Delaware Updates Law to Address Advances in Cyber Threats

Delaware Governor John Carney last week signed into law House Substitute 1 for House Bill 180, legislation that provides the first updates in Delaware law to address advances in cyber threats in more than a decade.

The legislation requires additional protections for Delawareans whose personal information may be compromised in a computer breach, including additional notifications and free credit monitoring services.

With Governor Carney’s signature on Thursday, Delaware became the second state to require businesses to provide those services, following Connecticut.

Delaware Governor John Carney

“We live in a digital world where threats to personal information are becoming more common, and the cyber threat is one of the most serious economic challenges we face,” said Governor John Carney in a press release issued by the Delaware Office of the Governor. “It makes sense to offer additional protections for Delawareans who may have their information compromised in a cybersecurity breach. At the same time, we will continue to connect businesses to training and resources that will help them safeguard and protect their data.”

Delaware is one of 14 states to impose explicit data security obligations on the private sector. The new law will require all companies doing business in Delaware to implement and maintain reasonable security to protect personal information. It requires businesses to safeguard information and provide free credit monitoring services for customers whose sensitive personal information is compromised in a cybersecurity breach.

In particular, the bill focuses on notification requirements and additional help with identity theft mitigation services in cases where Social Security numbers are breached, Representative Paul Baumbach, who sponsored the legislation, added in the release.

“In our technological-driven world, these data breaches have become too common and impact a wide variety of individuals,” Representative Baumbach said in the release. “We had to find a way to address those concerns. This is a meaningful step forward in addressing these breaches so that we guarantee better protections for our residents and help them rebuild their lives after a cyber-attack.”

Thursday’s signing ceremony was held at the University of Delaware (UD), which offers a master’s program in cybersecurity to help drive innovation. UD’s Small Business Development Center also trains small businesses to identify cybersecurity threats and protect their business and customer data.

“The increase in cyberattacks and data breaches creates an imperative for Delaware to protect citizen information commonly used by criminals to perpetrate identity theft and fraud,” James Collins, chief information officer at the Delaware Department of Technology and Information, said in the release. “We all know that prevention is the best strategy, and that is our main goal. We want to be proactive so that our citizens and business community can avoid these threats.”

Source: Office of the Governor of the State of Delaware