HR Alert

Delaware Amends Personal Information Protection Law

Law Contains Multiple Requirements

Delaware has amended its personal information protection law. Highlights of the law are presented below.

Personal Information
Under the amended law, "personal information'' generally means a Delaware resident's first name or first initial and last name in combination with any one or more of the following data elements (among other things) that relate to that individual: passport number, health insurance policy number (or any other unique identifier used by a health insurer), medical history/treatment, diagnosis of mental or physical condition, DNA profile, or unique biometric data. Click here (section: 12B-101(4)) for more details.

Reasonable Procedures and Practices
Any employer who conducts business in Delaware and owns, licenses, or maintains personal information must implement and maintain reasonable procedures and practices to prevent the unauthorized acquisition, use, modification, disclosure, or destruction of personal information collected or maintained in the regular course of business.

Disclosure of Breach of Security
Any employer who conducts business in Delaware and who owns or licenses computerized data that includes personal information generally must provide notice of any breach of security following determination of the breach to any Delaware resident whose personal information was breached (or is reasonably believed to have been breached). Such notice must be made without unreasonable delay but not later than 60 days after determination of the breach, except in certain situations (section: 12B-102(c)).

Note: If more than 500 Delaware residents must be notified, the employer must also provide notice of the breach to the Attorney General by the time notice is provided to the resident.

Credit Monitoring Services
If the security breach includes a Social Security number, the employer generally must offer credit monitoring services at no cost for a period of 1 year to each resident whose personal information--including Social Security number--was breached (or is reasonably believed to have been breached). Click here (section: 12B-102(e)) for more details.

Additional details, including information on procedures deemed to be in compliance with the security breach notice requirements, are contained in the text of the amended law. The amended law was enacted on August 17, 2017 and becomes effective 240 days after such date.

Login to HRSPI Client Portal
Forgotten PasswordForgot Password
Executive Search Executive Search

Harrassment Prevention

HRSPI offers comprehensive, interactive, AB1825-Compliant training. Programs include introduction to recent anti-bullying legislation.

Latest News

  • International Womens Day 2019

    Observed since 1911, this is a day to celebrate women's achievements, and to renew your committment to equality and balance. This year's theme is balance.

    <read more>

News Archives

Latest Blog

Blog Archives