Delaware’s New Data Destruction Law Takes Effect January 1, 2015
Delaware House Bill 295 was signed into law on July 1. The law provides that if a commercial entity seeks to dispose of information that inscribed on a tangible medium, or that is stored in an electronic or other medium and is retrievable in a perceivable form containing consumers’ personal identifying information, the commercial entity must take reasonable steps to destroy or arrange for the destruction of such records by shredding, erasing, or otherwise destroying or modifying the personal identifying information in those records to make it unreadable or indecipherable.
“Personal identifying information” means a consumer’s first name or first initial and last name in combination with any of the following data elements that relate to the consumer, when either the name or the data elements are not encrypted: social security number, passport number, driver’s license or state identification card number, insurance policy number, financial services account number, bank account number, credit card number, debit card number, tax or payroll information or confidential healthcare information including all information relating to a patient’s health care history, diagnosis, condition, treatment, or evaluation.
The Bill will create a new chapter regarding the safe destruction of business entities documents containing personal information. Aggrieved customers will have a civil action to recover potential treble damages. In addition the Attorney General may file suit or bring an administrative enforcement proceedings against the business in violation if it is in the public interest.