By Jasel Mundhra
DNA is, as the bioethicist George Annas described, an individual’s “future diary.” DNA databases store what is akin to an individual’s genetic fingerprint, providing a lifelong means of identification and profiling. As of 2019, DNA databases exist in over 70 jurisdictions, including a large majority of European nations and the United States of America (“U.S.”). The latter maintains the Combined DNA Index System (“CODIS”), a nation-wide database established under the DNA Identification Act of 1994.
The Criminal Procedure (Identification) Act, 2022 (“CPIA”), enacted on 18 April 2022, provides for the collection of biological samples, including DNA profiles and their analyses, as part of a broader category of “measurements” authorised to be collected from specified classes of persons. As elaborated on below, CPIA contemplates the storage and processing of such measurements by the National Crime Records Bureau (“NCRB”) for a period of 75 years in a digital or electronic form – presumably within a database created for this purpose.
CPIA provides a broad, inclusive definition of the term “measurements”, including biological samples and their analysis and “any other examination referred to in section 53 or section 53A of the Code of Criminal Procedure, 1973” (“CrPC”), which, in turn, includes DNA profiling as a method of examination.
Measurements may be collected from specified classes of persons – first, those who have been convicted of an offence under any law in force; second, those ordered to give security for good behaviour or maintenance of peace under section 117 of the CrPC for proceedings under sections 107 to 110 of the CrPC and; third, those who have been arrested in connection with any offence under any law in force or detained under any preventive detention law. All persons falling under any of the aforementioned categories may be compelled to allow their measurements to be taken. A limited exception has been provided to persons who have been arrested for an offence that is not punishable with more than seven years’ imprisonment or an offence which has not been committed against a woman or child. Such persons are not obliged to provide biological samples. Section 5 of CPIA provides magistrates the discretionary power to compel any person to provide their measurements, where this may be required for the purpose of any investigation or proceeding under the CrPC or any other law in force. This discretionary authority seems to supersede the categories of persons who may be obliged to provide measurements as delineated in Section 3 of CPIA, effectively encompassing any person involved in an investigation or proceeding under any law, regardless of the capacity in which such person is involved in such an investigation or proceeding.
Procedurally, CPIA envisages the collection of measurements at the state level, allowing states and union territories to notify agencies authorised to collect, store and share measurements in each jurisdiction. The records of such measurements are required to be collected by the NCRB from local agencies. The NCRB is authorised to store and process such records at the national level, share records with any law enforcement agency, and destroy records. As stated above, records are required to be preserved in digital or electronic form for a period of 75 years. The destruction of records requires several conditions to be fulfilled – first, the person to whom such records relate should not have been convicted of any offence under law; second, such person should have been released without trial, discharged or acquitted; third, all legal remedies against such release, discharge or acquittal should have been exhausted; and fourth, the relevant court or magistrate must not order such records to be preserved. Note that CPIA or the Criminal Procedure (Identification) Rules, 2022 (“CPIR”) made thereunder, do not specify the grounds on which a court or magistrate may decline the destruction of records. This may enable a court to decline expungement even where the conditions set out above have been satisfied. The CPIR adds a further obstacle to destruction of records, placing the burden for requesting such destruction on the person whose measurements have been collected.
This article focuses on the potential creation of a database storing, inter alia, genetic information, under CPIA. Part I provides a broad overview of right to privacy concerns surrounding CPIA, focusing especially on a DNA database. Part II analyses DNA databases from the perspective of CODIS. Part III of this article suggests structural changes to the CPIA database in order to harmonize it with the right to privacy, including by way of reference to CODIS.
Part I – CPIA and the Right to Privacy under Article 21
Any infringement of the right to privacy under Article 21 of the Indian Constitution must be tested on the parameters laid down by the Supreme Court in the Puttaswamy case – legality, legitimacy and proportionality. It is argued that while CPIA (and the database created under it) may pass the tests of legality by virtue of being a validly-enacted statute and legitimacy, given the aim of the statute is criminal detection, prevention and investigation , it would fail the test of proportionality.
Proportionality comprises four prongs – legitimate state aim, rational nexus, necessity and balance. While CPIA does have a legitimate state aim (that of collecting DNA records for criminal investigation), it is not compliant with the other three prongs comprising the test of proportionality.
