Local Government and Privacy Protections in South Carolina

S.C. Code Ann. § 30-2-40 is an online website privacy law that was enacted in the U.S. state of South Carolina in 2008. As the U.S. federal government has yet to pass a comprehensive data privacy laws, privacy legislation throughout the country is largely limited to state legislations that govern the collection, processing, and disclosure of personal information within the various jurisdictions that make up a particular state. With this being said, S.C. Code Ann. § 30-2-40 mandates that agencies, institutions, institutions, departments, and other organizations and entities within the state implement and maintain privacy policies that can be used to ensure that the personal information of the state’s residents remains confidential and secure at all times.

How does the law define personal information?

Under S.C. Code Ann. § 30-2-40, personal information is defined as “information that identifies or describes an individual including, but not limited to, an individual’s photograph or digitized image, social security number, date of birth, driver’s identification number, name, home address, home telephone number, medical or disability information, education level, financial status, bank account numbers, account or identification number issued by or used, or both, by any federal or state governmental agency or private financial institution, employment history, height, weight, race, other physical details, signature, biometric identifiers, and any credit records or reports.”

What are the responsibilities of organizations under the law?

S.C. Code Ann. § 30-2-40 mandates that organizations, businesses, and agencies that serve residents within the state create privacy procedures and policies that can serve to protect the personal information of said residents. To this point, the data privacy policy requirements that were set forth in the law include:

• State organizations, departments, institutions, and other related entities are responsible for creating and maintaining a publicly accessible privacy policy that outlines the manner in which the personal information of citizens within the state of South Carolina will be used, maintained, and disclosed.
• When collecting personal information from South Carolina residents, entities are responsible for providing said residents with details concerning how such information will be used.
• Private people and entities are forbidden from obtaining or using personal information from a state-based institution, organization, business, or other related entity. Furthermore, entities within South Carolina are also required to take the necessary steps and measures needed to ensure that the personal information of citizens within the state is never used for commercial purposes.
• All public records requests that state-based agencies within South Carolina comply with must be in accordance with the provisions of the law.
• Criminal justice and judicial agencies are exempt from the provisions of the law.

Social security number regulations

In addition to mandating that state-based organizations and institutions develop a privacy policy that can be used to govern the access and dissemination of personal information, S.C. Code Ann. § 30-2-40 also regulates the collection of the social security numbers of residents within the state. To this end, the social security regulations that were established in the law include but are not limited to:

• State and local government entities that collect social security numbers from residents within South Carolina must minimize the instances in which this information is disclosed, be it internally or to the general public.
• Public bodies and state organizations are prohibited from intentionally printing or embedding a South Carolina resident’s social security number on any card that is required to access or utilize government services.
• Public bodies and state organizations a prohibited from requiring South Carolina residents to transmit or send their social security numbers over the internet, unless the connection that is being used is secure or the data has been redacted or encrypted.
• Public bodies and state organizations are prohibited from printing a South Carolina resident’s social security number on any documentation or correspondence that will be sent to them via the mail.
  When collecting social security numbers from south South Carolina residents, public bodies and state organizations must provide said residents with details concerning how such information will be used, managed, and disclosed.

What are the penalties for violating the law?

As it pertains to the penalties that can be imposed against organizations that fail to comply with the law, S.C. Code Ann. § 30-2-40 is enforced by the South Carolina state attorney general. Subsequently, the South Carolina state attorney general has the authority to punish organizations within the state that are found to be in violation of the law. Most notably, the law provides South Carolina residents with the right to seek monetary damages against state organizations and institutions that fail to handle their social security numbers in a manner that ensures that such information remains confidential and protected.

As privacy concerns only continue to grow with each passing year, legislation that can protect American citizens from invasions of privacy are of the utmost importance moving forward. Within the state of South Carolina, S.C. Code Ann. § 30-2-40 serves to protect citizens of the state from the unauthorized disclosure of their personal information, particularly as it relates to social security numbers that state-based and government organizations collect in order to provide said citizens with a wide range of services. Through the provisions of the law, residents within South Carolina can have the peace of mind that they will have the legal means to protect themselves should their personal data become compromised.