A Constitutional Challenge to Alaska’s Genetic Privacy Statute

As part of its defense of a class action lawsuit that began in 2014, a genetic genealogy company (or DNA ancestry company as they are sometimes called) is challenging the constitutionality of the Alaska Genetic Privacy Act, arguing that the statute’s provisions are unconstitutionally vague. The State of Alaska is intervening in the lawsuit to defend the statute.

The Alaska Genetic Privacy Act (AK ST §18.13.010 et seq.) was passed into law in 2004. The state statute imposes a consent requirement that effectively prohibits surreptitious genetic testing and declares that a DNA sample and the results of any genomic analysis are the “exclusive property of the person sampled or analyzed.” More specifically, it requires prior written informed consent for the collection, analysis, retention, or disclosure of DNA samples and test results. The statute makes exceptions to the consent requirement for DNA identification registries like CODIS, law enforcement purposes, paternity testing, newborn screening, and emergency medical services. There are both civil and criminal enforcement mechanisms in the statute. Affected individuals can bring private civil court actions against violators of the statute (AK ST §18.13.020), while another provision criminalizes violations as Class A Misdemeanors (AK ST §18.13.030). The statute (AK ST §18.13.020) provides that a victim is entitled to compensation from the violator in the amount of $5,000 or, in instances in which the violation “resulted in profit or monetary gain to the violator,” $100,000.
Read the rest of this entry »

Filed under Genetic Testing/Screening, Genomics & Society, Informed Consent, Pending Litigation, Privacy

LabMD Update

Last September, I reported on the Federal Trade Commission’s decision upholding its enforcement action against the now-defunct clinical laboratory LabMD, Inc. In 2013, the FTC brought an administrative complaint against LabMD, alleging that its lax cybersecurity practices resulted in the exposure of patient data. As I wrote last year, exposure was the key word, as the FTC did not allege any actual data theft or other tangible harm to patients.
Read the rest of this entry »

Filed under Legal & Regulatory, Privacy