First, there is no rational nexus between the classes of persons obliged to provide their measurements and the aim of the statute, given that CPIA does not require such measurements to be obtained only when they would have evidentiary value in a particular investigation. It may be noted that while DNA is useful in criminal investigations when comparing an identified individual’s DNA against that found at a crime scene for instance, its utility in the context of DNA databases is contentious. Accordingly, there may be no rational nexus between the storage of collected data in a database under CPIA and the aim of the statute.
Second, the infringement of the right to privacy caused by CPIA is not necessary to achieve its stated purpose. The collection of measurements, especially DNA (which is immutable, personally identifiable information), may not be required to aid all criminal investigations. In addition, there is no correlation between the aim of the statute and the provision enabling the NCRB to retain records of collected measurements for a period of 75 years. In particular, the arduous process of destruction of such records (which may be requested only by specified categories of persons against whom all legal remedies have been exhausted) is, in itself, subject to an arbitrary exercise of discretion by the judiciary.
Third, the statute does not fulfil the test of balance or purpose limitation. The statute does not specify the purposes for which the stored data may be used, allowing the NCRB to share such data with any law enforcement agency for any purpose – a clear violation of the principle of purpose limitation. Significantly, it should be noted that a database storing biological information such as DNA infringes upon the right to privacy of not just the person from whom such information was collected, but also their relatives who may have largely similar genetic profiles. CPIA and the database created pursuant to it, accordingly, have a disproportionate impact on both the person whose measurements are collected and connected third parties who are not obliged to provide their measurements under the statute.
Part II of this paper examines concerns stemming from established databases, in particular, CODIS, and argues that while such databases do give rise to privacy concerns, these are notably mitigated owing to relatively stronger privacy protections.
Part II – The CODIS Framework
CODIS links state-wide DNA databases in the U.S. to create a national database operated by the Federal Bureau of Investigation. It indexes DNA samples collected from multiple sources, including convicted felons, missing persons and their relatives, evidence collected for forensic purposes (such as through rape kits) and government officials whose samples are collected for the purposes of ruling out contamination. As with the CPIA database, CODIS contains DNA profiles of a fairly wide sub-section of the population; the distinguishing factor, however, is the manner in which the sample is processed and utilised, as elaborated on in greater detail below.
CODIS operates by comparing sequences of DNA known as ‘short tandem repeats’ (“STRs”) which repeat at varied frequencies among individuals – the twenty STRs used by CODIS (“CODIS Loci”) have long been believed to contain no medically relevant genetic information and are colloquially referred to as “junk DNA”. This, along with the fact that the CODIS Loci contain smaller fragments of DNA and require less genetic material for sampling, have been used by proponents of CODIS to argue that restrictions imposed on the right to privacy by CODIS are minimal, and that the database should, in fact, be expanded. Recent research on gene sequencing and expression does indicate that the CODIS Loci may contain medically relevant genetic information, such as links with psychiatric conditions , which would seem to violate an individual’s right to medical privacy. This infringement, however, is mitigated by the fact that the CODIS Loci, unlike a larger DNA sample, seem to contain relatively minimal medical information given its focus on specific genetic markers as opposed to the genome as a whole, arguably aiding in satisfaction of the tests of necessity and purpose limitation.
The procedural manner in which the system operates provides another mitigating factor. Unlike the CPIA database, CODIS does not store any personally identifiable information relating to convicts, arrestees and detainees other than the DNA profile itself (which cannot, in the absence of other information, specifically identify an individual), along with agency and specimen identification numbers. The system is designed to match forensic DNA samples (collected at crime scenes, for instance) against offender DNA profiles stored within CODIS. Any match between two such profiles may then be used to establish probable cause for a warrant to obtain an evidentiary sample from a suspect, which can then be matched against the forensic and offender DNA profiles. Access to such data is limited to law enforcement and judicial agencies for identification purposes and to defendants in criminal proceedings who may use such data for exoneration , which fulfils the tests of rational nexus and purpose limitation, absent in the CPIA database.
The procedure for expungement of records, too, is fairly well-defined, with participating laboratories within the CODIS system being obligated to expunge profiles of convicts upon receipt of a final judicial order overturning the conviction and arrestees upon receipt of a final order dismissing charges or resulting in an acquittal or in a situation where no charges are brought.
The next part concludes this article by suggesting structural changes, including by way of reference to CODIS, in order to harmonize the CPIA database with the right to privacy.
