Do You Know About Delaware Identity Theft Bill 295?
Although Delaware General Assembly House Bill 295 (Identity Theft Bill) came into effect on January 1st, 2015, many Delaware business owners are still unaware of the bill over seven months later. In fact, even the Small Business Center of Delaware claim they were not informed of the new law signed by Governor Jack Markell last July.
The Federal Trade Commission ranks Delaware 11th out of all U.S. states for identity theft per 100,000 residents – the new Bill 295 is set in-place to ensure Delaware businesses properly dispose of all their physical and digital company data to protect the personal identity of their customers. “This includes a copy of the customer’s signature; date of birth; health information, social security or passport number, driver’s license; or bank account, credit and debit card numbers”. If companies choose not to comply, then they could be sued for the financial amount gained by criminals, and result in an investigation by the Delaware Attorney General’s Office. Traditionally companies have shredded and discarded their customer data on a cyclical basis, either during the middle or the end of the year, so a grey area remains as to whether they will be in compliance with Bill 295. However, banks, financial institutions, healthcare insurers, and doctors are exempt from the new legislation, since federal laws determine their data destruction methods.
Main Challenges Facing Businesses
The biggest challenge facing companies is when they upgrade their computers and fail to destroy the data on their old hard drives or properly destroy the data stored on their cloud-based IT service account. Thus, companies who rely on cloud storage companies failing to properly destroy their customer identity data before switching could face severe fines in the thousands of dollars per identity theft victim. In fact, according to the Identity Theft Resource Center the average cost of identity theft for victims is $2,000. Not to mention risk putting their business reputation on the line. Also fairly recent technological advances could make it difficult for companies to keep up with the new identity theft bill, since according to a recent Javelin and Strategy Research study, smart phone identity theft victims have increased by 7%.
Business Legal Protections
Companies do have some protections under House Bill 235. For instance, under House Bill 235 identity victims must prove that the company was reckless or intentionally violated Bill 235 to win damages in a civil lawsuit. And a company cannot be held liable until it actively begins the process of destroying consumer information.
What Can Businesses Do To Protect Customer Data?
William R. Denny, attorney at Potter, Anderson and Carroon states: “It is important companies; using a Cloud service, understand the data retention and destruction policies that go along with information in the hands of that provider.” Businesses should also, understand their insurers and credit card processing company policies and compliance measures on data destruction.
IPR Is Here To Protect Your Company and Secure Your Customer Information
If your a Delaware-based company and want to ensure your company is secure and the personal identity of your customers are properly protected from cyber criminals – check out our robust suite of 99.99% reliable and secure, cloud IT security and data storage solutions on our website at: http://iprsecure.com or call us today at 877.282.4873.
The News Journal (Delaware Online). Identity theft bill catches businesses off-guard.