Background on Data Destruction Law

Background on Data Destruction Law

By James DeChene

As previously reported in 2014, the General Assembly passed a bill (HB 295) that created new rules for businesses for how they handle consumer’s personal data (name, social security number, address, credit card info, etc.). Stemming from a news report out of Philadelphia of an identity theft conducted with documentation found in a trash can outside of a business, this bill directed all businesses in Delaware to properly erase or destroy any and all data that falls under this category.

The State Chamber worked with the bill sponsor, Rep. Stephanie Bolden, to ease the onus placed on businesses including language involving “reasonable steps” to destroy the data, and also sets the standard for bringing a lawsuit as requiring a “reckless or intentional” violation by the business. Going further in the 148th Session, another bill was introduced (HB 18) that clarified that these provisions only affect those companies that do business in Delaware, not all businesses either registered only here, or those that conduct business with Delawareans, such as a wood carver from Vermont selling to a Delaware resident.