Mandated Timeframe for Breach Reporting and/or Consumer Notification
Within 60 days
Laws related specifically to personal information
Breach Reporting & Consumer Notification
Protect Personal Information
Program for Protection/Security
Third Party: Specific Obligations
Third Party: Mandated Contracts
Requests for Information
Fines & Penalties
Violations of breach and notification laws means penalties and/or civil relief may apply.
Third Party Management
None to minimal
If the breach of security includes a Social Security number, credit monitoring services must be offered for a period of 1 year at no cost to the affected consumer.
If the affected number of Delaware residents to be notified exceeds 500 residents, notice of the breach of security must also be provided to the Attorney General.
The Attorney General may bring an action in law or equity to address the violations relating to security breach and for other relief that may be appropriate to ensure compliance or recover monetary damages, or both.
Civil actions may be brought for violations relating to data disposal laws.
If vendor is breached, they must report it to the data owner. The data owner will be responsible to complete the reporting and consumer notification.
If your breach affects residents in other states, you will need to notify those residents using that state’s rules.
Statutes and Laws
Del. Code Title 6 §§ 12B-100-12B-104 Computer security breaches
Del. Code Title 6 §§ 1201C-1206C Delaware Online Privacy and Protection Act
Del. Code Title 6 §§ 5001C-5004C Safe Destruction of Records Containing Personal Identifying Information
Del. Code Title 19 §§ 730-736 Right to Inspect Personnel Files / Safe destruction of records containing personal identifying information
Del. Code Title 14 §§ 8101A-§ 8106A Student Data Privacy Protection Act