SPONSOR:   

Rep. Bolden & Rep. Scott & Sen. Henry

 

Reps. Brady, Gray, Potter, Ramone

 

HOUSE OF REPRESENTATIVES

147th GENERAL ASSEMBLY

 

HOUSE BILL NO. 295

 

 

AN ACT TO AMEND TITLE 6 OF THE DELAWARE CODE RELATING TO COMMERCE AND TRADE AND THE SAFE DESTRUCTION OF DOCUMENTS CONTAINING PERSONAL IDENTIFYING INFORMATION.

 


BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF DELAWARE:

 


Section 1.  Amend Title 6, Subtitle II, of the Delaware Code by making deletions as shown by strike through and insertions as shown by underline as follows:

CHAPTER 50C.  SAFE DESTRUCTION OF DOCUMENTS CONTAINING PERSONAL IDENTIFYING INFORMATION

§50C-101. Definitions.

For purposes of this chapter:

(1) "Commercial entity" means a corporation, business trust, estate, trust, partnership, limited partnership, limited liability partnership, limited liability company, association, organization, joint venture, or other legal entity, whether or not for profit.

(2) "Consumer" means an individual who enters into a transaction primarily for personal, family, or household purposes.

(3) "Personal identifying information" means a consumer’s first name or first initial and last name in combination with any 1 of the following data elements that relate to the consumer, when either the name or the data elements are not encrypted:  his or her signature, full date of birth, social security number, passport number, driver's license or state identification card number, insurance policy number, financial services account number, bank account number, credit card number, debit card number, any other financial information or confidential health care information including all information relating to a patient's health care history, diagnosis condition, treatment, or evaluation obtained from a health care provider who has treated the patient which explicitly or by implication identifies a particular patient.

(4) "Record" means information that is inscribed on a tangible medium, or that is stored in an electronic or other medium and is retrievable in perceivable form on which personal information is recorded or preserved.  “Record” does not include publicly available directories containing information a consumer has voluntarily consented to have publicly disseminated or listed, such as name, address, or telephone number, or other directories as are derived solely from such directories.

§50C-102. Safe destruction of documents.

A commercial entity shall take all reasonable steps to destroy or arrange for the destruction of a consumer's personal identifying information within its custody and control that is no longer to be retained by the commercial entity by shredding, erasing, or otherwise destroying or modifying the personal identifying information in those records to make it entirely unreadable or indecipherable through any means for the purpose of:

(a) Ensuring the security and confidentiality of consumer’s personal identifying information;

(b) Protecting against any reasonably foreseeable threats or hazards to the security or integrity of consumer’s personal identifying information; and

(c) Protecting against unauthorized access to or use of consumer’s personal identifying information that could result in substantial harm or inconvenience to any consumer.

§50C-103.Violations.

(a)  A commercial entity that does not take all reasonable steps in disposing of a consumer's personal identifying information set out in this chapter is in violation.  For the purposes of this chapter, each record unreasonably disposed of constitutes an individual violation.

(b) A consumer who incurs actual damages due to a violation of this chapter may bring a civil action against the commercial entity, and the court may award treble damages.

(c) Whenever the Attorney General has reason to believe that a violation of this chapter has occurred and that proceedings would be in the public interest, the Division of Consumer Protection of the Department of Justice may bring an action in law or the Division of Consumer Protection may bring an administrative enforcement proceeding pursuant to Chapter 25 of Title 29.  The provisions of Chapter 25 of Title 29, including those regarding remedies, cease and desist orders, violations, penalties, and appeals, shall apply to this Chapter.  The provisions of this chapter are not exclusive and do not relieve a commercial entity subject to this chapter from compliance with all other applicable provisions of law.

§50C-104. Exemptions.

This chapter does not apply to any of the following:

(1) Any bank, credit union, or financial institution, as defined under the federal Gramm Leach Bliley Law, that is subject to the regulation of the Office of the Comptroller of Currency, the Federal Reserve, the National Credit Union Administration, the Securities and Exchange Commission, the Federal Deposit Insurance Corporation, the Office of Thrift Supervision and the U.S. Department of the Treasury, or the Department of Business Regulation and is subject to the privacy and security provisions of the Gramm Leach Bliley Act, 15 U.S.C. section 6801 et seq, as amended;

(2) Any health insurer or health care facility that is subject to and in compliance with the standards for privacy of individually identifiable health information and the security standards for the protection of electronic health information of the Health Insurance Portability and Accountability Act of 1996; or

(3) Any consumer report agency that is subject to and in compliance with the Federal Credit Reporting Act, 15 U.S.C. section 1681 et seq., as amended; or

(4) Any government, governmental subdivision, agency, or instrumentality.

Section 2.  This Act shall take effect January 1, 2015.


SYNOPSIS

This bill will create a new chapter regarding the safe destruction by business entities of documents containing personal information.  Aggrieved customers will have a civil action to recover potential treble damages.  In addition, the Attorney General may file suit or bring an administrative enforcement proceeding against the business in violation if it is in the public interest.  Banks, financial institutions, and certain other regulated institutions are exempt, as are governments and their subdivisions, agencies and instrumentalities.