South Carolina Data Breach Notification

South Carolina SB 453 of 2008 requires that a person conducting business in this state, and owning or licensing computerized data or other data that includes personal identifying information, shall disclose a breach of the security of the system, following discovery or notification of the breach in the security of the data, to a resident of this State whose personal identifying information that was not rendered unusable through encryption, redaction, or other methods was, or is reasonably believed to have been, acquired by an unauthorized person when the illegal use of the information has occurred or is reasonably likely to occur, or use of the information creates a material risk of harm to the resident. The disclosure must be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subsection (C), or with measures

necessary to determine the scope of the breach and restore the reasonable integrity of the data system. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver’s license numbers. The rules for this policy are:

• South Carolina Data Breach Notification: Account and Password
• South Carolina Data Breach Notification: Name and CCN
• South Carolina Data Breach Notification: Name and Password (Wide)
• South Carolina Data Breach Notification: Name and Password (Default)
• South Carolina Data Breach Notification: Name and Password (Narrow)
• South Carolina Data Breach Notification: Name and SSN
• South Carolina Data Breach Notification: Password Dissemination for HTTP Traffic (Wide)
• South Carolina Data Breach Notification: Password Dissemination for HTTP Traffic (Default)
• South Carolina Data Breach Notification: Password Dissemination for HTTP Traffic (Narrow)