South Carolina Business Law Blog

The  South Carolina Insurance Data Security Act  (“Act”), fashioned after the  NAIC Insurance Data Security Model Law  (Model Law), went into effect on January 1, 2019. South Carolina was the first state in the nation to pass this legislation, and others (Ohio, Mississippi), have followed suit. The Act requires that each South Carolina person licensed or authorized by the South Carolina Department of Insurance (DOI) a “Licensee” must implement, no later than July 1, 2019, a “comprehensive written information security program” (“Program”) designed to protect nonpublic information (NPI) and the security of the Licensee’s information system. In addition, the Act requires a Licensee to report to the Director of the DOI within 72 hours following an actual or potential “cybersecurity event.” S.C. Code Section 38-99-40(A) (Section 6(A) of the Model Act). While South Carolina Licensees (hopefully) are well down the path to meeting the Act’s requirements, the following may be u

 It is Spring again, and the national pastime is in full swing. This year Spring also brought knowledge of the Heartbleed Bug – another threat to the security of information stored and transmitted online.  And just as baseball is a fixture of the American landscape, so too unfortunately are data breaches and other information security threats. As of April 29 , 2014 , the Identify Theft Resource Center (ITRC) has identified 260 breaches (affecting over 8 million records) that have taken place in 2014 alone. Likewise, the ITRC recorded 614 breaches in 2013, a 30% increase over the 470 breaches it reported in 2012.  Each new major data breach (think Target) is reminiscent of those that have come before it (Citibank, Sony, Heartland, Countrywide, etc.).  MLB Hall of Fame catcher Yogi Berra, during his more than 50 years as a Major League player, manager and coach, offered (unwittingly or otherwise) baseball and its reading and listening public a great deal of wit