Mandated Timeframe for Breach Reporting and/or Consumer Notification

Within 60 days
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Program for Protection/Security
  • Vendor Specific Obligations
  • Vendor Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violations of breach and notification laws:
- Penalties and/or civil relief may apply

Regulation Levels
  • Breach Reporting
  • Consumer Notifications
  • Vendor Management
  • Data Protection
Level Description
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • If the breach of security includes a Social Security number, credit monitoring services must be offered for a period of 1 year at no cost to the affected consumer.
  • If the affected number of Delaware residents to be notified exceeds 500 residents, notice of the breach of security must also be provided to the Attorney General.
  • The Attorney General may bring an action in law or equity to address the violations relating to security breach and for other relief that may be appropriate to ensure compliance or recover monetary damages, or both.
  • Civil actions may be brought for violations relating to data disposal laws.
  • If vendor is breached, they must report it to the data owner. The data owner will be responsible to complete the reporting and consumer notification.
  • If your breach affects residents in other states, you will need to notify those residents using that state’s rules.
Statutes and Laws
  • Del. Code Title 6 §§ 12B-100-12B-104 Computer security breaches
  • Del. Code Title 6 §§ 1201C-1206C Delaware Online Privacy and Protection Act
  • Del. Code Title 6 §§ 5001C-5004C Safe Destruction of Records Containing Personal Identifying Information
  • Del. Code Title 19 §§ 730-736 Right to Inspect Personnel Files / Safe destruction of records containing personal identifying information
  • Del. Code Title 14 §§ 8101A- 8106A Student Data Privacy Protection Act
BAck to map