As we reported here, and further analyzed here in October 2017, the NAIC adopted an Insurance Data Security Model Law.

On May 3, 2018, the South Carolina Governor made South Carolina the first state in the nation to adopt a comprehensive cybersecurity statute for the insurance industry, by signing into law the South Carolina Insurance Data Security Act (H4655) based on the NAIC Model.  Effective January 1, 2019, Licensees of the South Carolina Department of Insurance must comply with the new requirements for protecting the confidentiality and security of information and systems, and reporting certain cybersecurity events, as described in our discussion of the NAIC Model linked above.

As defined by the new Act, “’Licensee’ means a person licensed, authorized to operate, or registered, or required to be licensed, authorized, or registered pursuant to the insurance laws of this State but does not include a purchasing group or a risk retention group chartered and licensed in a state other than this State or a licensee that is acting as an assuming insurer that is domiciled in another state or jurisdiction.”