Can I use third-party project management tools that collect personal information in South Carolina? What are the requirements?

Requirements for using third-party project management tools that collect personal information in South Carolina

If you are using third-party project management tools that collect personal information in South Carolina, you must comply with the South Carolina Insurance Data Security Act ^[1.2].

Under the Act, each licensee must develop, implement, and maintain a comprehensive written information security program based on the licensee’s risk assessment and that contains administrative, technical, and physical safeguards for the protection of nonpublic information and the licensee’s information system ^[1.2].

The licensee must also exercise due diligence in selecting its third-party service provider and require a third-party service provider to implement appropriate administrative, technical, and physical measures to protect and secure the information systems and nonpublic information that are accessible to, or held by, the third-party service provider ^[1.2].

Therefore, if you are using third-party project management tools that collect personal information in South Carolina, you must ensure that the tools and the third-party service provider comply with the requirements of the South Carolina Insurance Data Security Act.

Other Relevant Laws

There are other laws in South Carolina that regulate the collection, maintenance, and disposition of records containing personal information. For example, the Collection of and maintenance and disposition of records containing social security numbers by public agencies ^[3.1] prohibits public bodies from collecting, using, or communicating social security numbers or other personal identifying information, except as authorized by law or as necessary for the performance of the body’s duties and responsibilities. The law also requires public bodies to remove personal and confidential information from information technology hardware or storage media before transferring or disposing of them ^[3.1].

Conclusion

To use third-party project management tools that collect personal information in South Carolina, you must comply with the South Carolina Insurance Data Security Act and other relevant laws. You must ensure that the tools and the third-party service provider comply with the requirements of these laws.

Source(s):

• [1.2] Information security program; compliance.
• [3.1] Collection of and maintenance and disposition of records containing social security numbers by public agencies.

Jurisdiction

South Carolina

• Privacy