Every direct-to-consumer genetic testing company shall:\n1. Implement and maintain reasonable security procedures and practices to protect a consumer's genetic data against unauthorized access, destruction, use, modification, or disclosure; and\n2. Develop procedures and practices to allow a consumer to easily (i) access the consumer's genetic data; (ii) delete the consumer's genetic data, except any data required by state or federal law to be retained by the direct-to-consumer genetic testing company and any account the consumer may have created with the direct-to-consumer genetic testing company; and (iii) revoke express consent to storage of the consumer's biological sample and request destruction of such biological sample.\n2023, c. 526.
Virginia Legal Code