House Bill 180, sponsored by Representative Baumbach, has bipartisan support in General Assembly
DOVER, Del. – Governor John Carney and members of the General Assembly announced legislation on Thursday that would expand protections for Delawareans affected by computer security breaches.
The bipartisan legislation, House Bill 180, is sponsored by Representative Paul Baumbach. Additional sponsors include Senator David Sokola, Senator Ernesto “Ernie” Lopez, Senator Brian Pettyjohn, Representative Stephanie T. Bolden and Representative Deborah Hudson.
“This legislation would provide additional, common sense protections for Delawareans whose personal information may be compromised in a cybersecurity breach,” said Governor Carney. “We live in a world where these types of breaches are becoming more common, and we should enact additional safeguards for all Delawareans who may be affected. Thank you to Representative Baumbach and all members of the General Assembly who are taking on this important issue.”
“I am pleased to have been able to work with colleagues, members of the governor’s team and members of the technology branch of the Delaware bar to enable Delaware to play catch-up, if not leapfrog, on consumer notifications and protections when there are security breaches of your personal identification. Unfortunately these breaches are becoming too common and often involve a large number of victims,” said Representative Baumbach. “House Bill 180 will improve the notification requirements and ensure that in cases where Social Security numbers are breached, victims receive one-year of identity theft mitigation services. There is more to do, but this bill puts Delaware back on track to ensure better protection for our residents against identity theft due to data breaches.”
“In the ever changing world of cyber-technology, we must be responsive as a government in stepping up to protect Delawareans against the increasing threat of security breaches,” said Senator Sokola. “This legislation asked more of businesses when it comes to vigilance and reporting to law enforcement without burdening them or adding to their overhead. It’s a smart, collaborative path forward.”
“In light of all of the issues we’ve had in regard to instances of our systems being targeted, I think this legislation is extremely important at this time, not just for Delaware, but for our country,” said Senator Lopez.
“I am pleased to be a co-sponsor of this important bill,” said Representative Hudson. “In today’s ever-changing world of technology, there can never be too many safeguards in place to protect Delawareans against identity theft. This bill allows us to continue making strides in keeping citizens’ information safe and secure.”
The legislation would increase cybersecurity protections for Delawareans by requiring businesses to safeguard personal information, and to provide notice to Delawareans affected by a breach within 60 days of discovering the breach. In the event the affected class exceeds 500 residents, the Attorney General must be notified.
The legislation also requires breached entities to provide a year’s worth of identity protection services to affected residents, if Social Security numbers were compromised. Delaware would become just the second state to extend identity theft protection services, by law, to residents affected by a security breach.
“The unfortunate increase of cyber-attacks and data breaches across public and private sectors necessitates additional legal safeguards for victims and raising the bar on organizations by requiring cybersecurity measures be in place to guard personally identifiable information,” said James Collins, Chief Information Officer at the Delaware Department of Technology and Information. “This legislation adds provisions to the law to protect citizen information commonly used by criminals to perpetrate identity theft and fraud. The bill also strengthens the state’s position when working with vendors of cloud and hosted solutions by consistently ensuring Delawareans are notified and afforded credit monitoring in the event of a cyber incident.”
Built by the Government Information Center