Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherJoin the NetworkGet StartedSubscribeSupport
Contact Us
Search
Close

Connecticut Enacts Genetic Privacy Law

By Libbie Canter, Elizabeth Brim & Clare Mathias on June 1, 2026
Email this postTweet this postLike this postShare this post on LinkedIn

States continue to enact laws regulating genetic data. Since our last update, the Connecticut governor has signed SB 4, an omnibus privacy law which contains provisions regulating direct-to-consumer (“DTC”) genetic testing companies. You can read our full analysis of SB 4 here.

The genetic testing provisions in SB 4 define a “direct‑to‑consumer genetic testing company” as an entity that “offers genetic testing directly to a consumer” or that “collects, uses or analyzes genetic data that a consumer has provided to such person.” The law includes exceptions for individuals licensed by Connecticut to provide health care services who order genetic testing for a medical purpose while acting within the scope of their licensed practice, data disclosures pursuant to court order, and for de-identified data. Unlike many other DTC genetic testing laws, SB 4 does not include an exemption for research conducted in accordance with human subject research frameworks or for entities or data subject to HIPAA.

The law establishes that a consumer has property rights in their biological sample and genetic test results derived from the consumer’s DNA. It also requires companies to disclose their genetic data handling practices to consumers and to obtain consumers’ “express consent” for genetic data collection, use, disclosure, and retention, along with secondary uses, third‑party transfers, and post‑testing sample retention. To disclose or transfer the consumer’s genetic data to a third party for research purposes or research conducted under the control of the company for purposes of publication or generalizable knowledge, a DTC genetic testing company must obtain informed consent in accordance with the federal Common Rule. SB 4 grants consumers the right to access and delete genetic data, to require the destruction of their biological samples, and to revoke consent for the use and storage of their genetic data.

Violations are deemed unfair or deceptive trade practices enforceable “solely” by the Connecticut Attorney General. The provisions will take effect October 1, 2026.

Photo of Libbie Canter Libbie Canter

Libbie Canter represents a wide variety of multinational companies on managing privacy, cyber security, and artificial intelligence risks, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with U.S. and global privacy laws.

Libbie Canter represents a wide variety of multinational companies on managing privacy, cyber security, and artificial intelligence risks, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with U.S. and global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state laws, including the California Consumer Privacy Act, the Colorado AI Act, and other state laws. As part of her practice, she also regularly represents clients in strategic transactions involving personal data, cybersecurity, and artificial intelligence risk and represents clients in enforcement and litigation postures.

Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations.

Chambers USA 2025 ranks Libbie in Band 3 Nationwide for both Privacy & Data Security: Privacy and Privacy & Data Security: Healthcare. Chambers USA notes, Libbie is “incredibly sharp and really thorough. She can do the nitty-gritty, in-the-weeds legal work incredibly well but she also can think of a bigger-picture business context and help to think through practical solutions.”

Read more about Libbie CanterEmail
Show more Show less
Photo of Elizabeth Brim Elizabeth Brim

Elizabeth Brim is an associate in the firm’s Washington, DC office, where she is a member of the Data Privacy and Cybersecurity and Health Care Practice Groups and advises clients on a broad range of regulatory and compliance issues related to privacy and…

Elizabeth Brim is an associate in the firm’s Washington, DC office, where she is a member of the Data Privacy and Cybersecurity and Health Care Practice Groups and advises clients on a broad range of regulatory and compliance issues related to privacy and health care.

Elizabeth’s practice includes counseling clients on compliance with the complex web of health information privacy laws and regulations, such as HIPAA, the FTC’s Health Breach Notification Rule, and state medical and consumer health privacy laws as well as state consumer privacy and genetic privacy laws. She also advises clients on health care compliance issues, such as fraud and abuse, market access, and pricing and reimbursement activities.

Elizabeth routinely advises on regulatory compliance as part of transactions, clinical trial programs, collaborations and other activities that involve genetic data, and the development and operation of digital health products. As part of her practice, Elizabeth routinely counsels clients on drafting and negotiating privacy and health care terms with vendors and third parties and developing privacy notices and consent forms. In addition, Elizabeth maintains an active pro bono practice.

Elizabeth is an author of the American Health Law Association treatise, Pricing, Market Access, and Reimbursement Principles: Drugs, Biologicals and Medical Devices and the U.S. chapter of the Global Legal Insights treatise, Pricing & Reimbursement Laws and Regulations.

Read more about Elizabeth BrimEmail
Show more Show less
Photo of Clare Mathias Clare Mathias

Clare Mathias is an associate in the firm’s Boston office. She is a member of the Data Privacy and Cybersecurity Practice Group and the Health Care Practice Group.

Clare advises clients on a wide range of privacy and health care issues, including compliance…

Clare Mathias is an associate in the firm’s Boston office. She is a member of the Data Privacy and Cybersecurity Practice Group and the Health Care Practice Group.

Clare advises clients on a wide range of privacy and health care issues, including compliance with federal health care regulations and U.S. state and federal privacy laws.

Clare also maintains an active pro-bono practice.

Email
Show more Show less
  • Posted in:
    Health Care and Life Sciences, Privacy and Cybersecurity
  • Blog:
    Inside Privacy
  • Organization:
    Covington & Burling LLP
  • Article: View Original Source

Call us at 1-800-913-0988 or email sales@lexblog.com.

Facebook LinkedIn Twitter RSS
  • About LexBlog
  • The Field We Built
  • Our Beliefs
  • Our Team
  • Contact LexBlog
  • Disclaimer
  • Editorial Policy
  • Terms of Service
  • Get Started
  • Publishing Solutions
  • Compass
  • Submit a Request
  • Support Center
  • System Status
Copyright © 2026, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo