South Carolina became the first state to have a cyber security law requiring insurers to establish a “strong and aggressive” program to protect companies and their consumers from a data breach, with Gov. Henry McMaster’s signing of legislation this week, according to the state insurance department.
“South Carolina is now the first in the nation to pass a comprehensive data security insurance law. This sets South Carolina apart and shows we are dedicated to keeping insurance information safe,” said South Carolina Insurance Director Raymond G. Farmer in the statement issued by the department.
The statement said Gov. McMaster signed the South Carolina Department of Insurance Data Security Bill into law Tuesday.
Mr. Farmer chaired the National Association of Insurance Commissioners’ Cybersecurity (EX) Working Group that drafted the law.
The department said the law creates rules for insurers, agents and other licensed entities covering data security, investigation and notification of breach, including maintaining an information security program based on ongoing risk assessment; overseeing third-party service providers; investigating data breaches and notifying regulators of a cyber security event.