South Carolina
| Section 31-1-90 | |
|---|---|
| CITATION | S.C. Code § 39-1-90 |
| ENACTED | 2009 |
| SUMMARY | The law applies to a breach of the security of business data which means unauthorized access to and acquisition of computerized data that was not rendered unusable through encryption, redaction or other methods that comprises the security, confidentiality or integrity of personal identifying information maintained by the person, when illegal use of the information has occurred or is reasonably likely to occur or use of the information creates a material risk of harm to a resident. |
| DATA COVERED |
The law covers ‘Personal Identifying Information’ means the first name or first initial and last name in combination with and linked to any one or more of the following data elements that related to a resident of this State, when the data elements are neither encrypted nor redacted:
|
| INDUSTRY | Any person that conducts business in South Carolina and owns or licenses computerized data or other data that includes personal information or maintains such data. |
| PENALTIES | The law allows individuals injured persons to institute a civil action to recover damages in case of a willful and knowing; institute a civil action that must be limited to actual damages resulting from a violation in case of a negligent violation; seek an injunction to enforce compliance; and recover attorney’s fees and court costs. The law also provides that a person who knowingly and willfully violates the law is subject to an administrative fine and the amount of one thousand dollars ($1,000) for each resident whose information was accessible by reason of the breach, the amount to be decided by the Department of Consumer Affairs. |