Part III – Proposing the Way Forward
As stated above, the CPIA database must comply with the four prongs of the proportionality test of the right to privacy. While the statute does satisfy the test of legitimate state aim, the following measures may be adopted in order to satisfy the tests of rational nexus, necessity and purpose limitation.
First, rules should be set out in order to specify precise situations in which the CPIA database may collect, process and disseminate information. Utilising the CPIA database should be made permissible only where such information is likely to have evidentiary value in a particular case, similar to CODIS which is utilised only for identification and exoneration purposes.
Second, the statute must specify that DNA samples should be processed only for the CODIS Loci. This will ensure the processing and storage of minimal genetic information and prevent such information from being used for any purpose other than identification.
Third, sensitive personal data such as biological samples should not be subject to blanket retention for a period of 75 years. An alternative would be the creation of categories of offenders (for example, violent and non-violent offenders). While retention of records of violent offenders might be required for the purposes of security, records of persons convicted of non-violent offences may not be required to be retained for a lifelong period of time. In addition, the process for expungement of records must be well-defined, with no scope for judicial discretion in the event the relevant person’s conviction has been overturned, where charges have been dismissed or not filed or where such person has been acquitted.
To conclude, it is vital to ensure that genetic information is collected, processed and utilised by the state in a proscribed manner with stringent limitations in order to avoid broad-based infringements of the right to privacy of not only those whose biological samples are collected, but also who share this genetic information with such persons. It seems inevitable that India, like a large majority of countries, will implement a DNA database – however, CPIA is not in consonance with the right to privacy guaranteed under Article 21 of the Indian Constitution (or, in fact, with the proposed DNA Technology (Use and Application) Regulation Bill, 2019 pending before the Lok Sabha) and cannot be implemented in its current form without large scale structural and procedural changes.
The author, Jasel Mundhra, is a graduate of the West Bengal National University of Juridical Sciences (NUJS), Kolkata and is currently practising at a law firm in Mumbai.
George J. Annas, Privacy Rules for DNA Databanks: Protecting Coded ‘Future Diaries’, 270(19) Journal of the American Medical Association 2346 (1993).
Interpol, Global DNA Profiling Survey Results, 2019, available at (Last visited on 9 July 2023).
DNA Identification Act, 1994 (U.S.A.) (‘DNA Act 1994’).
The Criminal Procedure (Identification) Act, 2022 (‘CPIA’).
Id., §2(b).
The Code of Criminal Procedure, 1973, §53.
CPIA, supra note 4, §3.
Id.
Id., §5.
Id., §4(3).
Id., §4(1).
Id.
Id., §4(2).
Id.
The Criminal Procedure (Identification) Rules, 2022, Rule 5(5).
K.S. Puttaswamy and Anr. v. Union of India, (2017) 10 SCC 1 (‘Puttaswamy’).
CPIA, supra note 4, Preamble.
Puttaswamy, supra note 9. See also Tanmay Singh and Gayatri Malhotra, The Digital Data Protection Bill, 2022 does not satisfy the Supreme Court’s Puttaswamy principles, available at (Last visited on 9 July 2023).
Project 39A, Research Brief: An Analysis of the Criminal Procedure (Identification) Act, 2022, available at (Last visited on 9 July 2023).
Christine Rosen, Liberty, Privacy, and DNA Databases, 1 The New Atlantis 37 (Spring 2003).
CPIA, supra note 4, §4(2).
Sonta M. Suter, All in the Family: Privacy and DNA Familial Searching, 23(2) Harvard Journal of Law and Technology 309 (Spring 2010).
Federal Bureau of Investigation, Frequently Asked Questions on CODIS and NDIS, available at (Last visited on 9 July 2023) (‘Fact Sheet’).
Lucy Grogan, Ethical Implications of CODIS (2019) (unpublished Masters thesis, Grand Valley State University) (on file with author).
Jennifer K. Wagner, Letter to the Editor – Out with the “Junk DNA” Phrase, 58(1) Journal of Forensic Sciences 292 (January 2013).
Jessica McDonald and Donald C. Lehman, Forensic DNA Analysis, 25(2) American Society for Clinical Laboratory Science 109 (April 2012).
Kanaga Rajan, Medical privacy of forensic samples questioned, available at (Last visited on 9 July 2023).
Fact Sheet, supra note 23.
DNA Act 1994, supra note 3, §14132(b)(3).
Fact Sheet, supra note 23.
