Law: Please note this State does not have a general privacy law in effect, you can visit USA State Law Tracker to monitor the progress of US State bills.

Regulator: The South Carolina Consumer Protection Division of the Department of Consumer Affairs ('SCDCA')

Summary: Comprehensive privacy legislation, House Bill 4696, which has been introduced to the South Carolina House of Representatives, would provide for data subject rights, the obligations of data controllers and data processors, and the exclusive enforcement of its provisions by the South Carolina Attorney General (AG).

Bills relating to minors' personal data have also been introduced to the South Carolina legislature, including House Bill 4541 for the Child Data Privacy and Protection Act and House Bill 4842 for the South Carolina Age-Appropriate Design Code Act.

Notably, South Carolina recognizes all four torts of invasion of privacy (Gignilliat v. Gignilliat, Savitz & Bettis L.P., 684 S.E.2d 756 (S.C. 2009)). Furthermore, South Carolina has its own data breach requirements under §39-1-90 of Chapter 1 of Title 39 of the South Carolina Code of Laws, which is enforced by the South Carolina Department of Consumer Affairs (SCDCA). In particular, a breach needs to be notified to the SCDCA only when a business provides notice to more than 1,000 persons at one time.

Other privacy-related legislation includes the South Carolina Insurance Data Security Act under §38-99-10 et seq. of Chapter 99 of Title 38 of the South Carolina Code, which requires insurers, agents, and other licensed entities doing business in South Carolina to establish a comprehensive written information security program as well as conduct risk assessments, provide training to staff, and exercise due diligence in selecting third-party service providers.

You can follow legislative developments in the US through the USA State Law Tracker.