NEWARK, Del. – Gov. John Carney signed into law House Bill 180 on Thursday, legislation that requires additional protections for Delawareans whose personal information may be compromised in a computer breach, including additional notifications and free credit monitoring services.
The new law requires businesses to safeguard information, and requires businesses to provide free credit monitoring services for customers whose sensitive personal information is compromised in a cybersecurity breach. Delaware became just the second state to require businesses to provide those services, after Connecticut.
“We live in a digital world where threats to personal information are becoming more common, and the cyber threat is one of the most serious economic challenges we face,” said Carney. “It makes sense to offer additional protections for Delawareans who may have their information compromised in a cybersecurity breach. At the same time, we will continue to connect businesses to training and resources that will help them safeguard and protect their data.”
House Bill 180 provides the first updates in Delaware law in more than a decade to address advances in cyber threats. The new law will require all companies doing business in Delaware to implement and maintain reasonable security to protect personal information. Delaware is one of 14 states to impose explicit data security obligations on the private sector.
“The increase in cyberattacks and data breaches creates an imperative for Delaware to protect citizen information commonly used by criminals to perpetrate identity theft and fraud,” said James Collins, Chief Information Officer at the Delaware Department of Technology and Information. “We all know that prevention is the best strategy and that is our main goal. We want to be proactive so that our citizens and business community can avoid these threats.”