December 4, 2020

Volume X, Number 339


December 04, 2020

Subscribe to Latest Legal News and Analysis

December 03, 2020

Subscribe to Latest Legal News and Analysis

December 02, 2020

Subscribe to Latest Legal News and Analysis

California Governor Pulls the Plug on Genetic Information Privacy Act

Governor Gavin Newsom of California vetoed a bill that would have created new limitations on data sharing for direct-to-consumer genetic testing companies.

The Genetic Information Privacy Act (GIPA) asked testing companies to get informed consent from customers before disclosing their data to third parties. GIPA was aimed as a stop-gap to cover data sharing that is not already regulated by the California Consumer Privacy Act (CCPA) and the federal Health Insurance Portability and Accountability Act (HIPAA).

The final bill gained significant traction in the legislature. It passed both houses without a single vote against it.

In his veto message, the Governor expressed concern about the “unintended consequences” of the bill. Governor Newsom fears the bill would constrain mandatory reporting of COVID-19 test results to local public health departments and the California Department of Public Health.

California has been exceedingly active in the past few years putting forward innovative regulation of personal information. This veto is an example of the state taking a measured approach to the regulation of health data in the midst of the COVID-19 pandemic.

The Governor signaled that he supports the overall goals of the bill. He directed California state agencies to work with the Legislature on a revised version that takes into account the need to share COVID-19 testing data with authorities.

Putting it Into Practice. This version of the GIPA is put to rest. However, California has signaled it plans to pass a law regulating data sharing for genetic testing companies in the near future. Companies innovating in this area can begin reviewing their existing disclosures and consents with an eye toward getting opt-in consent in the future.

Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume X, Number 294



About this Author

Alyssa Shauer, Sheppard Mullin Law Firm, Century City, Cybersecurity and Litigation Attorney

Alyssa M. Shauer is an associate in the Business Trial Practice Group in the firm's Century City office. Ms. Shauer is a Certified Information Privacy Professional (CIPP/US) and a member of Sheppard Mullin’s Privacy Team.

Prior to joining Sheppard Mullin, Ms. Shauer externed in the chambers of the Honorable Margaret M. Morrow, Central District of California. She served as a Managing Editor of the UCLA Law Review and as Vice President of the Cyber Crimes Symposium and Competition on the Moot Court Honors Board. Prior to law school, Ms. Shauer...