May 25, 2020

May 22, 2020

Subscribe to Latest Legal News and Analysis

US Breach Laws Are Coming: South Carolina

In another change to US state breach notice laws in 2019, South Carolina will have new breach notice requirements for insurance companies. The requirements follow the National Association of Insurance Commissioners’ Insurance Data Security Model Law. South Carolina was the first to adopt the model text into law, and it is this law that is going into effect on January 1, 2019.  South Carolina joins others states, including Connecticut and New York, to have breach notice requirements for insurance companies. The law will be a supplement to the requirements that financial companies, including insurance companies, already face under Gramm-Leach-Bliley Act. 

Companies must promptly investigate potential breaches under this new law. If a breach has occurred, they will often also have to notify the Director of Insurance within 72 hours. This notification must happen either if the company is regulated by the director or if the information of 250 South Carolina residents is affected.  The same obligations apply when a vendor is impacted.

The law also speaks to steps that must happen before a breach occurs. Not only do insurance companies need to have an incident response plan, they must also have a comprehensive information security program in place by July 1st, 2019.  The program must include risk assessments and be appropriate both to the company’s size and to the scope of its data assets. Companies will also be required to vet third-party vendors and make sure they have appropriate cybersecurity controls.  Additionally, the law requires that senior leadership, including the Board, be involved in this program.

Putting it Into Practice: Insurance companies should keep this new law in mind, in particular the notification requirement for when 250 or more residents have been impacted. Also noteworthy are the pre-breach steps, including an incident response plan and information security program. This is the second in our series of upcoming breach notice obligations going into effect January 1, 2019. Click here for the first article.

Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.


About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...

Shanna Pearce, Sheppard Mullin, San Diego, litigation, class action, intellectual property, IP, copyrights, false advertising, commercial litigation, lanham act, unfair competition

Ms. Pearce represents businesses in the areas of intellectual property and commercial litigation, from trademark and copyright matters to consumer class actions. She has represented Fortune 500 companies in complex actions involving allegations of copyright violation, breach of contract, fraud, and unfair business practices. She has also defended retailers and financial institutions in class actions alleging violations of statute and federal laws relating to false advertising, unfair competition, pricing practices, and lending disclosures. Ms. Pearce’s litigation experience ranges from pre-suit strategy and advice to post-trial proceedings, with a special focus on appellate issues. She also has significant experience in private domestic and international arbitrations.

Ms. Pearce co-chairs the Bench-Bar Committee of Lawyers Club of San Diego, and is an active member of both the San Diego County Bar Association Appellate Section and the San Diego Appellate Inn of Court. She is a member of Sheppard Mullin’s own Pro Bono Committee and coordinates pro bono training and case placement in the Del Mar office. Ms. Pearce’s pro bono practice focuses on asylum and other immigration matters for victims of persecution, torture, and domestic violence.