The State of South Carolina government has the ongoing responsibility to balance citizens’ privacy rights with the provision of State services. The following privacy principles1, which may not be applicable in every situation, guide the manner in which we collect, use, disclose and retain our citizens’ personal information.
Notice and Transparency
- Inform the individual about what personal information is being collected and how it will be used and shared. This is sometimes referred to as ‘providing notice’.
Use and Disclosure Limitation
- Use and disclose an individual’s information only in the manner described in the notice. Uses and disclosures outside of the notice require explicit consent from the individual, except for certain instances such as law enforcement requests.
Individual Participation, Access, and Redress
- Provide individuals with a reasonable opportunity to consent to the collection, use or disclosure of personal information. Provide individuals with procedures on how to access information being held about them, how to correct or update that information, and whom to contact with further questions.
Data Minimization and Retention
- Collect only the information needed to perform the official business of the State of South Carolina. Retain information collected for a specific business purpose only as long as necessary to fulfill the purpose, or as required by a records retention policy or other agency policy, law, or regulation.
Data Quality and Integrity
- Establish policies and procedures to ensure to the greatest extent practicable that data is accurate, complete and up to date.
- Establish the appropriate management and operational administrative, technical, and physical safeguards to preserve the privacy, confidentiality, integrity, and accessibility of personal information. These safeguards should align with the level of protection afforded to data categories assigned using the State of South Carolina Data Classification Schema.
Accountability and Auditing
- Establish policies and procedures that assign information protection roles and responsibilities, both internally and with organizations outside your agency. Develop systems for evaluating compliance, identifying areas for improvement, and measuring effectiveness.
- Organisation for Economic Co-operation and Development (OECD) Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980) http://www.oecd.org/internet/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm
- Privacy Act of 1974, 5 U.S.C. § 552a, as amended
- U.S. Department of Health, Education and Welfare report, “Records, Computers and the Rights of Citizens” (1973)