Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can you summarize SCCL 39-1-90?

GENERAL PROVISIONS > Business data, breach of security; notifications, definitions, penalties, and exceptions.

Short Summary

This section of the South Carolina Code of Laws applies to persons conducting business in South Carolina who own or license computerized data or other data containing personal identifying information. It requires the disclosure of a breach of security of the data to affected residents in a timely manner. The notification may be delayed if it impedes a criminal investigation, but must be made once the investigation is no longer compromised. The definition of ‘breach of the security of the system’ is provided, along with the definition of ‘personal identifying information’. The section outlines the methods of providing notice and allows businesses with their own notification procedures to be considered in compliance. It also grants residents the right to take legal action for violations and specifies penalties for knowing and willful violations. Certain exemptions apply to banks or financial institutions subject to federal privacy and security provisions. Financial institutions complying with specific federal guidance are also considered in compliance with this section. Businesses notifying more than one thousand persons must inform the Consumer Protection Division and consumer reporting agencies. The amendment in 2013 revised the definition of ‘personal identifying information’.

Whom does it apply to?

Persons conducting business in South Carolina and owning or licensing computerized data or other data that includes personal identifying information

What does it govern?

Breach of security of computerized data containing personal identifying information

What are exemptions?

Banks or financial institutions subject to and in compliance with the privacy and security provision of the Gramm-Leach-Bliley Act, financial institutions subject to and in compliance with the federal Interagency Guidance Response Programs for Unauthorized Access to Consumer Information and Customer Notice

What are the Penalties?

Administrative fine of $1,000 per resident whose information was accessible by reason of the breach

Jurisdiction

South Carolina

Source
SCCL 39-1-90 [https://reggi.cloud.regology.com/regulations/US-SCCL/US-SCCL_T_39_C_1_S_90]