Search
 
 

Practices

Industries

 

Search

ABCDEFGHIJKLMNOPQRSTUVWXYZ
View all

FILTERS

  • Please search to find attorneys
Close Btn

Alerts

Media Contact
August 2017

Affirmative Data Security Obligations for Business

Delaware is the latest state to amend its data breach notification statute to include an affirmative duty for companies to proactively take “reasonable” measures to protect personally identifiable information of Delaware citizens.

Effective in April 14, 2018, the new statute requires that

Any person who conducts business in [Delaware] and owns, licenses, or maintains personal information shall implement and maintain reasonable procedures and practices to prevent the unauthorized acquisition, use, modification, disclosure, or destruction of personal information collected or maintained in the regular course of business.

Delaware is the thirteenth state to adopt such proactive mandates, with California, Massachusetts and Rhode Island requiring specific written policies and procedures. Several jurisdictions require encryption. Other jurisdictions require companies to contractually bind third party vendors with access to such data to implement their own proactive protective procedures. Certain states mandate as to how long data should be maintained and prescribe means for destruction of data when no longer needed.

The message is clear: any business that collects “personally identifiable information” about its customers and/or its personnel should be proactive to protect this data. Further, in several jurisdictions, companies that act proactively are statutorily shielded from liability in the event of a data breach that compromises personally identifiable information.

While the majority of the states have not (yet) adopted such proactive mandates, all but two states have adopted breach notification statutes that prescribe (i) what is a breach, (ii) who has to be notified in the event of a breach, (iii) how and when notice must be given, and (iv) fines and penalties for failure to comply with such notification mandates.

Whether your business “only” collects information about its own personnel, or also collects information about its customers, failure to be prepared for a security breach puts your entire company at risk.

Please contact us to help you:

  • Identify the statutes and standards by which your business is bound
  • Work with your company to develop written policies and procedures
  • Train your personnel
  • Develop response plans
  • Respond and recovery from security breaches


For more information, please contact your CSG attorney or the authors listed below.

Michelle A. Schaap | Member of the Firm | mschaap@csglaw.com | (973) 530-2026

Frank Peretore | Member of the Firm | fperetore@csglaw.com | (973) 530-2058

Rhonda Carniol | Member of the Firm | rcarniol@csglaw.com | (973) 530-2101

Robert L. Hornby | Member of the Firm | rhornby@csglaw.com | (973) 530-2032

Related Attorneys

Michelle A. Schaap

Michelle A. Schaap

Member Phone (973) 530-2026Fax (973) 530-2226mschaap@csglaw.com

Frank Peretore

Frank Peretore

Member Phone (973) 530-2058Fax (973) 530-2258fperetore@csglaw.com

Rhonda Carniol

Rhonda Carniol

Member Phone (973) 530-2101Fax rcarniol@csglaw.com

Robert L. Hornby

Robert L. Hornby

Member Phone (973) 530-2032Fax (973) 530-2232rhornby@csglaw.com