Data Privacy Regulations

Terms of Use

This summary of regulations is provided for information purposes only.
No action based on this summary alone should be undertaken.
Each individual or entity must obtain appropriate guidance for its specific circumstances.

SOUTH CAROLINA DATA PRIVACY REGULATIONS

Did You Know?

 
  • Limited methods of notification delivery;
  • Data owners are responsible for breach reporting and notifications;
  • Notification to consumer reporting agencies may be required;
  • SC has data protection, retention, and disposal laws;
  • Other state laws, federal laws, industry regulations, and/or out-of-country laws may apply.

Who Me?

 

South Carolina breach and notification laws may apply if you are a person conducting business in SC and:

  • Own or license computerized data or other data that includes PII;
  • Maintain computerized data or other data that includes PII that you do not own.

 There are exemptions.

What is PII?

 

PII relevant to a breach in SC include a person's name plus one of the following:

  • Social Security Number;
  • Driver license or state identification number;
  • Account number or credit  or debit card number in combination any security code, access code or password, etc. permitting access to the person's account;
  • Other info that can be used to access a person’s financial account or will uniquely identify them.

LAWS

APPLICABLE LAW

South Carolina Code of Law / Title 39 Trade and Commerce / Chapter 1 General Provisions / Section 39-1-90 Breach of security of business data; notification; definitions; penalties; exception as to certain banks and financial institutions; notice to Consumer Protection Division

RELATED LAWS

  • SC has data protection, retention, and disposal laws;
  • Title 37 - Consumer Protection Code / Chapter 20 - Consumer Identity Theft Protection;
  • Title 30 - Public Records / Chapter 2 - Family and Personal Identifying Information Privacy Protection;
  • Title 44 – Health / Chapter 115 - Physicians' Patient Records Act;
  • SC Code Sec. 41-15-100, Sec. 42-13-110.

PENALTIES

COMPLIANCE PENALTIES

RESIDENTS HAVE THE RIGHT TO INSTITUTE CIVIL ACTION

South Carolina law grants residents the right to institute civil action, seek injunctions, etc.

The Department of Consumer Affairs may subject a person that has willfully violated the law with a fine of $1,000 or more per resident.

BREACH REPORTING

MULTIPLE FACTORS TO CONSIDER

When considering reporting requirements, it would include, but not be limited to:

  • The combination of personal information breached;
  • If the data was computerized;
  • If the data was encrypted or redacted;
  • Whether the information may be used illegally or cause a material risk of harm.

TIME LIMITS

Notification may be delayed if law enforcement advises the person it will interfere with an investigation, otherwise, the notification must be made in the most expedient manner possible and without unreasonable delay.

CONSUMER NOTIFICATION

Requires detailed information and potential provision of services

Notification may be required to the Consumer Protection Division of the Department of Consumer Affairs and all consumer reporting agencies. There are specific instructions on what should be included.

Disclosure may only be made by written notice, telephone or electronically, with stipulations. A substitute notice, with specific requirements, may be sent if the cost of the notice exceeds $250,000 or the persons to be notified exceeds 500,000 or they do not have sufficient contact information.

Contact the Privacy Experts at CSR