Amendments to Delaware’s data security breach notification law that went into effect Saturday require companies to notify the Delaware Attorney General when they experience a breach affecting the personal information of more than 500 Delaware residents, and the Delaware Department of Justice’s Consumer Protection Unit has launched an online portal to assist consumers, businesses, and other individuals and organizations who are involved in, or want to learn more about, data security breaches affecting Delaware residents.

Since 2005, any person who conducts business in Delaware, and who owns, licenses, or maintains personal information of Delaware residents, has had to provide notice to Delaware residents when the personal information of those Delaware residents has been subject to a security breach. Amendments to Delaware law passed in 2017, sponsored by Rep. Paul Baumbach and Sen. David Sokola, and backed by the Consumer Protection Unit, greatly expanded the definition of “personal information” to protect more sensitive information, and now require persons to provide notice to the Delaware Attorney General when a security breach affects more than 500 Delaware residents. Prior to the amendments, businesses and other organizations which suffered security breaches were not required to provide notice to the Delaware Attorney General, regardless of how many Delaware residents were affected.

A new webpage is now available on the Attorney General’s website, at https://attorneygeneral.delaware.gov/fraud/cpu/securitybreachnotification/, with the following resources:

• Online Reporting of Data Security Breaches — Any person, including businesses, organizations, and government agencies, who needs to provide notice of a data security breach to the Delaware Attorney General will be able to do so using either a web form available on the new webpage, or a fillable PDF form also available on the webpage that can be emailed directly to the Consumer Protection Unit’s dedicated email address for notifications (security.breach.notification@delaware.gov). Use of these resources is voluntary, and persons required to provide notice to the Attorney General can still send written notice through the mail.
• Data Security Breach Notice Database — A database will allow consumers to see which entities have reported data security breaches to the Attorney General, when those breaches occurred, and the approximate number of Delaware residents affected by those breaches.
• Model Form for Providing Notice to Consumers and Other Affected Persons — Delaware’s Data Security Breach Notification Law does not require a specific form of notice in order to notify Delaware residents that their personal information was involved in a data security breach, but to provide assistance and guidance to persons required to provide notice to Delaware residents, the Consumer Protection Unit is making available a Model Data Security Breach Notification Form that will help provide Delaware residents with clear, easy-to-read, and accessible information regarding the data security breach.
• Links to Online Cybersecurity Resources — The webpage will also include links to helpful resources on cybersecurity issues, including the Delaware Department of Technology and Information, the Delaware Small Business Development Council, the Federal Trade Commission, and the U.S. Department of Homeland Security.

“Data security breaches, whether due to simple human error, criminal conduct by hackers, or something else, can have long-lasting and significant effects on the Delawareans whose personal information is stolen,” Attorney General Matt Denn said. “It’s important that businesses and other organizations that suffer these breaches promptly notify consumers and law enforcement, including my office. These new online resources will make it easy to let my office know what’s happened, so that we can ensure appropriate action is taken to protect and help Delawareans affected by data security breaches.”

Print