The effective date is January 1, 2019
South Carolina’s legislature passed a cybersecurity bill on April 18, and Governor Henry McMaster signed it into law on May 3. The new law, which requires that insurers and producers (agents) must establish “strong and aggressive” programs to protect companies and consumers from data breaches, goes into effect at the beginning of next year. The law is called South Carolina Data Security Act, and it will be found at §38-99-10 et seq. of the South Carolina Code.
Insurers and agents must develop, implement and maintain a comprehensive written information security program based on internal risk assessments which contain administrative, technical and physical safeguards for the protection of nonpublic information.
New rules were created that include overseeing third party providers, investigating data breaches and notifying regulators, including the South Carolina Department of Insurance, of cybersecurity events.
Notification is required to the DOI within 72 hours after determining a cybersecurity event has occurred. Each incident must also be investigated to determine the scope of the breach, the nonpublic information compromised, and the measures to restore the security of the information.
Safe guarding individual insurance policy holders’ personal information is a high priority in the wake of several major insurance companies’ data breaches. Insurers and agents are required to mitigate the potential damage caused by date breaches.
South Carolina was the first state to pass this measure based on the model law developed by the National Association of Insurance Commissioners Cybersecurity Working Group. South Carolina Insurance Director Raymond Farmer chaired the group.
How will this new law be applied to real estate lawyers who are also title insurance agents? My guess is that the title insurance companies, which probably already have complying programs in place, will provide guidance to their agents between now and the end of the year. Stay tuned!