Steven Caponi and Elizabeth Sloan of Blank Rome LLP write:
On July 1, 2014, Delaware Governor Jack Markell signed into law Delaware House Bill 295, which amends Section 6 of the Delaware Code relating to trade and commerce. The new law, 6 Delaware Code §§50C-101 thru 50C-401, places new obligations on commercial entities with respect to the destruction of records containing the personally identifiable information of consumers. Importantly, the law exposes companies to new civil lawsuits by consumers and administrative enforcement actions by the Delaware Department of Justice. The new law is effective on January 1, 2015.
The heart of the new law is the obligation of “commercial entities” to take “all reasonable steps” to destroy consumers’ personal identifying information that is “no longer to be retained by the commercial entity” by “shredding, erasing, or otherwise destroying or modifying the personal identifying information in those records to make it entirely unreadable or indecipherable through any means. …” By adopting a broad definition of “commercial entity,” the new requirements impact all corporations, business trusts, estates, trusts, partnerships, limited partnerships, limited liability partnerships, limited liability companies, associations, organizations, joint ventures, or other legal entity—whether or not for-profit. Importantly, the law does not specify when documents must be destroyed, but rather, addresses how records should be destroyed when they will no longer be “retained” by a company.
Read more on JDSupra.