The nation’s second smallest state last week joined some of the country’s largest by significantly increasing the requirements on businesses in the case of a cybersecurity breach. Delaware Governor John Carney signed House bill 180 into law last week extending cybersecurity protections. The new law, which takes effect next April, requires businesses that have experienced a data breach to notify the affected residents within 60 days of the breach (current law only specifies a “reasonable time”) and advise the state Attorney General in cases where 500 or more individuals are affected. Further, the amendments expand the definition of “personal information” as it relates to cybersecurity breaches and in certain circumstances (when social security information is involved), require the business to provide one year’s worth of identity theft protection and/or mitigation services at no charge to consumers whose information has been jeopardized.