In signing Delaware House Bill 295 into law on July 1, Delaware became the latest in a series of states to address the safe destruction of documents that contain consumers’ personal identifying information. Under the law, a commercial entity—i.e., a corporation, business trust, estate, trust, partnership, limited partnership, limited liability partnership, limited liability company, association, organization, joint venture, or other legal entity, whether or not for profit—must take reasonable steps to destroy or arrange for the destruction of personal identifying information in its custody and control that the commercial entity will no longer retain. This consumer information must be shredded, erased, or otherwise destroyed or modified so that the information is entirely unreadable or indecipherable.

The bill goes into effect on January 1, 2015, and consumers who incur actual damages because a commercial entity recklessly or intentionally violated the law may bring a civil action against the entity. The Delaware Attorney General may also file suit or bring an administrative enforcement proceeding against the violating business if it is in the public interest.