16
Quarter1
h r c o r n e r
D
elaware employers disposing of records containing
employees’ unencryptedpersonal identifying information
must take reasonable steps to destroy the identifying
data prior to disposing of the electronic or paper records under a
law signed by Gov. Jack A. Markell, on Sept. 2, 2014.
The law, which went into effect January 1
st
, 2015, requires
employers to take all reasonable steps to destroy or arrange for
the destruction of each such record within the business’s custody
and control when the information is no longer needed. Each record
must be shredded, erased, or otherwise destroyed or modified in
a way that the personal identifying information is unreadable or
indecipherable.
Personal identifying information is defined as an employee’s first
name or first initial and last name combined with any of the
following data elements that relate to the employee if either the
name or the data elements are not encrypted:
•
His or her signature.
•
Full date of birth.
•
Social Security number.
•
Passport number.
•
Driver’s license or state identification card number.
•
Insurance policy number.
•
Financial services account number, bank account number, credit card
number, debit card number, or any other financial information.
•
Confidential health care information.
An employee who suffers actual damages resulting from the
reckless or intentional violation of the law may bring a civil action
against the employer for triple damages.
Upon enactment, Delaware will join 30 other states that currently
regulate the disposal of personal information.
Employers Must
Take Reasonable
Steps to Destroy
Identifying Data
