Ask Reggi Your Question Now
Can you summarize 6 DECO Chapter 12B?
Other Laws Relating to Commerce and Trade > COMPUTER SECURITY BREACHES
Short Summary
The legal document, part of the Delaware Code, governs computer security breaches and defines key terms related to breaches of security. It applies to any person who conducts business in Delaware and owns, licenses, or maintains computerized data containing personal information. The document requires such persons to implement and maintain reasonable procedures and practices to prevent the unauthorized acquisition, use, modification, disclosure, or destruction of personal information. The document defines ‘breach of security’ as the unauthorized acquisition of computerized data compromising the security, confidentiality, or integrity of personal information. It also provides exemptions for good faith acquisition of personal information by employees or agents, as well as for encrypted personal information. The document further defines ‘determination of the breach of security’ as the point in time when sufficient evidence exists to conclude that a breach of security has occurred. It also defines ’encrypted’ as personal information rendered unusable or indecipherable through accepted security technology. The document defines ’notice’ as various forms of communication for notifying affected individuals. It also defines ‘person’ as any legal or commercial entity. The document requires any person conducting business in Delaware and owning or licensing computerized data containing personal information to provide notice of any breach of security to affected residents of the state. The notice must be given without unreasonable delay but not later than 60 days after the breach is determined, unless certain exceptions apply. If the breach affects more than 500 Delaware residents, the person must also notify the Attorney General. If the breach includes a Social Security number, the person must offer affected residents credit monitoring services at no cost for one year. The document also specifies that in the case of a breach involving login credentials of an email account, the notice cannot be provided to the email address itself but must be delivered through alternative methods. The document does not specify penalties for non-compliance.
Whom does it apply to?
Any person who conducts business in Delaware and owns, licenses, or maintains computerized data containing personal information
What does it govern?
Computer security breaches
What are exemptions?
Exemptions for good faith acquisition of personal information by employees or agents, as well as for encrypted personal information
What are the Penalties?
No penalties are mentioned in this chapter
Jurisdiction
Delaware