trending Market Intelligence /marketintelligence/en/news-insights/trending/xrqsb6wfy8rcm3lzelhjna2 content esgSubNav
In This List

South Carolina passes insurance cybersecurity law

Blog

The Big Picture 2022 Insurance Industry Outlook

Podcast

Next in Tech | Episode 37: Insurance impacts on technology and vice versa

Case Study

A Prestigious Global Business School Gains a Competitive Edge

Video

S&P Capital IQ Pro | Unrivaled Sector Coverage


South Carolina passes insurance cybersecurity law

South Carolina passed a bill requiring all insurance entities in the state to create a cybersecurity program to protect their businesses and customers from data breaches, becoming the first state to pass such a measure.

Under the South Carolina Department of Insurance Data Security Act, licensees, including insurers, agents, carriers and other licensed entities, must develop and maintain an information security program based on ongoing risk assessment, oversee third-party service providers, protect consumer information, establish data security standards and investigate data breaches. They must also notify regulators of a cybersecurity event within 72 hours if the event affects at least 250 people and has impact on South Carolina consumers.

Licensees are required to submit their program to the South Carolina Department of Insurance by July 1, 2019, and compel their third-party service providers to implement the security measures by July 1, 2020. Insurers domiciled in the state are required to submit a statement annually to the department certifying compliance with the requirements.

Companies with less than 10 employees and independent contractors are exempt from the measure.

The bill, which follows the National Association of Insurance Commissioner's Insurance Data Security Model Law, was signed May 3 by Gov. Henry McMaster and is set to take effect Jan. 1, 2019, the Insurance Journal reported.