Skip to main content

Home

Top Nav

  • Agency Listing
  • Online Services

Enterprise Privacy Office FAQs

  1. Home
  2. Services
  3. Technology Services
  4. Information Security and Privacy
  5. Enterprise Privacy Office FAQs

Main navigation

  • I am a...
    • Business
      • Bid on Surplus Property
      • Check Flag Status
      • Find Commercial Vendor Repair Program (CVRP) Information
      • Find Property Easement Information
      • Learn about Federal Surplus Property
      • Learn about Surplus Donee Program
      • Reserve State House Grounds
      • Search State Salary Information
      • Submit a FOIA Request
      • Surplus Real Estate For Sale
    • Citizen
      • Access Citizen Assistance Programs
      • Bid on Surplus Property
      • Check Flag Status
      • Find Property Easement Information
      • Report Vehicle Misuse
      • Reserve State House Grounds
      • Search State Salary Information
      • Submit a FOIA Request
      • Surplus Real Estate For Sale
      • View State Career Opportunities
    • State Agency
      • Acquire or Dispose a State Vehicle
      • Dispose Surplus Property
      • Find Administrative Support Services
      • Find Budget Preparation Resources
      • Find Building Safety and Emergency Planning Information
      • Find Information about State Conference and Meeting Space
      • Find State Fuel System Program
      • Lease Space
      • Plan for Capital Improvements
      • Report a Facility Issue
      • View State Fleet Forms, Policies and Procedures
    • State Employee
      • Access Training Opportunities and Resources
      • Discover Discount Programs
      • Find Alternative Dispute Resolution Information and Resources
      • Find Holiday Leave Information
      • Learn about Benefits and Leave
      • Lease a State Vehicle
      • Register for Driver Training
      • Report a Facility Issue
      • Report a Leased Vehicle Accident
      • Report an IT Issue
      • Search State Salary Information
  • Services
    • Administrative Services
    • Budget
      • Agency Accountability Reports
      • Building the Budget
      • Governor's Budget
      • Informing the Public
      • Managing Grants
      • Managing the Budget
      • Planning for Capital Improvements
    • Check Flag Status
    • Citizen Assistance Programs
    • Facilities Management
    • IT Program Management
      • Agency Relationship Management (ARM)
      • Data Analytics
      • IT Data Collection
      • IT Planning
      • Real Estate and IT General Ledger (GL) Documents
    • Real Estate
    • Shared Services
    • South Carolina Enterprise Information System
    • State Fleet
      • Commercial Vendor Repair Program (CVRP)
      • Fleet Safety and Driver Training
      • Forms, Policies and Procedures
      • Report Leased Vehicle Accident
      • State Fuel Card Program
      • State Vehicle Acquisition and Disposal
      • State Vehicle Leasing
    • State House Events
    • State Human Resources
      • Alternative Dispute Resolution
      • Benefits and Leave
      • Classification and Compensation
      • HR Resources
      • Inclement Weather - State Government Closings
      • Talent Management
      • Telecommuting
    • Surplus Property
      • Online Auctions
      • Forms
      • State Surplus Property Services
      • GSA Vehicles
      • Public Auctions
      • Federal Surplus Property
      • 1033 Program
      • Donee Program Eligibility
    • Technology Services
      • Forms and Forums
      • Governance and Resources
      • Information Security and Privacy
      • IT Shared Services
      • Palmetto 800
      • Service Desk
    • Training
      • Certifications
      • Customized Courses
      • Fleet Safety and Driver Training
      • Individual Course Offerings
      • Information Security and Privacy Professional Development Program
      • Online Offerings
      • Resources
      • South Carolina Executive Institute
  • Transparency
    • Reports and Studies
    • Construction Projects Under Review by Agency
    • Earmarked Appropriations
    • InsideSC: Data Dashboards
      • ARP Act - State and Local Fiscal Recovery Fund
      • Finance
      • Human Resources
      • CARES Act – Coronavirus Relief Fund
    • Local Government Finance Report
    • Nuclear Advisory Council (NAC)
    • Procurement Card Usage
    • SC Unclaimed Property Program
    • State Contract Search
    • State Employees by Agency
    • State Employees by County
    • State Salary Query
    • State Spending
  • About Admin
    • Leadership
    • Join Admin's Team
    • Submit a FOIA Request
    • Contact Us
  • News & Events
    • News
    • Upcoming Events

A: Privacy determines what information needs to be protected, to what extent it needs to be protected, and from whom it needs to be protected. Information security (InfoSec) is a mechanism to implement protections.

Privacy encompasses the analysis of policy and business processes to ensure the legal and ethical obligations of an organization are upheld when the organization collects, stores, uses and/or discloses sensitive information. This includes informing the public of the organization’s information practices; providing information on opportunities to choose whether personal information will be shared and of options to restrict access to sensitive information; and assessing risks associated with the unauthorized access to, or loss of, sensitive information.

InfoSec refers to the processes and methodologies that are designed and implemented to protect print, electronic or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification or disruption.

A: When privacy safeguards are not established and/or enforced, the risk of unauthorized use or access increases. Unauthorized access or use of personal information may lead to financial harm, the release of personally embarrassing information, or the misuse of health care benefits (medical identity theft).

A: Data classification is an important step in setting up your privacy program. It involves identifying the data your agency holds and/or uses and then categorizing the data based on its sensitivity level. Once you have classified your data, you will have a better understanding of the risks and how to reduce those risks, such as through information technology security protections or employee training. We have developed the Data Classification Schema and Guidelines, a quick guide to the most common data classification circumstances and examples, available on the Governance and Resources webpage.  

