- If the breach of security includes a Social Security number, credit monitoring services must be offered for a period of 1 year at no cost to the affected consumer.
- If the affected number of Delaware residents to be notified exceeds 500 residents, notice of the breach of security must also be provided to the Attorney General.
- The Attorney General may bring an action in law or equity to address the violations relating to security breach and for other relief that may be appropriate to ensure compliance or recover monetary damages, or both.
- Civil actions may be brought for violations relating to data disposal laws.
- If vendor is breached, they must report it to the data owner. The data owner will be responsible to complete the reporting and consumer notification.
- If your breach affects residents in other states, you will need to notify those residents using that state’s rules.
STATUTES AND LAWS
- Delaware Data Security Breach Notification Law: This law requires businesses and government entities to notify affected individuals in the event of a data breach that involves personal information.
- Delaware Financial Privacy Notice Act: This law requires financial institutions to provide privacy notices to customers and to obtain their consent before sharing certain types of personal information with third parties.
- Delaware Insurance Information and Privacy Protection Act: This law requires insurance companies to protect the privacy of their customers’ personal information and to provide notice to customers in the event of a data breach.
- Delaware Consumer Fraud Act: This law prohibits unfair or deceptive practices in the collection, use, and disclosure of personal information.