top of page
  • Writer's pictureDragoon Security Group

SC Insurance Data Security Act Primer

Updated: Oct 13, 2018


South Carolina is the first state to implement this law, developed by the National Association of Insurance Commissioners (NAIC).

The Director of the South Carolina Department of Insurance, Ray Farmer, is the current Vice-President of the NAIC and chaired the Cyber Security Working Group responsible for developing the model law.

Key Dates

January 1, 2019

Agencies are required to notify the SC DOI Director, no later than 72 hours after determining that a cyber Security event has occurred.

July 1, 2019

Agencies are required to have established a comprehensive, written Information Security program by July 1, 2019. Section 38-99-20

July 1, 2020

Agencies are required to have vetted their supply chain’s implementation of administrative, technical and physical controls to safeguard their Information Systems storing agency Non-Public Data. Section 38-99-20(F)

February 15, 2020

Agencies operating in South Carolina must submit a written statement certifying to the SC DOI Director, a written statement certifying that the insurer complies with the requirements set forth in the Act. Section 38-99-20(H)(2)(1)

Key Requirements

  1. Risk Assessment

  2. Comprehensive Written Information Security Program, including an Incident Response Plan

  3. Chief Information Security Officer appointed to oversee the Information Security Program

  4. Annual reporting by CISO to Board of Directors or Owner(s)

  5. Annual reporting to SC Department of Insurance

Is Outsourcing Compliance Right For You?

Insurance agents routinely identify and calculate risks when developing a client's policy, be it health, auto, or life. Assessing security risks follows a similar processes of identifying risks and corresponding threats by answering these questions:

  1. What are the known risks within your business?

  2. What are your business's unidentified risks?

  3. What are the existing and evolving threats to your critical lines of business?

  4. What are you doing to effectively counter threats?

  5. Are you managing the risks to the strategic initiatives across your business?

How We Help

Dragoon Security Group has researched the the SC Insurance Data Security Act and studied supporting initiatives by NAIC, outlining the core requirements of the NAIC’s goals. These goals are integral in our turn-key Compliance-as-a-Service program. Agencies continue to conduct normal operations, focusing on serving their customers rather than losing opportunity tending to the new regulatory requirements.

Dragoon Security Group brings decades of experience building and maturing Information Security Programs in highly regulated industries, both public and private sector. Our insight into delivering secure, cost-effective and efficient controls and solutions means Compliance and Security are handled with minimal impact to daily business activities.

67 views0 comments

Recent Posts

See All

90 Days to the SC Insurance Data Security Act

What is the SCIDSA? The SCIDSA is a new law that changes the way licensees in South Carolina manage business and consumer data. Much of the SCIDSA builds on rules set by existing security and privacy


Commenting has been turned off.
Post: Blog2_Post
bottom of page