M-F 8:00AM TO 5:30PM CST
Better coverage. Better price.

South Carolina Data Breach Laws: When You Can Be Fined

South Carolina's Financial Identity Fraud and Identity Theft Protection Act requires businesses to notify their customers about a data breach and inform consumer reporting agencies when the breach affects more than 1,000 SC residents. Businesses can be fined $1,000 per consumer affected by the breach. This law applies to all companies conducting business in South Carolina.

Name of Law / Statute

Financial Identity Fraud and Identity Theft Protection Act

Definition of Protected Information

Combination of (1) name or other identifying info, PLUS (2) one or more of these "data" elements: SSN; driver's license number; or account number, credit card number, debit card number if accompanied by PIN, password, or access codes.

Who Is Subject to Law?

Any person or business conducting business in the state who licenses or owns PI

Notification of Consumers?


By what means?

Written, phone, or electronic (depending on prior relationship); if >1,000 residents, must notify consumer reporting agencies

Substitute Notice Threshold?

If cost of notice >$250,000 or involves >500k residents

Notification of authorities / regulators required?

Yes, if >1,000 residents affected

By what means?


Regulatory Fines

$1,000/resident affected

Credit monitoring requirement?


Private lawsuits allowed?


Private damages cap?

Actual damages + costs, fees

Regulatory actions allowed?


HIPAA Compliance exemption?


Other  (e.g., timeframe)

Law does not apply if PI was encrypted or otherwise secured or modified to protect PI

Link to complete law

South Carolina data breach law

Read the full text of South Carolina’s data breach law.

70% of businesses raise prices or cut hiring when sued