Delaware Updates Law to Address Advances in Cyber Threats

September 18, 2017

Delaware Governor John Carney has signed into law House Substitute 1 for House Bill 180, legislation that provides the first updates in Delaware law to address advances in cyber threats in more than a decade.

The legislation requires additional protections for Delawareans whose personal information may be compromised in a computer breach, including additional notifications and free credit monitoring services. With Governor Carney’s signature, Delaware became the second state to require businesses to provide those services, following Connecticut.

Delaware is one of 14 states to impose explicit data security obligations on the private sector. The new law will require all companies doing business in Delaware to implement and maintain reasonable security to protect personal information. It requires businesses to safeguard information and provide free credit monitoring services for customers whose sensitive personal information is compromised in a cybersecurity breach.

In particular, the bill focuses on notification requirements and additional help with identity theft mitigation services in cases where Social Security numbers are breached, Rep. Paul Baumbach, who sponsored the legislation, said in the release announcing the signing of the bill.

A signing ceremony was held at the University of Delaware (UD), which offers a master’s program in cybersecurity to help drive innovation. UD’s Small Business Development Center also trains small businesses to identify cybersecurity threats and protect business and consumer data.

“We live in a digital world where threats to personal information are becoming more common, and the cyber threat is one of the most serious economic challenges we face,” said Gov. John Carney in the press release issued by his office. “It makes sense to offer additional protections for Delawareans who may have their information compromised in a cybersecurity breach. At the same time, we will continue to connect businesses to training and resources that will help them safeguard and protect their data.”