Delaware businesses get new recordkeeping obligations

by Molly DiBianca and Lauren Russell

Delaware’s new law related to the safe destruction of documents containing personal identifying information will take effect on January 1.

The law requires commercial entities to take all reasonable steps to destroy a consumer’s personal identifying information within the business’s custody and control when the information is no longer to be retained. Destruction includes shredding, erasing, or otherwise destroying or modifying the personal identifying information to make it entirely unreadable or indecipherable through any means.

Personal identifying information includes but is not limited to a consumer’s first name or first initial and last name in combination with any one of the following: a signature, date of birth, Social Security number, passport number, driver’s license number, insurance policy number, or financial information such as a credit card number.

There are exceptions for federally regulated financial institutions, healthcare organizations subject to the Health Insurance Portability and Accountability Act (HIPAA), consumer reporting agencies subject to the Fair Credit Reporting Act (FCRA), and governmental bodies.

Violation of the statute carries stiff penalties, including triple damages.

Molly DiBianca and Lauren Russell are editors of Delaware Employment Law Letter and attorneys with Young Conaway Stargatt & Taylor, LLP, in Wilmington, Delaware.