Enhance your TRUST relationship with PRIVACY and SECURITY. Privacy Made Simple!

   +1 866 267 0049   830 NE Pop Tilton Place, Jensen Beach, FL 34957

Delaware
Privacy Laws

Overview

BREACH NOTIFICATION – Mandated Timeframe
Within 60 days

FINES & PENALTIES – Violations
Penalties and/or civil relief may apply

Legal

Regulation Levels

  • Breach Reporting

    Breach Reporting

  • Consumer Notification

    Consumer Notification

  • Vendor Management

    Vendor Management

  • Vendor Contract Required

    Vendor Contract Required

PRIVACY AND SECURITY LAWS

Laws related to personal information and privacy and security.

QUICK FACTS

Delaware Privacy Law Information

PRIVACY PROGRAM

Organizations must implement and maintain reasonable procedures and practices to protect personal information collected and maintained. Organizations and Vendors conducting business in Delaware must have in place measures to destroy or arrange for the destruction of consumer’s personal identifying records so that the records are made unreadable or indecipherable.

BREACH REPORTING

A breach of security involving computerized personal information affecting over 500 residents must be reported to the Attorney General no later than the time of consumer notifications. If a breach of security includes Social Security numbers, credit monitoring services must be provided by the breached Organization for a period of 1 year at no cost to affected consumers. Organizations will be responsible to complete any required regulatory reporting and consumer notification.

CONSUMER NOTIFICATION

Delaware residents affected by a breach of security must be notified of the breach within 60 days unless it is determined after an appropriate investigation that harm to the individual(s) is unlikely. If a breach affects residents of other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.

INDUSTRY SPECIFIC LAWS

Posting of a Privacy Policy containing specific information is required of any operator of a commercial internet website, online or cloud computing service, application or mobile application that collects personal information of Delaware residents. Education-sector vendors must be contracted and abide by contractual requirements for the protection of educational records. Delaware’s Insurance Data Security Law includes requirements for insurance licensees to protect personal information and investigate and respond to breaches of security. Licensees have until July 31, 2021, to comply with the vendor’s management requirements. Entities regulated by the Insurance Commissioner have a breach notification deadline of 3 business days.

VENDOR/THIRD PARTIES

Vendors must notify Organizations immediately after the determination of a breach or suspected breach. Vendors must cooperate with Organizations by providing necessary information about a breach incident.

FINES & PENALTIES

The Attorney General may bring an action to address violations relating to a security breach and may seek relief appropriate to ensure compliance or recover monetary damages, or both. Civil actions may be brought for violations relating to data disposal laws.

Delaware Statutes and Laws

DEL. CODE TITLE 6 §§ 12B-100 – 12B-104

Computer security breaches

DEL. CODE TITLE 6 §§ 1201C – 1206C

Delaware online privacy and protection act

DEL. CODE TITLE 6 §§ 5001C – 5004C

Safe destruction of records containing personal identifying information

DEL. CODE TITLE 14 § 4111

Disclosure of pupils’ school records

DEL. CODE TITLE 14 §§ 8101A – 8106A

Student Data Privacy Protection Act

DEL. CODE TITLE 18 §§ 8601 – 8611

Insurance Data Security Act

DEL. CODE TITLE 19 §§ 730 – 736

Right to inspect personal files / safe destruction of records containing personal identifying information

DISCLAIMER

The information provided is not legal guidance or recommendations and are for informational purposes only.