A: No, privacy is everyone’s responsibility. In addition, data can be in both electronic and paper form. As part of an agency’s normal business processes, most employees will have access to some data. For example, any document that contains a person’s name and other identifying information could be a document that needs to be handled with special protections. For this reason, it is the responsibility of everyone at your agency to work together to protect individuals’ privacy.

A: First, providing privacy training to agency staff is one of the most important components of all privacy programs. Privacy is the responsibility of everyone at the agency because any employee could have access to sensitive data. As privacy liaison, you want to make sure your staff knows how to handle and manage data during the performance of their job duties. For example, if employees access or use sensitive information during their workday, they should be instructed to always lock their workstation computer when away from their office. If someone finds a document left in a common area of the office, or receives an email by mistake, they should know the appropriate procedures for reporting the incident, returning the information to the data owner, disposing of the information appropriately and/or informing their supervisor (or you, as the privacy liaison).

Second, complete your data classification. Go to the Governance and Resources webpage for further information.

Third, conduct privacy impact assessments on high risk business processes using the template and guidance found on the Governance and Resources webpage.

And fourth, ensure EPO has been notified that you are your agency’s privacy liaison. Send us an email at privacy.office@admin.sc.gov.

EPO will be providing resources on this website and hosting events for agency privacy liaisons. Check our calendar page frequently. Until then, contact us any time to discuss more.

A: Agency privacy liaisons have come to the right place! On our website, we have Resources with links to laws and regulatory websites; we have sections with Privacy Principles and Policy and Guidance for you to implement at your agency; above all, please contact us at privacy.office@admin.sc.gov to discuss any questions you may have.

A: The South Carolina Department of Consumer Affairs (SCDCA) is the agency that provides South Carolinians with information and resources on consumer privacy. You can reach the SCDCA website at https://consumer.sc.gov/.

A: To support state and local government entities in meeting the accelerating demand for information security and privacy services, Admin's Division of Information Security (DIS) and Enterprise Privacy Office (EPO) issued the Information Security and Privacy Services (ISPS) statewide term contract. 

This turnkey solution offers a completed solicitation process, which saves time and allows direct contact with pre-vetted vendors. Using Governmental Units are responsible for issuing a purchase order and approving payment for the services.

A: The state contract may be used by the following government units, referred to as “Using Governmental Units (UGUs)”:

A state government department, commission, council, board, bureau, committee, institution, college, university, technical school, agency, government corporation or other establishment or official of the executive or judicial branch. Governmental body excludes the General Assembly or its respective branches or its committees, Legislative Council, the Legislative Services Agency and all local political subdivisions such as counties, municipalities, school districts or public service or special purpose districts or any entity created by act of the General Assembly for the purpose of erecting monuments or memorials or commissioning art that is being procured exclusively by private funds.

A: Privacy services are available from four vendors awarded under Lot 7 of the Information Security and Privacy Services (ISPS) contract. The four vendors are: 

  • Axiom Resource Management Inc.  
  • Janus Software Inc.
  • Kuma, LLC
  • Navigate, LLC

A: Vendors awarded Lot 7 of the Information Security and Privacy Services (ISPS) contract can provide the following privacy services:

  • Privacy impact assessments
  • Privacy training development and delivery
  • Enterprise privacy communication management
  • Risk assessment assistance specifically related to privacy
  • Assistance in performing data inventory and classification activities
  • Privacy program development and compliance consulting services
  • Privacy incident response management services

A: Review the ISPS vendor contact information and pricing located in the link below: https://procurement.sc.gov/contracts/search?v=13002-9918-0-0

Contact one or more of the listed vendors contracted to provide the service(s) of interest. Provide the vendor(s) with a description of your agency’s needs and requirements, and solicit proposals from the vendor(s).

Upon agreement between the agency and the vendor on the scope of work and cost, finalize arrangement and payment in accordance with your organization’s policies.

A: For more information about the procurement process and how to use the Information Security and Privacy Services contract, contact the DIS Vendor Manager at dis.vendor.manager@admin.sc.gov or 803-896-4436.

A: If you would like advice on which privacy services would most benefit your privacy program, contact your organization’s privacy liaison, or Admin's Enterprise Privacy Office (EPO) at privacy.office@admin.sc.gov.

A: Yes. It is mandatory for all “Using Governmental Units” to procure their requirements from statewide term contracts during its term. Reference § 11-35-310 (35) of the Procurement Code.

A: The State Procurement Office along with the Division of Information Security's Vendor Manager will be responsible for vendor management, performance, change-orders, modifications to the contract terms and conditions, and vendor disputes. 

Contact Admin

  • Contact Admin

South Carolina Department of Administration
Marcia S. Adams, Executive Director
1200 Senate St., Suite 460
Columbia, SC 29201
803.734.8120

Right Column

  • About Admin
  • SC Careers
  • Privacy Notice
  • Website Feedback

 

To report fraud, waste, abuse, mismanagement or misconduct within or involving a state agency, call the State Inspector General at 1.855.723.7283 (1.855.SC.Fraud)
or visit the State Inspector General's website to file a complaint online.


SC.GOV Home
SC.GOV Privacy & Security Policy
Help Center
Contact SC.GOV
Download Adobe Reader
Copyright © State of South Carolina