AG Jennings launches portal to help businesses prepare for Personal Data Privacy Act enforcement

by Submitted News
On July 1st, the Delaware Department of Justice’s Consumer Protection Unit launched a new personal data privacy portal,, as a navigational tool for parents, consumers and businesses that handle Delawareans’ personal data to help prepare for the upcoming implementation of the Delaware Personal Data Privacy Act (DPDPA), which goes into effect in January 2025.  
The DPDPA establishes clear guidelines for businesses that handle personal data and will give Delawareans more control over how business can use their personal data starting in 2025.  The new law applies to businesses, including non-profits, with personal data of over 35,000 Delaware residents, although some exceptions apply. 
Under the new law, businesses must provide transparency over their personal data practices as well as seek Delawareans’ consent when they collect and use sensitive personal data such as race and ethnic origin, religious belief, sexual orientation, gender identity and health information.   
“Delawareans deserve to have their private data protected and to have a say in how it is shared. Thanks to the upcoming implementation of the Delaware Personal Data Privacy Act, we will be able to do just that,” said Attorney General Kathy Jennings. “I am confident Delaware businesses will take their new personal data privacy obligations seriously, and our Consumer Protection Unit is working hard to help them prepare as this new law approaches in 2025.”   
The site provides key information to help businesses prepare to fully comply with the law by January of 2025 and will continue to be updated with new materials and information. The DOJ strongly advises that businesses should begin preparing now to ensure that they are ready by the first day the new law becomes enforceable.   
Key features of the new law include the following new requirements for businesses: 
  • Transparency: Provide consumers with a reasonably accessible, clear and meaningful privacy policy detailing the personal data collected by the business and how its used. 
  • Data Minimization: Only collect personal information reasonably necessary for the goods or services they provide and maintain an inventory of the personal data they collect, and how it can be accessed. This includes information located with third party processors like cloud storage providers. 
  • Security: Employ reasonable data security measures proportionate to the nature and sensitivity of the personal data collected and stored to prevent unauthorized individuals from accessing the information. 
  • Accountability: Clearly identify contact means for those responsible for data privacy and security Must meet several requirements set out to ensure accountability. 
  • Documentation: Where information is stored or processed with another company like a cloud provider, a binding data processing agreement must be in place between both the data controller and data processor to ensure that personal data is not misused and protect the security and confidentiality of the personal data. 
Additionally, businesses must be prepared starting January 1, 2025, to address consumer requests about their new personal data rights. Those new rights will allow that:  
  • Businesses must obtain consent for the use and sharing of sensitive information collected about Delawareans. 
  • Consumers may opt-out of both the sale of their personal information and targeted advertising. 
  • When requested, businesses must provide consumers the personal data businesses have collected about them and permit corrections 
  • Personal data may not used to discriminate against a consumer.  
  • Consumers may require businesses to delete their personal data collected in some cases. 

Leave your comments

Post comment as a guest

terms and conditions.