DNA is, as the bioethicist George Annas described, an individual’s “future diary.” DNA databases store what is akin to an individual’s genetic fingerprint, providing a lifelong means of identification and profiling. As of 2019, DNA databases exist in over 70 jurisdictions, including a large majority of European nations and the United States of America (“U.S.”). The latter maintains the Combined DNA Index System (“CODIS”), a nation-wide database established under the DNA Identification Act of 1994.
The Criminal Procedure (Identification) Act, 2022 (“CPIA”), enacted on 18 April 2022, provides for the collection of biological samples, including DNA profiles and their analyses, as part of a broader category of “measurements” authorised to be collected from specified classes of persons. As elaborated on below, CPIA contemplates the storage and processing of such measurements by the National Crime Records Bureau (“NCRB”) for a period of 75 years in a digital or electronic form – presumably within a database created for this purpose.
CPIA provides a broad, inclusive definition of the term “measurements”, including biological samples and their analysis and “any other examination referred to in section 53 or section 53A of the Code of Criminal Procedure, 1973” (“CrPC”), which, in turn, includes DNA profiling as a method of examination.
Measurements may be collected from specified classes of persons – first, those who have been convicted of an offence under any law in force; second, those ordered to give security for good behaviour or maintenance of peace under section 117 of the CrPC for proceedings under sections 107 to 110 of the CrPC and; third, those who have been arrested in connection with any offence under any law in force or detained under any preventive detention law. All persons falling under any of the aforementioned categories may be compelled to allow their measurements to be taken. A limited exception has been provided to persons who have been arrested for an offence that is not punishable with more than seven years’ imprisonment or an offence which has not been committed against a woman or child. Such persons are not obliged to provide biological samples. Section 5 of CPIA provides magistrates the discretionary power to compel any person to provide their measurements, where this may be required for the purpose of any investigation or proceeding under the CrPC or any other law in force. This discretionary authority seems to supersede the categories of persons who may be obliged to provide measurements as delineated in Section 3 of CPIA, effectively encompassing any person involved in an investigation or proceeding under any law, regardless of the capacity in which such person is involved in such an investigation or proceeding.
Procedurally, CPIA envisages the collection of measurements at the state level, allowing states and union territories to notify agencies authorised to collect, store and share measurements in each jurisdiction. The records of such measurements are required to be collected by the NCRB from local agencies. The NCRB is authorised to store and process such records at the national level, share records with any law enforcement agency, and destroy records. As stated above, records are required to be preserved in digital or electronic form for a period of 75 years. The destruction of records requires several conditions to be fulfilled – first, the person to whom such records relate should not have been convicted of any offence under law; second, such person should have been released without trial, discharged or acquitted; third, all legal remedies against such release, discharge or acquittal should have been exhausted; and fourth, the relevant court or magistrate must not order such records to be preserved. Note that CPIA or the Criminal Procedure (Identification) Rules, 2022 (“CPIR”) made thereunder, do not specify the grounds on which a court or magistrate may decline the destruction of records. This may enable a court to decline expungement even where the conditions set out above have been satisfied. The CPIR adds a further obstacle to destruction of records, placing the burden for requesting such destruction on the person whose measurements have been collected.
This article focuses on the potential creation of a database storing, inter alia, genetic information, under CPIA. Part I provides a broad overview of right to privacy concerns surrounding CPIA, focusing especially on a DNA database. Part II analyses DNA databases from the perspective of CODIS. Part III of this article suggests structural changes to the CPIA database in order to harmonize it with the right to privacy, including by way of reference to CODIS.
Part I – CPIA and the Right to Privacy under Article 21
Any infringement of the right to privacy under Article 21 of the Indian Constitution must be tested on the parameters laid down by the Supreme Court in the Puttaswamy case – legality, legitimacy and proportionality. It is argued that while CPIA (and the database created under it) may pass the tests of legality by virtue of being a validly-enacted statute and legitimacy, given the aim of the statute is criminal detection, prevention and investigation , it would fail the test of proportionality.
Proportionality comprises four prongs – legitimate state aim, rational nexus, necessity and balance. While CPIA does have a legitimate state aim (that of collecting DNA records for criminal investigation), it is not compliant with the other three prongs comprising the test of proportionality.
