Latest Alerts
- Colorado Adopts Final Rules to Implement the State’s Privacy Act
(posted: 04/03/2023)The CPA Imposes Requirements On Organizations That Conduct Business In Colorado On March...
- Idaho Extends Unemployment Benefits to Military Spouses and Domestic Violence Victims
(posted: 03/30/2023)The Amendments Provide Some Flexibility To The General Eligibility Criteria On March 21, 2023,...
- Virginia Prohibits Using Social Security Numbers on Employee Badges
(posted: 03/30/2023)Employers Cannot Use Social Security Numbers As Employee Identification Numbers or Include Them...
Delaware Amends Personal Information Protection Law
posted: Thursday, August 24th
Law Contains Multiple Requirements
Delaware has amended its personal information protection law. Highlights of the law are presented below.
Personal Information
Under the amended law, "personal information'' generally means a Delaware resident's first name or first initial and last name in combination with any one or more of the following data elements (among other things) that relate to that individual: passport number, health insurance policy number (or any other unique identifier used by a health insurer), medical history/treatment, diagnosis of mental or physical condition, DNA profile, or unique biometric data. Click here (section: 12B-101(4)) for more details.
Reasonable Procedures and Practices
Any employer who conducts business in Delaware and owns, licenses, or maintains personal information must implement and maintain reasonable procedures and practices to prevent the unauthorized acquisition, use, modification, disclosure, or destruction of personal information collected or maintained in the regular course of business.
Disclosure of Breach of Security
Any employer who conducts business in Delaware and who owns or licenses computerized data that includes personal information generally must provide notice of any breach of security following determination of the breach to any Delaware resident whose personal information was breached (or is reasonably believed to have been breached). Such notice must be made without unreasonable delay but not later than 60 days after determination of the breach, except in certain situations (section: 12B-102(c)).
Note: If more than 500 Delaware residents must be notified, the employer must also provide notice of the breach to the Attorney General by the time notice is provided to the resident.
Credit Monitoring Services
If the security breach includes a Social Security number, the employer generally must offer credit monitoring services at no cost for a period of 1 year to each resident whose personal information--including Social Security number--was breached (or is reasonably believed to have been breached). Click here (section: 12B-102(e)) for more details.
Additional details, including information on procedures deemed to be in compliance with the security breach notice requirements, are contained in the text of the amended law. The amended law was enacted on August 17, 2017 and becomes effective 240 days after such date.