This document summarizes the current state of privacy law and data security concerns. It notes that data breaches can result in identity theft, financial loss, reputational damage, and lawsuits. While there is no single federal privacy standard, states have enacted their own breach notification laws which differ in what constitutes private information and enforcement powers. Delaware has its own privacy laws but risks and liabilities are increasing, so companies need to assess risks, prioritize sensitive data, implement security policies, and get started addressing privacy and security issues.