South Carolina Business Law Blog

The  South Carolina Insurance Data Security Act  (“Act”), fashioned after the  NAIC Insurance Data Security Model Law  (Model Law), went into effect on January 1, 2019. South Carolina was the first state in the nation to pass this legislation, and others (Ohio, Mississippi), have followed suit. The Act requires that each South Carolina person licensed or authorized by the South Carolina Department of Insurance (DOI) a “Licensee” must implement, no later than July 1, 2019, a “comprehensive written information security program” (“Program”) designed to protect nonpublic information (NPI) and the security of the Licensee’s information system. In addition, the Act requires a Licensee to report to the Director of the DOI within 72 hours following an actual or potential “cybersecurity event.” S.C. Code Section 38-99-40(A) (Section 6(A) of the Model Act). While South Carolina Licensees (hopefully) are well down the path to meeting the Act’s requirements, the...

I heard the above on a Wired Storybook Podcast interview with Ryan Singel , who is returning as an editor of Wired's Threat Level blog.  One origin for that insight into the price of online services is found here . The knowledge that Facebook and Google and other companies gather and share information about individuals in exchange for their "free" services raises the question again of what kind of privacy we can expect or demand in the information age. In the United States there is no general constitutional right to privacy for personal information. The federal (and to a lesser extent, state) statutory frameworks designed to protect personal information are largely industry-based. For example, HIPAA covers protected health information, Gramm-Leach-Bliley protects consumer financial information, and the Fair Credit Reporting Act and FACTA protect personal credit information. The South Carolina General Assembly recently recognized the value of personal inform...