Genetic information is widely recognised as being particularly sensitive personal information about an individual and his or her family. This article presents an analysis of the privacy policies of Australian companies that were offering direct-to-consumer genetic testing services in 2012-13. The results of this analysis indicate that many of these companies do not comply with the Privacy Act 1988 (Cth), and will need to significantly reassess their privacy policies now that significant new amendments to the Act have come into for.ce. Whilst the Privacy Commissioner has increased powers under the new amendments, the extent to which these will mitigate the deficiencies of the current regime in relation to privacy practices of direct-to-consumer genetic testing companies remains unclear. Accordingly, it may be argued that a privacy code for the direct-to-consumer genetic testing industry would provide clearer standards. Alternatively it may be time to rethink whether a sui generis approach to protecting genetic information is warranted.