First, there is no rational nexus between the classes of persons obliged to provide their measurements and the aim of the statute, given that CPIA does not require such measurements to be obtained only when they would have evidentiary value in a particular investigation. It may be noted that while DNA is useful in criminal investigations when comparing an identified individual’s DNA against that found at a crime scene for instance, its utility in the context of DNA databases is contentious. Accordingly, there may be no rational nexus between the storage of collected data in a database under CPIA and the aim of the statute.
Second, the infringement of the right to privacy caused by CPIA is not necessary to achieve its stated purpose. The collection of measurements, especially DNA (which is immutable, personally identifiable information), may not be required to aid all criminal investigations. In addition, there is no correlation between the aim of the statute and the provision enabling the NCRB to retain records of collected measurements for a period of 75 years. In particular, the arduous process of destruction of such records (which may be requested only by specified categories of persons against whom all legal remedies have been exhausted) is, in itself, subject to an arbitrary exercise of discretion by the judiciary.
Third, the statute does not fulfil the test of balance or purpose limitation. The statute does not specify the purposes for which the stored data may be used, allowing the NCRB to share such data with any law enforcement agency for any purpose – a clear violation of the principle of purpose limitation. Significantly, it should be noted that a database storing biological information such as DNA infringes upon the right to privacy of not just the person from whom such information was collected, but also their relatives who may have largely similar genetic profiles. CPIA and the database created pursuant to it, accordingly, have a disproportionate impact on both the person whose measurements are collected and connected third parties who are not obliged to provide their measurements under the statute.
Part II of this paper examines concerns stemming from established databases, in particular, CODIS, and argues that while such databases do give rise to privacy concerns, these are notably mitigated owing to relatively stronger privacy protections.
Part II – The CODIS Framework
CODIS links state-wide DNA databases in the U.S. to create a national database operated by the Federal Bureau of Investigation. It indexes DNA samples collected from multiple sources, including convicted felons, missing persons and their relatives, evidence collected for forensic purposes (such as through rape kits) and government officials whose samples are collected for the purposes of ruling out contamination. As with the CPIA database, CODIS contains DNA profiles of a fairly wide sub-section of the population; the distinguishing factor, however, is the manner in which the sample is processed and utilised, as elaborated on in greater detail below.
CODIS operates by comparing sequences of DNA known as ‘short tandem repeats’ (“STRs”) which repeat at varied frequencies among individuals – the twenty STRs used by CODIS (“CODIS Loci”) have long been believed to contain no medically relevant genetic information and are colloquially referred to as “junk DNA”. This, along with the fact that the CODIS Loci contain smaller fragments of DNA and require less genetic material for sampling, have been used by proponents of CODIS to argue that restrictions imposed on the right to privacy by CODIS are minimal, and that the database should, in fact, be expanded. Recent research on gene sequencing and expression does indicate that the CODIS Loci may contain medically relevant genetic information, such as links with psychiatric conditions , which would seem to violate an individual’s right to medical privacy. This infringement, however, is mitigated by the fact that the CODIS Loci, unlike a larger DNA sample, seem to contain relatively minimal medical information given its focus on specific genetic markers as opposed to the genome as a whole, arguably aiding in satisfaction of the tests of necessity and purpose limitation.
The procedural manner in which the system operates provides another mitigating factor. Unlike the CPIA database, CODIS does not store any personally identifiable information relating to convicts, arrestees and detainees other than the DNA profile itself (which cannot, in the absence of other information, specifically identify an individual), along with agency and specimen identification numbers. The system is designed to match forensic DNA samples (collected at crime scenes, for instance) against offender DNA profiles stored within CODIS. Any match between two such profiles may then be used to establish probable cause for a warrant to obtain an evidentiary sample from a suspect, which can then be matched against the forensic and offender DNA profiles. Access to such data is limited to law enforcement and judicial agencies for identification purposes and to defendants in criminal proceedings who may use such data for exoneration , which fulfils the tests of rational nexus and purpose limitation, absent in the CPIA database.
The procedure for expungement of records, too, is fairly well-defined, with participating laboratories within the CODIS system being obligated to expunge profiles of convicts upon receipt of a final judicial order overturning the conviction and arrestees upon receipt of a final order dismissing charges or resulting in an acquittal or in a situation where no charges are brought.
The next part concludes this article by suggesting structural changes, including by way of reference to CODIS, in order to harmonize the CPIA database with the right to privacy.
