South Carolina Privacy Law Attorneys

South Carolina Privacy Law Overview

South Carolina has not enacted a comprehensive consumer privacy law. Privacy protections for South Carolina residents come primarily from the state's data-breach notification statute, its consumer-protection law, and the federal privacy framework. Businesses operating in South Carolina should focus on breach preparedness and on the federal sector rules — health, financial, education — that apply to them, while watching the comprehensive-privacy legislation spreading to neighboring states.

Sector-Specific Privacy Laws in South Carolina

South Carolina Consumer Protection Act

South Carolina's consumer-protection statute prohibits unfair and deceptive trade practices, which the Attorney General can use against businesses that misrepresent how they collect, use, or secure personal information.

South Carolina Insurance Data Security Act

South Carolina was the first state to adopt the NAIC Insurance Data Security Model Law, requiring licensed insurers to maintain an information security program and report cybersecurity events to the Department of Insurance.

Data Breach Notification in South Carolina

South Carolina's data-breach notification law requires businesses to notify affected residents when unencrypted personal information is acquired by an unauthorized person.

• Deadline to notify residents: Without unreasonable delay following discovery
• Attorney General notice: Notify the South Carolina Department of Consumer Affairs for larger breaches
• Covered data: Name combined with sensitive identifiers (SSN, driver's license, financial-account or medical information, and more)

Pending Privacy Legislation

No comprehensive consumer-privacy law has been enacted in South Carolina as of June 2026.

Federal Privacy Laws That Apply in South Carolina

Even where South Carolina law is silent, residents and businesses are covered by federal privacy statutes:

• HIPAA — health information held by providers, plans and their vendors
• GLBA — privacy and safeguards rules for financial institutions
• FERPA — student education records
• FCRA — consumer reporting agencies and background screening
• COPPA — online collection of data from children under 13
• FTC Act §5 — unfair or deceptive privacy and data-security practices

Industry-Specific Privacy Requirements in South Carolina

Many South Carolina businesses face privacy obligations that flow from their industry rather than from a single state statute:

Healthcare

Providers, health plans and their vendors must comply with HIPAA and with any state medical-confidentiality rules when handling patient information in South Carolina.

Financial Services

Banks, credit unions, lenders and insurers are subject to the Gramm-Leach-Bliley Act privacy and safeguards rules in addition to South Carolina consumer-protection requirements.

Technology & Online Services

Companies serving users in other states may owe duties under California's CCPA/CPRA and other comprehensive laws even while South Carolina itself has none — making multi-state compliance the practical reality for most online businesses.

Retail

Retailers handling payment-card data must meet PCI DSS contractual standards and South Carolina's breach-notification law if customer information is exposed.

Where to File a Privacy Complaint in South Carolina

South Carolina residents who believe a business has mishandled their personal information can file a complaint with the South Carolina Attorney General, which enforces the state's consumer-protection and data-breach laws. Complaints involving federally regulated data — health, financial, credit or children's information — can also be directed to the Federal Trade Commission or the relevant federal regulator. An attorney can help you assess whether you have a claim and choose the best venue to pursue it.

South Carolina Privacy Law FAQ

How a South Carolina Privacy Attorney Can Help