Templates Legal Letters Correspondence State Data Breach Notification Letter
Delaware Legal Letters Correspondence
Blank Document PRO
From Template
Upload Document Word (.docx) & Markdown files
PRO
State Data Breach Notification Letter
Ready to Edit
State Data Breach Notification Letter - Free Editor

Delaware Data Breach Notification Letter Package

(Compliant with 6 Del. C. § 12B-102 et seq.)

[// GUIDANCE: This package contains two separate notice templates—one for the Delaware Attorney General (“AG Notice”) and one for affected Delaware residents (“Consumer Notice”). Each template is drafted to satisfy the timing, content, and formatting mandates of Delaware’s data-breach statute. Bracketed items must be customized before use.]

1. ATTORNEY GENERAL NOTICE TEMPLATE

[ORGANIZATION LETTERHEAD]

Date: [INSERT MM/DD/YYYY]

Via Email and Certified Mail, Return Receipt Requested
Office of the Attorney General
Carvel State Building
820 N. French Street
Wilmington, DE 19801
Email: [email protected]

Re: Statutory Notice of Data Breach Affecting Delaware Residents (6 Del. C. § 12B-102(d))

Dear Attorney General [LAST NAME]:

Pursuant to 6 Del. C. § 12B-102(d), [COMPANY LEGAL NAME], a [STATE] [ENTITY TYPE] with its principal place of business at [ADDRESS] (“Company”), hereby provides notice of a breach of security involving the personal information of Delaware residents.

1. Incident Overview

1.1 Date(s) of Breach: [DATE RANGE OR “Unknown—under investigation”]
1.2 Date Breach Determined: [MM/DD/YYYY] (the “Determination Date”)
1.3 Nature of Incident: [BRIEF DESCRIPTION—e.g., “unauthorized access to an employee email account via phishing”].
1.4 System(s) Involved: [DESCRIPTION].
1.5 Number of Delaware Residents Affected: [ESTIMATE OR EXACT NUMBER] (current best estimate; investigation ongoing).

2. Categories of Personal Information Exposed (§ 12B-102(c)(2))

☐ Social Security number
☐ Driver’s license or State ID number
☐ Financial account / payment card data
☐ Medical or health‐insurance information
☐ Tax information
☐ Other: [DESCRIBE]

3. Remedial Measures Undertaken

a. Containment & Restoration. Company isolated affected systems within [HOURS/DAYS] of discovery and engaged third-party cybersecurity experts to eradicate malicious code, implement multi-factor authentication, and harden network defenses.
b. Law-Enforcement Coordination. Notice was provided to [AGENCY NAME] on [MM/DD/YYYY].
c. Consumer Protection. Consumers are being offered [IDENTITY THEFT PRODUCT] for a minimum of 12 months at no cost when SSNs were involved, consistent with § 12B-102(e).

4. Consumer Notification

Written notice to affected Delaware residents will be dispatched no later than sixty (60) calendar days from the Determination Date, barring any law-enforcement delay permitted under § 12B-102(b). A copy of the Consumer Notice is attached as Exhibit A.

5. Point of Contact

Please direct all inquiries regarding this matter to:

[NAME]
[ TITLE ]
[COMPANY LEGAL NAME]
[PHONE] | [EMAIL]

Company certifies that the information contained herein is accurate to the best of its knowledge as of the date of this letter and that all Delaware-specific statutory obligations are being met.

Sincerely,

[AUTHORIZED SIGNATORY NAME]
[Title], [COMPANY LEGAL NAME]

Encl.: Exhibit A – Form of Consumer Notice

2. CONSUMER NOTICE TEMPLATE

[ORGANIZATION LETTERHEAD]

Date: [MM/DD/YYYY]

Re: Important Notice of Data Breach

Dear [FIRST NAME] [LAST NAME]:

[COMPANY LEGAL NAME] (“Company”) values the privacy of your personal information. We are writing to inform you of a recent data security incident that may have involved some of your information. While we are not aware of any misuse, we want to explain what happened, the steps we have taken, and what you can do to protect yourself.

