|Synopsis of Orginal Bill:|
|With the advent of electronic medical records, social networks, and increased smart phone usage, private and intimate details about people’s lives have now become digital. Information stored digitally can be improperly disclosed and/or accessed more readily than information stored only on paper or microfilm. With personal information about an individual, an offender can obtain credit in that individual’s name. Often, the use of the stolen identity does not occur until years after the theft. The out-of-pocket cost that an individual incurs in the wake of a data breach can include paying off fraudulent debt, law suits, resolution fees, and credit monitoring fees.|
In 2010, the personal information of more than 22,000 retired Delaware state employees was posted on a website that was accessible to the public. The posted information included the retirees’ Social Security Numbers, birthdates, and genders. The entity responsible for compiling the information did not encrypt the information to prevent identification. In the span of four days, the information was accessed approximately 100 times by servers outside the United States. A class action suit was filed against the entity in 2010 but was dismissed because the breach had not yet resulted in economic damages beyond the potential cost of credit monitoring. The retirees are however still in peril of later use of their stolen identifiable information that was accessed shortly after it was posted in August, 2010.
This legislation would clarify that a person who is a victim of a "Digital Data Breach" shall have 7 years from the date the personal information is posted in which to bring a civil action for damages.