BILL ANALYSIS
|
Senate Research Center |
C.S.S.B. 2429 |
|
89R21705 SRA-F |
By: Hughes |
|
|
State Affairs |
|
|
3/31/2025 |
|
|
Committee Report (Substituted) |
AUTHOR'S / SPONSOR'S STATEMENT OF INTENT
Major foreign adversaries, such as the People's Republic of China, have identified biotechnology dominance as a critical priority of national power in military literature. The flow of U.S. IP and genetic data to the medical infrastructure of foreign adversaries' militaries is considered a crucial component of this effort.
The "Texas Genomic Act of 2025" secures the genetic information of Texans and introduces Chapter 174 to the Health and Safety Code, with a focus on protecting genome sequencing data.
It requires medical and research facilities, as well as companies and nonprofit organizations, to ensure the security of genome sequencing data through the use of encryption and other cybersecurity best practices. Data must be inaccessible to individuals outside the United States unless authorized by the attorney general.
Violations of this chapter may result in a civil penalty of $10,000 per violation. It also provides a private cause of action. Residents harmed by violations can bring a lawsuit against the violating entity to recover damages, including actual damages or statutory damages of up to $5,000 per violation, along with court costs and attorney's fees.
(Original Author's/Sponsor's Statement of Intent)
C.S.S.B. 2429 amends current law relating to genetic information security for residents of this state, provides a civil penalty, and provides a private cause of action.
RULEMAKING AUTHORITY
This bill does not expressly grant any additional rulemaking authority to a state officer, institution, or agency.
SECTION BY SECTION ANALYSIS
SECTION 1. Amends Subtitle H, Title 2, Health and Safety Code, by adding Chapter 174, as follows:
CHAPTER 174. SECURITY OF GENETIC INFORMATION
Sec. 174.001.� SHORT TITLE.� Authorizes this chapter to be cited as the Texas Genomic Act of 2025.
Sec. 174.002.� DEFINITIONS.� Defines "company," "domicile," "foreign adversary," "genome sequencer," "genome sequencing," "human genome," "medical facility," and "software."
Sec. 174.003.� APPLICABILITY.� Provides that this chapter applies to a medical facility, research facility, company, or nonprofit organization that conducts research on or testing of genome sequencing or the human genome in this state.
Sec. 174.004.� PURPOSE AND LEGISLATIVE POLICY.� (a)� Provides that the purpose of this chapter is to ensure that a medical facility, research facility, company, or nonprofit organization subject to this chapter and acting on behalf of a foreign adversary does not gain access to the genetic information of residents of this state.
(b)� Provides that the policy of this state is to oppose the collection and analysis of genomic information by a foreign adversary or for use by a foreign adversary and support sanctions the United States Department of Commerce or the United States Department of Defense imposes on a medical facility, research facility, company, or nonprofit organization engaged in the collection and analysis of genomic information for use by a foreign adversary.
Sec. 174.005.� PROHIBITED USE OF CERTAIN GENOME SEQUENCERS AND GENOME SEQUENCING TECHNOLOGIES.� Prohibits a medical facility, research facility, company, or nonprofit organization subject to this chapter from using a genome sequencer or software produced by or on behalf of certain entities with certain relationships to a foreign adversary.
Sec. 174.006. PROHIBITED SALE OF GENOMIC INFORMATION IN BANKRUPTCY OR REORGANIZATION. Prohibits a medical facility, research facility, company, or nonprofit organization subject to this chapter from selling or otherwise transferring genomic sequencing data of residents of this state as part of a bankruptcy proceeding or pursuant to a plan of reorganization under Chapter 11 of the United States Bankruptcy Code (11 U.S.C Section 1101 et seq.) to certain entities with certain relationships to a foreign adversary.
174.007. REQUIREMENTS FOR GENOMIC INFORMATION STORAGE.� (a)� Requires a medical facility, research facility, company, or nonprofit organization subject to this chapter to store all genome sequencing data of residents of this state only at a location in the United States.
(b) Requires a medical facility, research facility, company, or nonprofit organization subject to this chapter that stores genome sequencing data of residents of this state, including storage of genome sequencing data through a contract with a third-party data storage company, to ensure the security of the genome sequencing data using reasonable encryption methods, restriction on access, and other cybersecurity best practices.
(c) Requires a medical facility, research facility, company, or nonprofit organization subject to this chapter, except as authorized by the attorney general under Subsection (d), to ensure genome sequencing data of residents of this state, other than open data, is inaccessible to any person located outside of the United States.
(d) Authorizes a medical facility, research facility, company, or nonprofit organization subject to this chapter that stores genome sequencing data of residents of this state to apply to the attorney general in the form and manner prescribed by attorney general rule to allow remote access to genome sequencing data of residents of this state by persons located outside of the United States.� Provides that the attorney general is authorized to allow remote access to genome sequencing data of residents of this state only if the attorney general determines that certain security criteria are met.
Sec. 174.008.� REQUIRED ANNUAL CERTIFICATION OF COMPLIANCE.� (a) Requires a medical facility, research facility, company, or nonprofit organization subject to this chapter, not later than December 31 of each year, to certify to the attorney general that the facility, company, or organization is in compliance with this chapter.
(b) Requires an attorney representing a medical facility, research facility, company, or nonprofit organization subject to this chapter to submit the certification required under Subsection (a).
Sec. 174.009.� INVESTIGATIVE AUTHORITY OF ATTORNEY GENERAL.� (a)� Authorizes the attorney general to investigate an allegation of a violation of this chapter.
(b) Authorizes any person to notify the attorney general of a violation or potential violation of this chapter.
Sec. 174.010.� CIVIL PENALTY.� (a) Provides that a medical facility, research facility, company, or nonprofit organization that violates this chapter is liable to this state for a civil penalty of $10,000 for each violation.
(b) Authorizes the attorney general to bring an action to recover the civil penalty imposed under this section.
(c) Authorizes an action under this section to be brought in a district court in Travis County or a county in which any part of the violation occurs.
(d) Requires the attorney general to deposit a civil penalty collected under this section in the state treasury to the credit of the general revenue fund.
(e) Authorizes the attorney general to recover reasonable expenses incurred in obtaining a civil penalty under this section, including court costs, reasonable attorney's fees, investigative costs, witness fees, and deposition expenses.
Sec. 174.011.� PRIVATE CAUSE OF ACTION.� (a)� Authorizes a resident of this state who is a patient or research subject of a medical facility, research facility, company, or nonprofit organization subject to this chapter and who is harmed by the storage or use of the patient's or subject's genome sequencing data in violation of this chapter to bring an action against the facility, company, or organization that violated this chapter and is entitled to obtain the greater of actual damages or statutory damages in an amount not to exceed $5,000 for each violation and court costs and reasonable attorney's fees.
(b) Provides that Sections 41.003 (Standards for Recovery of Exemplary Damages) and 41.004 (Factors Precluding Recovery), Civil Practice and Remedies Code, do not apply to an action brought under this section.
SECTION 2.� (a) Makes application of this Act, except as provided by Subsection (b) of this section, prospective.
(b) Makes application of Section 174.006, Health and Safety Code, as added by this Act, prospective.
SECTION 3.� Effective date: September 1, 2025.