House Bill 180, sponsored by Representative Baumbach, has bipartisan support in General Assembly

DOVER, Del. – Governor John Carney and members of the General Assembly announced legislation on Thursday that would expand protections for Delawareans affected by computer security breaches.

The bipartisan legislation, House Bill 180, is sponsored by Representative Paul Baumbach. Additional sponsors include Senator David Sokola, Senator Ernesto “Ernie” Lopez, Senator Brian Pettyjohn, Representative Stephanie T. Bolden and Representative Deborah Hudson.

“This legislation would provide additional, common sense protections for Delawareans whose personal information may be compromised in a cybersecurity breach,” said Governor Carney. “We live in a world where these types of breaches are becoming more common, and we should enact additional safeguards for all Delawareans who may be affected. Thank you to Representative Baumbach and all members of the General Assembly who are taking on this important issue.”

“I am pleased to have been able to work with colleagues, members of the governor’s team and members of the technology branch of the Delaware bar to enable Delaware to play catch-up, if not leapfrog, on consumer notifications and protections when there are security breaches of your personal identification. Unfortunately these breaches are becoming too common and often involve a large number of victims,” said Representative Baumbach. “House Bill 180 will improve the notification requirements and ensure that in cases where Social Security numbers are breached, victims receive one-year of identity theft mitigation services. There is more to do, but this bill puts Delaware back on track to ensure better protection for our residents against identity theft due to data breaches.”

“In the ever changing world of cyber-technology, we must be responsive as a government in stepping up to protect Delawareans against the increasing threat of security breaches,” said Senator Sokola. “This legislation asked more of businesses when it comes to vigilance and reporting to law enforcement without burdening them or adding to their overhead. It’s a smart, collaborative path forward.”

“In light of all of the issues we’ve had in regard to instances of our systems being targeted, I think this legislation is extremely important at this time, not just for Delaware, but for our country,” said Senator Lopez.

“I am pleased to be a co-sponsor of this important bill,” said Representative Hudson. “In today’s ever-changing world of technology, there can never be too many safeguards in place to protect Delawareans against identity theft. This bill allows us to continue making strides in keeping citizens’ information safe and secure.”

The legislation would increase cybersecurity protections for Delawareans by requiring businesses to safeguard personal information, and to provide notice to Delawareans affected by a breach within 60 days of discovering the breach. In the event the affected class exceeds 500 residents, the Attorney General must be notified.

The legislation also requires breached entities to provide a year’s worth of identity protection services to affected residents, if Social Security numbers were compromised. Delaware would become just the second state to extend identity theft protection services, by law, to residents affected by a security breach.

“The unfortunate increase of cyber-attacks and data breaches across public and private sectors necessitates additional legal safeguards for victims and raising the bar on organizations by requiring cybersecurity measures be in place to guard personally identifiable information,” said James Collins, Chief Information Officer at the Delaware Department of Technology and Information. “This legislation adds provisions to the law to protect citizen information commonly used by criminals to perpetrate identity theft and fraud. The bill also strengthens the state’s position when working with vendors of cloud and hosted solutions by consistently ensuring Delawareans are notified and afforded credit monitoring in the event of a cyber incident.”

###

Will take over as President and CEO of the North Carolina-based company effective September 1^st

Wilmington – After leading the Delaware Department of Information and Technology (DTI) for more than five years, Secretary Jim Sills will step down to assume the role of president and chief executive officer of Mechanics and Farmers Bank (M&F Bank), effective September 1^st. Secretary Sills was appointed by Governor Jack Markell in 2009.

“Jim has earned the respect of many throughout the State of Delaware, including the strong and capable team at DTI, who will continue to build on the efforts of the past five years,” said Markell. “While we are sad to see him leave, we know his exceptional leadership skills and extensive banking background will serve M&F Bank well.”

Prior to his current role, Sills served in multiple senior leadership positions, including chief operating officer of First Tuskegee Bank and president and CEO of Memphis First Community Bank (now Landmark Bank). For five years, he served as executive vice president of MBNA America Bank/Technology Sector (now Bank of America). Following this role, he founded Homeland Security Verification, LLC, a small employment verification company, in 2007.

“I want to thank Governor Markell for the opportunity to serve in his cabinet,” said Sills. “I have enjoyed my public service experience, serving the citizens of Delaware, and working with the Cabinet, Legislature, Judiciary, and K-12 school districts to enhance the technology offerings in the State of Delaware. It’s been a privilege to lead the staff at the Department of Technology and Information (DTI). We have accomplished and implemented many IT initiatives that have served the state and taxpayers well. I want to thank the DTI staff for their hard work and dedication.”

Key accomplishments advancing Governor Markell’s technology and information agenda include:

• Implementation of the State’s Enterprise Resource Planning (ERP) project (New First State Financial System): This $80 Million project was successfully implemented in July 2010, and was the largest effort ever undertaken within state information technology. This project affected 35 state agencies, 19 school districts, 19 charter schools, and 2 higher education organizations, with an impact on 35,000 employees. Ultimately 3,700 end users were trained in the months prior to implementation.
  

• Consolidation of IT resources in state government: Starting with Executive Order 20, enacted in August 2010, DTI has been the lead state agency in identifying redundant functions and resources within various agencies and consolidating them into leaner and more efficient entities. This has led to significant improvements in customer service, service delivery, cost savings, and overall insight into the departments’ major projects. In addition, DTI launched an Enterprise Data Management & Governance Plan (EDMP) to better share data within and across organizations, to create efficiencies with business processes, to optimize the usage of data, and to reduce costs to the state by optimizing software licensing and reducing hardware footprints.

• Virtual Servers: Delaware leads the nation with 85 percent of our servers virtualized.  DTI developed a private cloud solution, and added more than 1300 physical servers to the virtualized private cloud. These physical servers made up a 262 percent increase since 2009, and this consolidation has resulted in an estimated cost avoidance of approximately $4.0 million.
  

• Cyber Security Awareness and Education: DTI is deeply involved in many Cyber Activities.  They include hosting the Cyber Brief: “Cyber Terrorism Defense Training”, the annual Delaware Cyber Security Exercise, and Cyber Safety presentations to school-aged children, as well as Cyber Aces and Cyber Security Challenge camps.  Delaware is recognized as one of the top states for awareness, training, and outreach in this space.  Further, Delaware is one of four states that require their employees to take an annual Cyber Computer Based training program – 98 percent of the employees have taken the course.      
  

• Expansion of High-Speed Broadband Access in Sussex County: House Bill 96 created the “Delaware Broadband Fund” to support and enhance broadband services in the State’s public schools and public libraries and for rural broadband initiatives in unserved areas of the State. DTI and Governor Markell announced the $2 million grant opportunity for telecom providers to help expand broadband in the Georgetown/Sussex County area.

M&F Bank is the wholly-owned subsidiary of M&F Bancorp, Inc., a one-bank holding company headquartered in Durham, NC, with assets of approximately $299.9 million as of March 31, 2014.

###