Genetic data proliferation poses severe privacy breaches and discrimination risks, yet existing regulatory frameworks suffer from inadequate coverage, outdated definitions, and fragmented accountability. This paper introduces a “Four-Domains–Three-Threats” analytical framework—spanning clinical, research, judicial, and consumer domains, and addressing familial linkage disclosure, cross-border data loss, and large language model (LLM)-mediated inference risks—and proposes the first risk-value assessment model integrating population genetics principles with probabilistic inference techniques. Our contributions include three policy innovations: (1) dynamically updating the legal definition of genetic data to reflect technological advances; (2) expanding the Genetic Information Nondiscrimination Act (GINA) to comprehensively cover insurance underwriting and all employment contexts; and (3) establishing a centralized, cross-agency regulatory authority. Through multi-tiered statutory analysis and empirical case validation, we deliver a scientifically grounded, operationally feasible governance roadmap for genetic data regulation.

Genetic data collection has become ubiquitous today. The ability to meaningfully interpret genetic data has motivated its widespread use, providing crucial insights into human health and ancestry while driving important public health initiatives. Easy access to genetic testing has fueled a rapid expansion of recreational direct-to-consumer offerings. However, the growth of genetic datasets and their applications has created significant privacy and discrimination risks, as our understanding of the scientific basis for genetic traits continues to evolve. In this paper, we organize the uses of genetic data along four distinct"pillars": clinical practice, research, forensic and government use, and recreational use. Using our scientific understanding of genetics, genetic inference methods and their associated risks, and current public protections, we build a risk assessment framework that identifies key values that any governance system must preserve. We analyze case studies using this framework to assess how well existing regulatory frameworks preserve desired values. Our investigation reveals critical gaps in these frameworks and identifies specific threats to privacy and personal liberties, particularly through genetic discrimination. We propose comprehensive policy reforms to: (1) update the legal definition of genetic data to protect against modern technological capabilities, (2) expand the Genetic Information Nondiscrimination Act (GINA) to cover currently unprotected domains, and (3) establish a unified regulatory framework under a single governing body to oversee all applications of genetic data. We conclude with three open questions about genetic data: the challenges posed by its relational nature, including consent for relatives and minors; the complexities of international data transfer; and its potential integration into large language models.