BREACH NOTIFICATION – Mandated Timeframe
Within 60 days
FINES & PENALTIES – Violations
Penalties and/or civil relief may apply
Vendor Contract Required
PRIVACY AND SECURITY LAWS
Laws related to personal information and privacy and security.
Delaware Privacy Law Information
Organizations must implement and maintain reasonable procedures and practices to protect personal information collected and maintained. Organizations and Vendors conducting business in Delaware must have in place measures to destroy or arrange for the destruction of consumer’s personal identifying records so that the records are made unreadable or indecipherable.
A breach of security involving computerized personal information affecting over 500 residents must be reported to the Attorney General no later than the time of consumer notifications. If a breach of security includes Social Security numbers, credit monitoring services must be provided by the breached Organization for a period of 1 year at no cost to affected consumers. Organizations will be responsible to complete any required regulatory reporting and consumer notification.
Delaware residents affected by a breach of security must be notified of the breach within 60 days unless it is determined after an appropriate investigation that harm to the individual(s) is unlikely. If a breach affects residents of other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.
Vendors must notify Organizations immediately after the determination of a breach or suspected breach. Vendors must cooperate with Organizations by providing necessary information about a breach incident.
The Attorney General may bring an action to address violations relating to a security breach and may seek relief appropriate to ensure compliance or recover monetary damages, or both. Civil actions may be brought for violations relating to data disposal laws.
Delaware Statutes and Laws
Computer security breaches
Delaware online privacy and protection act
Safe destruction of records containing personal identifying information
Disclosure of pupils’ school records
Student Data Privacy Protection Act
Insurance Data Security Act
Right to inspect personal files / safe destruction of records containing personal identifying information
The information provided is not legal guidance or recommendations and are for informational purposes only.