What Happened

On [DETERMINATION DATE], we confirmed that an unauthorized party [ACCESSED / ACQUIRED] certain Company systems between [DATE RANGE]. Upon discovery, we immediately secured our systems and launched an investigation with independent cybersecurity professionals.

What Information Was Involved (6 Del. C. § 12B-102(c)(2))

The following information relating to you may have been impacted:
• [CHECK ALL THAT APPLY: Social Security number, driver’s license/state ID number, financial account information, medical information, etc.]

What We Are Doing

• We contained and remediated the incident, strengthened security controls, and notified law enforcement.
• We have arranged for you to receive twelve (12) months of complimentary identity theft monitoring and fraud resolution services through [SERVICE PROVIDER].
• We are enhancing employee cybersecurity training and implementing additional safeguards.

What You Can Do

  1. Enroll in Free Identity Protection
    Visit [ENROLLMENT URL] or call [PHONE] and use the activation code: [CODE] by [ENROLLMENT DEADLINE].

  2. Remain Vigilant
    Review account statements and credit reports. Promptly report any suspicious activity to the relevant institution.

  3. Obtain Free Credit Reports
    Under federal law, you can get a free credit report annually from each of the three nationwide credit reporting agencies at www.annualcreditreport.com or by calling 1-877-322-8228.

  4. Place Fraud Alerts or Security Freezes
    Contact information for the credit reporting agencies is provided below.

Credit Bureau Phone Online
Equifax 1-800-525-6285 www.equifax.com
Experian 1-888-397-3742 www.experian.com
TransUnion 1-800-680-7289 www.transunion.com

For additional tips, visit the Federal Trade Commission’s identity theft website at www.identitytheft.gov or call 1-877-ID-THEFT (438-4338).

For More Information

If you have questions, please contact our dedicated response line at [TOLL-FREE NUMBER] between [HOURS] or email us at [EMAIL].

We regret any inconvenience or concern this incident may cause you. Protecting your information remains a top priority for Company.

Sincerely,

[AUTHORIZED SIGNATORY NAME]
[Title], [COMPANY LEGAL NAME]
[ADDRESS] | [PHONE] | [EMAIL]

3. DEFINITIONS (Key Statutory Terms)

“Breach of Security” has the meaning set forth in 6 Del. C. § 12B-101(1).
“Personal Information” means a Delaware resident’s first name or first initial and last name in combination with any one or more of the data elements listed in 6 Del. C. § 12B-101(4), when unencrypted or encrypted but with the key reasonably believed to have been acquired.

4. STRATEGIC GUIDANCE NOTES

[// GUIDANCE: 1. Timing – The statute requires consumer notice “as soon as practicable, but no later than 60 days” after determination, unless law enforcement requests delay. 2. AG Threshold – Notify the Delaware AG whenever the breach affects more than 500 Delaware residents. 3. Identity Theft Services – Mandatory when a Social Security number is involved; offer at least 12 months, free of charge. 4. Recordkeeping – Maintain written records of the breach and notification process for 5 years. 5. HIPAA Entities – If subject to HIPAA, a single notice satisfying both HIPAA and state law may be used, provided all Delaware content requirements are met.]

© [CURRENT YEAR] [COMPANY LEGAL NAME]. All rights reserved.

AI Legal Assistant

Welcome to State Data Breach Notification Letter

You're viewing a professional legal template that you can edit directly in your browser.

What's included:

  • Professional legal document formatting
  • Delaware jurisdiction-specific content
  • Editable text with legal guidance
  • Free DOCX download

Upgrade to AI Editor for:

  • 🤖 Real-time AI legal assistance
  • 🔍 Intelligent document review
  • ⏰ Unlimited editing time
  • 📄 PDF exports
  • 💾 Auto-save & cloud sync