On January 1, 2016, the Delaware Online Privacy Protection Act (DelOPPA), 6 Del. C. 1201C-06C, came into force. The Delaware law was modeled after two California laws, the California Online Privacy Protection Act (CalOPPA), Cal. Bus. & Prof. Code §§ 22575-79, and a portion of the Privacy Rights for California Minors in the Digital World, Cal. Bus. & Prof. Code §§ 22580-82. The Delaware law also contains a section to protect e-book users privacy.
Building on CalOPPA, DelOPPA expands the list of identified types of information that qualifies as PII. 6 Del. C. 1202C(18). And like CalOPPA, this is not an exclusive list of PII.
means any information about an individual that, individually or in combination with other information, can be used to distinguish or trace the identity of the individual, including the individual’s name (in whole or in part), signature, physical characteristics or description, residential, school, or other physical address, telephone number, online contact information, social security number, passport number, driver’s license number, state identification card number, alien registration number, insurance policy number, education history, employment history, bank account number, credit card number, debit card number, or any other financial information, geolocation data, DNA or other genetic material, medical information, or health insurance information, except that it does not include information that is publicly available that is lawfully made available to the general public from federal, state, or local government records.
Going forward, all Internet based services would be wise to ensure compliance with both CalOPPA and DelOPPA because these laws apply to any service, regardless of where they are based, that collects PII from a California or Delaware based user. In particular, all such service should pay attention to the types of PII identified by DelOPPA.