New Cybersecurity law in SC affects insurance companies and agents

Standard

The effective date is January 1, 2019

South Carolina’s legislature passed a cybersecurity bill on April 18, and Governor Henry McMaster signed it into law on May 3. The new law, which requires that insurers and producers (agents) must establish “strong and aggressive” programs to protect companies and consumers from data breaches, goes into effect at the beginning of next year. The law is called South Carolina Data Security Act, and it will be found at §38-99-10 et seq. of the South Carolina Code.

Insurers and agents must develop, implement and maintain a comprehensive written information security program based on internal risk assessments which contain administrative, technical and physical safeguards for the protection of nonpublic information.

New rules were created that include overseeing third party providers, investigating data breaches and notifying regulators, including the South Carolina Department of Insurance, of cybersecurity events.

security unlocked data breach

Notification is required to the DOI within 72 hours after determining a cybersecurity event has occurred. Each incident must also be investigated to determine the scope of the breach, the nonpublic information compromised, and the measures to restore the security of the information.

Safe guarding individual insurance policy holders’ personal information is a high priority in the wake of several major insurance companies’ data breaches. Insurers and agents are required to mitigate the potential damage caused by date breaches.

South Carolina was the first state to pass this measure based on the model law developed by the National Association of Insurance Commissioners Cybersecurity Working Group. South Carolina Insurance Director Raymond Farmer chaired the group.

How will this new law be applied to real estate lawyers who are also title insurance agents?  My guess is that the title insurance companies, which probably already have complying programs in place, will provide guidance to their agents between now and the end of the year. Stay tuned!

Advertisements

Department of Insurance files data security bill in SC legislature

Standard

Bill is similar to model data security law adopted by NAIC

If you are a SC title agent, this bill will likely affect you if it passes!

The National Association of Insurance Commissioners (NAIC) adopted the Insurance Data Security Model Law, intending to promote rigorous cyber risk management practices, in October. And the South Carolina Department of Insurance (SCDOI) has introduced a similar bill in the South Carolina legislature. The South Carolina version, the South Carolina Insurance Data Security Act, is now in committee, and can be read here.

The model law creates data security standards for insurers and agents. The rules would apply to the real estate lawyers in South Carolina who are also title insurance agents. The rules require overseeing third-party providers, investigating data breaches and notifying consumers and regulators of data breaches.

security unlocked data breach

Insurers and agents will be required to have a written information security program for protecting sensitive date. Incident response plans and data recovery plans will also be required. Compliance certifications to the DOI will be required annually.

One important exemption applies to licensees with ten or fewer employees. This exemption will benefit small South Carolina law firms. Cyber security insurance may become a hotter commodity in South Carolina if this law passes, but the law is not intended to create a private cause of action.

We will watch this legislation and keep everyone posted on how it proceeds through the legislative process in South Carolina.