Ask Reggi Your Question Now
Can you summarize 38 SCCL Chapter 99?
Insurance > INSURANCE DATA SECURITY ACT
Short Summary
The South Carolina Insurance Data Security Act establishes standards for data security and the investigation of and notification to the director of a cybersecurity event applicable to licensees. It does not create or imply a private cause of action for violations. The Act applies to licensees, including insurers and producers, subject to certain exemptions. Licensees must comply with notification requirements in the event of a cybersecurity event. The Act also governs the investigation of cybersecurity events, maintenance of records, and the development, implementation, and maintenance of a comprehensive written information security program. Compliance with other applicable laws and regulations is required. The Act grants the director the power and authority to examine and investigate licensees suspected of violating the provisions of the Act. The Act does not specify penalties for non-compliance or violation.
Whom does it apply to?
Licensees subject to the Act, including insurers and producers
What does it govern?
South Carolina Insurance Data Security Act
What are exemptions?
Exemptions include licensees with fewer than ten employees, licensees covered by the information security program of another licensee, and licensees subject to HIPAA with an established information security program
What are the Penalties?
Penalties are not specified in the document
Jurisdiction
South Carolina