HR Alert

Delaware Amends Personal Information Protection Law

Law Contains Multiple Requirements

Delaware has amended its personal information protection law. Highlights of the law are presented below.

Personal Information
Under the amended law, "personal information'' generally means a Delaware resident's first name or first initial and last name in combination with any one or more of the following data elements (among other things) that relate to that individual: passport number, health insurance policy number (or any other unique identifier used by a health insurer), medical history/treatment, diagnosis of mental or physical condition, DNA profile, or unique biometric data. Click here (section: 12B-101(4)) for more details.

Reasonable Procedures and Practices
Any employer who conducts business in Delaware and owns, licenses, or maintains personal information must implement and maintain reasonable procedures and practices to prevent the unauthorized acquisition, use, modification, disclosure, or destruction of personal information collected or maintained in the regular course of business.

Disclosure of Breach of Security
Any employer who conducts business in Delaware and who owns or licenses computerized data that includes personal information generally must provide notice of any breach of security following determination of the breach to any Delaware resident whose personal information was breached (or is reasonably believed to have been breached). Such notice must be made without unreasonable delay but not later than 60 days after determination of the breach, except in certain situations (section: 12B-102(c)).

Note: If more than 500 Delaware residents must be notified, the employer must also provide notice of the breach to the Attorney General by the time notice is provided to the resident.

Credit Monitoring Services
If the security breach includes a Social Security number, the employer generally must offer credit monitoring services at no cost for a period of 1 year to each resident whose personal information--including Social Security number--was breached (or is reasonably believed to have been breached). Click here (section: 12B-102(e)) for more details.

Additional details, including information on procedures deemed to be in compliance with the security breach notice requirements, are contained in the text of the amended law. The amended law was enacted on August 17, 2017 and becomes effective 240 days after such date.


Close
Login to HRSPI Client Portal
Username:
Password:
Forgotten PasswordForgot Password
Executive Search Executive Search

Harrassment Prevention

HRSPI offers comprehensive, interactive, AB1825-Compliant training. Programs include introduction to recent anti-bullying legislation.

Latest News

News Archives

Latest Blog

  • Interns: Paid or Unpaid?

    Internships offer great benefits to young people and to companies, but you must be certain that you are meeting the guidelines of the primary beneficiary test in order to not pay your interns.

    <read more>

Blog Archives