biological sample," "consumer," and "genetic data."

Additionally, the bill prohibits genetic testing companies from disclosing a consumer's genetic data to insurance providers or employers without express written consent and requires confidentiality obligations in contracts with contractors. The act does not apply to covered entities or business associates as defined in federal regulations, nor to noncommercial collection of biological samples or genetic data by institutions of higher learning, and it exempts data obtained lawfully by law enforcement during criminal investigations. Consumers are empowered to report violations to the Attorney General's Consumer Division, which can enforce the act through civil actions, with violators facing penalties of up to $3,000 per violation. The provisions of this act are set to take effect on October 1, 2024.

Statutes affected:
Engrossed: 22-21-20
Enrolled: 22-21-20