South Carolina
Privacy Laws
Overview
BREACH NOTIFICATION – Mandated Timeframe
Without unreasonable delay
FINES & PENALTIES – Violations
Civil action & $1,000+ per resident
Regulation Levels
-
Breach Reporting
-
Consumer Notification
-
Vendor Management
-
Vendor Contract Required
PRIVACY AND SECURITY LAWS
Laws related to personal information and privacy and security.
Breach Reporting
Required
Vendor Obligations
Required
Consumer Notification
Required
Vendor Contracts
Required
Vendor Notification
Required
Privacy Program
Required
QUICK FACTS
South Carolina Privacy Law Information
Disposal Vendors must be contracted. Organizations are considered to be compliant with disposal requirements when contracting with a Vendor for the disposal of personal information. Organizations and Vendors must have measures in place for the destruction of personal information so the records are unreadable or undecipherable.
Breach reporting to the Consumer Protection Division of the Department of Consumer Affairs and all consumer reporting agencies that compile and maintain files on a nationwide basis is required in the event a business provides notice to more than 1,000 persons, without unreasonable delay.
If a breach affects residents of other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.
Vendors must notify Organizations immediately after discovery of a breach or suspected breach. The Organization will be responsible to complete any required regulatory reporting and consumer notification.
South Carolina passed the Insurance Data Security Law, which includes requirements for insurance licensees to protect personal information and investigate and respond to data breaches. Effective January 1, 2019 licensees must comply with the breach notification requirements, including Commissioner notification within 72-hours.
Willful violations involving breach notification are subject to an administrative fine in the amount of $1,000 for each resident whose information was accessible by reason of the breach, the amount to be decided by the Department of Consumer Affairs. A civil action may also be brought by a resident to recover actual damages resulting from a negligent violation, injunctive relief to enforce compliance, and recovery of attorney’s fees and costs. Violations involving the protection of social security numbers and data disposal laws can carry a penalty of liability for three times the amount of actual damages or not more than $1,000 for each incident, whichever is greater, as well as reasonable attorney’s fees and costs.
South Carolina Statutes and Laws
Consumer identity theft protection
South Caroline Insurance Data Security Act
Breach of security of business data; notification; definitions; penalties; exception as to certain bank and financial institutions; notice to consumer protection division
Physicians’ patient records act
South Carolina department of education data use and governance policy
DISCLAIMER
The information provided is not legal guidance or recommendations and are for informational purposes only.