Delaware Privacy Law Portal Offers Businesses a New Resource
In 2023, Delaware passed a comprehensive data privacy law that goes into effect on January 1st, 2025. The Delaware Department of Justice’s Consumer Protection Unit has created an online data privacy portal. The resource can help businesses understand what is required of them to be in full compliance with Delaware’s privacy law. The portal is also designed to help consumers and parents understand what rights will be granted to them once the law goes into effect.
The Delaware Personal Data Privacy Act (DPDPA)
The Delaware privacy law is similar to laws passed in other states. It provides consumers the following rights:
- Confirm whether a controller is processing the consumer’s personal data and access such data
- Correct inaccuracies in their data
- Delete personal data provided by or obtained by the controller
- Obtain a copy of their data in a portable and readily usable format
- Obtain a list of the categories of third parties to which the controller has disclosed the consumer’s data
- Opt out of the processing of personal data for purposes of any of the following:
- Targeted advertising
- The sale of personal data
- Profiling for automated decisions that produce legal or similarly significant effects concerning the consumer
The DPDPA includes the following business obligations:
- Limit the collection of personal data to what is adequate, relevant, and reasonably necessary
- Do not process personal data for purposes outside of the original intent, unless the controller obtains the consumer’s consent
- Must take reasonable steps to protect the confidentiality, integrity, and accessibility of personal data
- Gain consent before processing sensitive data
- Provide an effective mechanism for a consumer to revoke consent
- Do not discriminate against a consumer for exercising any of the consumer rights
- Provide consumers with a privacy notice
- Conduct data protection assessments for activities that present a heightened risk of harm to a consumer (Only applies for businesses with more the data of more than 100,000 consumers).
What Businesses Will Find on the Delaware Privacy Portal
When business owners and employees with privacy-related responsibilities visit the Delaware privacy portal, they will discover information about their obligations for protecting data privacy. On the site, visitors will find:
- What data is considered personal data vs. sensitive personal data
- What must be included in a privacy policy
- Data minimization requirements and best practices for meeting those obligations
- How businesses must respond to consumer requests
- What constitutes a controller vs. a processor and the requirements for each
The business section of the portal also contains a comprehensive Frequently Asked Questions section. Here you can find information about DPDPA exemptions, universal opt-out mechanisms, penalties, and more.
Consumer Information
Consumers can find information about their rights to:
- Limit the use of their sensitive data
- Opt out of the use of personal information
- Correct personal data that is wrong
- Be provided with a privacy policy
- Not be discriminated against for exercising their privacy rights
- Have their data deleted
Parental Rights
The Delaware privacy law requires businesses to follow all Children’s Online Privacy Protection Act (COPPA) regulations concerning children’s online privacy, including parental consent requirements. There is a section on the portal dedicated to helping parents understand their children’s privacy rights online, but as of August 2024, it is still being constructed. More information should be added soon .
If your business is struggling to understand its obligations under the GDPR, CCPA, or any state privacy law, CompliancePoint can help. Contact us at connect@compliancepoint.com to learn more about our privacy services.
Finding a credible expert with the appropriate background, expertise, and credentials can be difficult. CompliancePoint is here to help.