An amendment to Delaware’s data breach notification law will go into effect in April 2018.

The data breach notification law applies to anyone doing business in Delaware.  The amendment to the law requires that companies notify affected individuals within 60 days, rather than as soon as possible.  The amendment also adds the requirement of notifying Delaware’s attorney general if the breach affects more than 500 residents.

An important addition with this amendment is the requirement that companies provide a year of credit monitoring for free if the Social Security number was breached.  This is an upcoming trend, one that organizations should begin to consider offering without legal requirements to do so.

Additionally, the amendment broadened the definition for personal information.  The new definition includes medical history, biometric data, passport and taxpayer identification numbers, and online account credentials.

As the world of data and cyber security evolves, so too do the laws governing data.  Many laws outside of HIPAA have been less stringent, so following HIPAA requirements has meant organizations have been in a secure place with regards to protecting health information.  New laws and amendments mean organizations will need to stay aware of these changes and start implementing them.

To help you stay up to date, HIPAAgps offers information like this in our weekly blog reports, as well as in our HIPAA compliance tool.  Join the many other people using HIPAAgps today and receive regular HIPAA tips, updates, and guidance.