Part III – Proposing the Way Forward
As stated above, the CPIA database must comply with the four prongs of the proportionality test of the right to privacy. While the statute does satisfy the test of legitimate state aim, the following measures may be adopted in order to satisfy the tests of rational nexus, necessity and purpose limitation.
First, rules should be set out in order to specify precise situations in which the CPIA database may collect, process and disseminate information. Utilising the CPIA database should be made permissible only where such information is likely to have evidentiary value in a particular case, similar to CODIS which is utilised only for identification and exoneration purposes.
Second, the statute must specify that DNA samples should be processed only for the CODIS Loci. This will ensure the processing and storage of minimal genetic information and prevent such information from being used for any purpose other than identification.
Third, sensitive personal data such as biological samples should not be subject to blanket retention for a period of 75 years. An alternative would be the creation of categories of offenders (for example, violent and non-violent offenders). While retention of records of violent offenders might be required for the purposes of security, records of persons convicted of non-violent offences may not be required to be retained for a lifelong period of time. In addition, the process for expungement of records must be well-defined, with no scope for judicial discretion in the event the relevant person’s conviction has been overturned, where charges have been dismissed or not filed or where such person has been acquitted.
To conclude, it is vital to ensure that genetic information is collected, processed and utilised by the state in a proscribed manner with stringent limitations in order to avoid broad-based infringements of the right to privacy of not only those whose biological samples are collected, but also who share this genetic information with such persons. It seems inevitable that India, like a large majority of countries, will implement a DNA database – however, CPIA is not in consonance with the right to privacy guaranteed under Article 21 of the Indian Constitution (or, in fact, with the proposed DNA Technology (Use and Application) Regulation Bill, 2019 pending before the Lok Sabha) and cannot be implemented in its current form without large scale structural and procedural changes.
The author, Jasel Mundhra, is a graduate of the West Bengal National University of Juridical Sciences (NUJS), Kolkata and is currently practising at a law firm in Mumbai.
George J. Annas, Privacy Rules for DNA Databanks: Protecting Coded ‘Future Diaries’, 270(19) Journal of the American Medical Association 2346 (1993).
Interpol, Global DNA Profiling Survey Results, 2019, available at (Last visited on 9 July 2023).
DNA Identification Act, 1994 (U.S.A.) (‘DNA Act 1994’).
The Criminal Procedure (Identification) Act, 2022 (‘CPIA’).
Id., §2(b).
The Code of Criminal Procedure, 1973, §53.
CPIA, supra note 4, §3.
Id.
Id., §5.
Id., §4(3).
Id., §4(1).
Id.
Id., §4(2).
Id.
The Criminal Procedure (Identification) Rules, 2022, Rule 5(5).
K.S. Puttaswamy and Anr. v. Union of India, (2017) 10 SCC 1 (‘Puttaswamy’).
CPIA, supra note 4, Preamble.
Puttaswamy, supra note 9. See also Tanmay Singh and Gayatri Malhotra, The Digital Data Protection Bill, 2022 does not satisfy the Supreme Court’s Puttaswamy principles, available at (Last visited on 9 July 2023).
Project 39A, Research Brief: An Analysis of the Criminal Procedure (Identification) Act, 2022, available at (Last visited on 9 July 2023).
Christine Rosen, Liberty, Privacy, and DNA Databases, 1 The New Atlantis 37 (Spring 2003).
CPIA, supra note 4, §4(2).
Sonta M. Suter, All in the Family: Privacy and DNA Familial Searching, 23(2) Harvard Journal of Law and Technology 309 (Spring 2010).
Federal Bureau of Investigation, Frequently Asked Questions on CODIS and NDIS, available at (Last visited on 9 July 2023) (‘Fact Sheet’).
Lucy Grogan, Ethical Implications of CODIS (2019) (unpublished Masters thesis, Grand Valley State University) (on file with author).
Jennifer K. Wagner, Letter to the Editor – Out with the “Junk DNA” Phrase, 58(1) Journal of Forensic Sciences 292 (January 2013).
Jessica McDonald and Donald C. Lehman, Forensic DNA Analysis, 25(2) American Society for Clinical Laboratory Science 109 (April 2012).
Kanaga Rajan, Medical privacy of forensic samples questioned, available at (Last visited on 9 July 2023).
Fact Sheet, supra note 23.
DNA Act 1994, supra note 3, §14132(b)(3).
Fact Sheet, supra note 23.