SC | Governor Henry McMaster signed the South Carolina Department of Insurance Data Security Bill into law today. South Carolina will be the first in the nation to pass a cybersecurity bill that requires insurers to establish a strong and aggressive cybersecurity program to protect their companies and their consumers from a data breach. This law will be a model for other states to adopt as data security becomes an issue for every industry.
South Carolina Insurance Director Raymond G. Farmer chaired the National Association of Insurance Commissioners Cybersecurity (EX) Working Group that drafted this important and timely law. Director Farmer played an integral part in making sure South Carolinian’s cyber insurance information is now further protected with this law.
“South Carolina is now the first in the nation to pass a comprehensive data security insurance law,” said Director Farmer. “This sets South Carolina apart and shows we are dedicated to keeping insurance information safe. In this day where cybersecurity breaches are a real and ongoing threat it is best to take a proactive approach to protecting data before there is an issue, rather than trying to fix a breach once it has happened.”
The law creates rules for insurers, agents and other licensed entities covering data security, investigation and notification of breach. This includes maintaining an information security program based on ongoing risk assessment, overseeing third-party service providers, investigating data breaches and notifying regulators of a cybersecurity event. Other provisions that the new law provides include:
- Protects consumer information: Safe-guarding individual insurance policy holder’s personal information is a high priority in the wake of several major insurance companies’ data breaches.
- Establish data security standards: Requires insurance companies to mitigate the potential damage of a data breach. The law applies to insurers, insurance agents and other entities licensed by the SC Department of Insurance.
- Strong protection & quick reaction: Requires insurance companies to develop, to implement and to maintain a secure information security program, investigate any cybersecurity events and notify the SC Department of Insurance of such events immediately.
“In recent years, the demand for cyber insurance has increased significantly in response to sharply heightened risk awareness,” said Governor Henry McMaster. “As interest in cybersecurity grows, South Carolina is proud to be on the forefront of innovative laws to protect its citizens.”