On August 21, 2017, Delaware Governor John Carney signed legislation requiring companies to comply with additional data security and breach obligations if they do business in Delaware or maintain personal information on Delaware residents. Among other things, the new Delaware law requires all companies doing business in Delaware to implement and maintain reasonable security to protect personal information. The law also requires businesses to provide free credit monitoring services for customers whose sensitive personal information is compromised in a cybersecurity breach. The law also now requires businesses to notify Delaware residents if their information has been compromised unless the breach is “unlikely to cause harm,” while the prior law required notification only when harm was “likely to occur.” Delaware’s new obligations on businesses is part of the growing trend of imposing heightened cyber breach requirements as breaches become more common and states respond to political pressures to increase consumer protections.
Click here, for more information on the new Delaware law.