The "Genetic Information Privacy Act" establishes regulations for direct-to-consumer genetic testing services to protect personal and genetic information from misuse. The bill introduces a new chapter in the General Laws, defining essential terms such as "genetic data," "consumer," and "direct-to-consumer genetic testing company." It requires these companies to provide clear and complete information about their data practices, including policies and procedures for the collection, use, maintenance, and disclosure of genetic data. Companies must obtain express consent from consumers for the collection, use, and disclosure of their genetic data, including separate consent for specific uses and disclosures.

The act mandates that companies implement reasonable security measures to protect consumers' genetic data and develop procedures that allow consumers to access their genetic data, delete their accounts, and request the destruction of their biological samples. Consumers are granted the right to revoke consent, and companies must honor such revocations within thirty days.

The act prohibits the disclosure of a consumer's genetic data to entities involved in health or life insurance and employment unless specific conditions are met, ensuring that such entities are not primarily engaged in these activities. It establishes civil penalties for violations, with amounts ranging from $1,000 for negligent violations to $10,000 for willful violations. The legislation clarifies that it does not diminish existing privacy protections under state and federal laws and invalidates any contractual provisions that limit access to legal remedies for violations. The act takes effect immediately upon passage.