The Enterprise Privacy Office is pleased to be able to provide the following resources.
Selected South Carolina Laws and Regulations
- Breach of security of business data; notification requirements; penalties
SC Code of Laws 1976, as amended, Section 39-1-90
- Breach of security of state agency data; notification requirements; penalties
SC Code of Laws 1976, as amended, Section 1-11-490
- Consumer Identity Theft Protection (Financial Identity Fraud and Identity Theft Protection Act)
SC Code of Laws 1976, as amended, Sections 37-20-110 through 37-20-200
- Family Privacy Protection Act of 2002
SC Code of Laws 1976, as amended, Sections 30-2-10 through 30-2-340
- Freedom of Information Act
SC Code of Laws 1976, as amended, Sections 30-4-10 through 30-4-165
- Public Records
SC Code of Laws 1976, as amended, Sections 30-1-10 through 30-1-180
- South Carolina Department of Education Data Use and Governance Policy
SC Code of Laws 1976, as amended, Section 59-1-490
South Carolina Legislature 2016-2017 Appropriations BillSections in Part IB of the Appropriation Act, (A284, R275, H5001), as Ratified by the General Assembly on June 2, 2016.
Selected Federal Laws and Regulations
- Children’s Online Privacy Protection Act (COPPA)
Children’s Online Privacy Protection Act of 1998 — Regulates the collection and use of children’s information by commercial website operators.
- Family Educational Rights and Privacy Act (FERPA)
Family Educational Rights and Privacy Act — Protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
- Freedom of Information Act (FOIA)
Freedom of Information Act — Provides the public with the right, and a process, by which to request access to records from any federal agency (with nine exceptions, such as personal privacy, national security, and law enforcement).
- Gramm-Leach-Bliley Act (GLBA)
Gramm-Leach-Bliley Act — Requires financial institutions, which offer products to consumers, to explain their information sharing practices to their customers and to safeguard sensitive data.
- Health Insurance Portability and Accountability Act (HIPAA)
Health Insurance Portability and Accountability Act of 1996 (Summary of HIPAA Privacy Rule) — Protects individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information.
- Privacy Act of 1974
Privacy Act of 1974 — Protects the rights of individuals regarding the collection, maintenance, use and dissemination of their information that is maintained in systems of records by federal agencies.
- Payment Card Industry Data Security Standard (PCI-DSS)
Payment Card Industry Data Security Standard (PCI-DSS) — Sets requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. The law applies to any organization with customers who pay them directly using a credit card or debit card.
Selected Federal and State Agencies
- U.S. Department of Health and Human Services — Office of Civil Rights
The DHHS OCR enforces the HIPAA Privacy Rule, HIPAA Security Rule, HIPAA Breach Notification Rule and the confidentiality provisions of the Patient Safety Rule.
- U.S. Department of Homeland Security — Privacy Office
The DHS Privacy Office was the first statutorily-required privacy office in any federal agency.
- Federal Trade Commission
The FTC is a bipartisan federal agency with a unique dual mission to protect consumers and promote competition.
- South Carolina Department of Consumer Affairs
The South Carolina Department of Consumer Affairs is the state’s consumer protection agency. One of the agency’s divisions is its Identity Theft Unit.
- South Carolina Department of Archives and History
One of the missions of the South Carolina Department of Archives and History is to work with state agency and local government officials in the proper management of their records.
- U.S. Department of Education — Privacy Technical Assistance Center (PTAC)
The U.S. Department of Education established the PTAC as a resource regarding FERPA and data privacy, confidentiality and security practices. It includes documents, videos, webinars, and other tools, resources, and opportunities to receive assistance to improve privacy, security, and confidentiality of student data systems. These resources are intended to promote compliance with FERPA and other best practices.
Federal Privacy CouncilThe Federal Privacy Council is the principal interagency forum to improve the privacy practices of agencies and entities acting on their behalf, across the Federal Government.
State Treasurer of South CarolinaThe State Treasurer of South Carolina has issued a policy for agencies’ Payment Card Industry Data Security Standards (PCI DSS) compliance responsibilities, as well as materials to assist agencies in their compliance efforts.
- National Institute of Standards and Technology
As a part of the U.S. Department of Commerce, NIST creates standards for a wide sector of technologies includes privacy and security.
- International Association of Privacy Professionals
The IAPP is a not-for-profit association with a mission to define, support and improve the privacy profession globally. The organization has developed and launched credentialing programs in information privacy.
- National Governors Association (NGA) Center for Best Practices — Justice Information Sharing
The NGA is a bipartisan organization of the nation’s governors that works to identify issues of public policy and governance at the state and national levels. Their website includes privacy and policy links and resources for organizations that share criminal justice information.
- Best Practices: Elements of a Federal Privacy Program
Created by the Federal CIO Council Privacy Committee, “Basic Practices: Elements of A Federal Privacy Program” outlines seven elemental building blocks of robust privacy programs. While intended for use by federal programs, this document outlines best practices that apply to a variety of organizations and business operations.
National Conference of State LegislaturesThe National Conference of State Legislatures (NCSL) is a bipartisan organization that tracks state privacy and security laws nationwide to provide resources, such as overviews and indexes, to the public.
Data.govData.gov is managed and hosted by the U.S. General Services Administration and provides the public with data, tools and resources to conduct research, design data visualizations and more.