State Data Breach Notification Letter

Delaware Data Breach Notification Letter Package

(Compliant with 6 Del. C. § 12B-102 et seq.)

1. ATTORNEY GENERAL NOTICE TEMPLATE

[ORGANIZATION LETTERHEAD]

Date: [INSERT MM/DD/YYYY]

Via Email and Certified Mail, Return Receipt Requested
Office of the Attorney General
Carvel State Building
820 N. French Street
Wilmington, DE 19801
Email: [email protected]

Re: Statutory Notice of Data Breach Affecting Delaware Residents (6 Del. C. § 12B-102(d))

Dear Attorney General [LAST NAME]:

Pursuant to 6 Del. C. § 12B-102(d), [COMPANY LEGAL NAME], a [STATE] [ENTITY TYPE] with its principal place of business at [ADDRESS] (“Company”), hereby provides notice of a breach of security involving the personal information of Delaware residents.

1. Incident Overview

1.1 Date(s) of Breach: [DATE RANGE OR “Unknown—under investigation”]
1.2 Date Breach Determined: [MM/DD/YYYY] (the “Determination Date”)
1.3 Nature of Incident: [BRIEF DESCRIPTION—e.g., “unauthorized access to an employee email account via phishing”].
1.4 System(s) Involved: [DESCRIPTION].
1.5 Number of Delaware Residents Affected: [ESTIMATE OR EXACT NUMBER] (current best estimate; investigation ongoing).

2. Categories of Personal Information Exposed (§ 12B-102(c)(2))

☐ Social Security number
☐ Driver’s license or State ID number
☐ Financial account / payment card data
☐ Medical or health‐insurance information
☐ Tax information
☐ Other: [DESCRIBE]

3. Remedial Measures Undertaken

a. Containment & Restoration. Company isolated affected systems within [HOURS/DAYS] of discovery and engaged third-party cybersecurity experts to eradicate malicious code, implement multi-factor authentication, and harden network defenses.
b. Law-Enforcement Coordination. Notice was provided to [AGENCY NAME] on [MM/DD/YYYY].
c. Consumer Protection. Consumers are being offered [IDENTITY THEFT PRODUCT] for a minimum of 12 months at no cost when SSNs were involved, consistent with § 12B-102(e).

4. Consumer Notification

Written notice to affected Delaware residents will be dispatched no later than sixty (60) calendar days from the Determination Date, barring any law-enforcement delay permitted under § 12B-102(b). A copy of the Consumer Notice is attached as Exhibit A.

5. Point of Contact

Please direct all inquiries regarding this matter to:

[NAME]
[ TITLE ]
[COMPANY LEGAL NAME]
[PHONE] | [EMAIL]

Company certifies that the information contained herein is accurate to the best of its knowledge as of the date of this letter and that all Delaware-specific statutory obligations are being met.

Sincerely,

__________________________________
[AUTHORIZED SIGNATORY NAME]
[Title], [COMPANY LEGAL NAME]

Encl.: Exhibit A – Form of Consumer Notice

2. CONSUMER NOTICE TEMPLATE

[ORGANIZATION LETTERHEAD]

Date: [MM/DD/YYYY]

Re: Important Notice of Data Breach

Dear [FIRST NAME] [LAST NAME]:

[COMPANY LEGAL NAME] (“Company”) values the privacy of your personal information. We are writing to inform you of a recent data security incident that may have involved some of your information. While we are not aware of any misuse, we want to explain what happened, the steps we have taken, and what you can do to protect yourself.

What Happened

On [DETERMINATION DATE], we confirmed that an unauthorized party [ACCESSED / ACQUIRED] certain Company systems between [DATE RANGE]. Upon discovery, we immediately secured our systems and launched an investigation with independent cybersecurity professionals.

What Information Was Involved (6 Del. C. § 12B-102(c)(2))

The following information relating to you may have been impacted:
• [CHECK ALL THAT APPLY: Social Security number, driver’s license/state ID number, financial account information, medical information, etc.]

What We Are Doing

• We contained and remediated the incident, strengthened security controls, and notified law enforcement.
• We have arranged for you to receive twelve (12) months of complimentary identity theft monitoring and fraud resolution services through [SERVICE PROVIDER].
• We are enhancing employee cybersecurity training and implementing additional safeguards.

What You Can Do

1. Enroll in Free Identity Protection
   Visit [ENROLLMENT URL] or call [PHONE] and use the activation code: [CODE] by [ENROLLMENT DEADLINE].

2. Remain Vigilant
   Review account statements and credit reports. Promptly report any suspicious activity to the relevant institution.

3. Obtain Free Credit Reports
   Under federal law, you can get a free credit report annually from each of the three nationwide credit reporting agencies at www.annualcreditreport.com or by calling 1-877-322-8228.

4. Place Fraud Alerts or Security Freezes
   Contact information for the credit reporting agencies is provided below.

For additional tips, visit the Federal Trade Commission’s identity theft website at www.identitytheft.gov or call 1-877-ID-THEFT (438-4338).

For More Information

If you have questions, please contact our dedicated response line at [TOLL-FREE NUMBER] between [HOURS] or email us at [EMAIL].

We regret any inconvenience or concern this incident may cause you. Protecting your information remains a top priority for Company.

Sincerely,

__________________________________
[AUTHORIZED SIGNATORY NAME]
[Title], [COMPANY LEGAL NAME]
[ADDRESS] | [PHONE] | [EMAIL]

3. DEFINITIONS (Key Statutory Terms)

“Breach of Security” has the meaning set forth in 6 Del. C. § 12B-101(1).
“Personal Information” means a Delaware resident’s first name or first initial and last name in combination with any one or more of the data elements listed in 6 Del. C. § 12B-101(4), when unencrypted or encrypted but with the key reasonably believed to have been acquired.

4. STRATEGIC GUIDANCE NOTES

© [CURRENT YEAR] [COMPANY LEGAL NAME]. All rights reserved.