For further guidance of general information security knowledge, standards, guidelines, and tools, please see the following resources:

South Carolina Laws and Regulations

This section includes selected state laws and regulations related to security, data privacy and security.

• Breach of security of business data; notification requirements; penalties SC Code of Laws 1976, as amended, Section 39-1-90
• Breach of security of state agency data; notification requirements; penalties SC Code of Laws 1976, as amended, Section 1-11-490
• Consumer Identity Theft Protection (Financial Identity Fraud and Identity Theft Protection Act) SC Code of Laws 1976, as amended, Sections 37-20-110-37-20200
• Family Privacy Protection Act of 2002 SC Code of Laws 1976, as amended, Sections 30-2-10 30-2-340
• Freedom of Information Act SC Code of Laws 1976, as amended, Sections 30-4-10 30-4-165
• Public Records SC Code of Laws 1976, as amended, Sections 30-1-10 30-1-180
• SC Department of Education Data Use and Governance Policy SC Code of Laws 1976, as amended, Section 59-1-490

Federal Laws and Regulations

This section includes selected federal laws and regulations related to security, data privacy and security.

• Children's Internet Protection Act (CIPA) CIPA imposes certain requirements on schools or libraries that receive discounts for Internet access or internal connections through the E-rate program. Children's Internet Protection Act (CIPA)
• Children’s Online Privacy Protection Act (COPPA) Children’s Online Privacy Protection Act of 1998 - Regulates the collection and use of children’s information by commercial website operators. COPPA
• Family Educational Rights and Privacy Act (FERPA) Family Educational Rights and Privacy Act - Protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education. Family Educational Rights and Privacy, FERPA
• Freedom of Information Act (FOIA) Freedom of Information Act - Provides the public with the right, and a process, by which to request access to records from any federal agency (with nine exceptions, such as personal privacy, national security, and law enforcement). FOIA
• Gramm-Leach-Bliley Act (GLBA) Gramm-Leach-Bliley Act - Requires financial institutions, which offer products to consumers, to explain their information sharing practices to their customers and to safeguard sensitive data. GLBA
• Health Insurance Portability and Accountability Act (HIPAA) Health Insurance Portability and Accountability Act of 1996 (Summary of HIPAA Privacy Rule) - Protects individually identifiable health information held by covered entities and their business associates and gives patients an array of rights with respect to that information. HIPAA
• Payment Card Industry Data Security Standard (PCI-DSS) Payment Card Industry Data Security Standard (PCI-DSS) - Sets requirements designed to ensure that all companies that process, store. or transmit credit card information maintain a secure environment. The law applies to any organization with customers who pay them directly using a credit card or debit card. PCI-DSS

Federal and State Agencies

This section includes selected state and federal agencies related to security, data privacy and security.

• Federal Trade Commission A bipartisan federal agency with a unique dual mission to protect consumers and promote competition. FTC
• South Carolina Department of Consumer Affairs The state’s consumer protection agency. One of the agency’s divisions is its Identity Theft Unit. Identity Theft Unit
• South Carolina Department of Archives and History One of the missions of the SC Department of Archives and History is to work with state agency and local government officials in the proper management of their records. Records Management
• U.S. Department of Health and Human Services – Office of Civil Rights DHHS OCR enforces the HIPAA Privacy Rule, HIPAA Security Rule, HIPAA Breach Notification Rule, and the confidentiality provisions of the Patient Safety Rule. OCR
• U.S. Department of Homeland Security – Privacy Office DHS Privacy Office was the first statutorily required privacy office in any federal agency. DHS Privacy Office
• U.S. Office of Management and Budget - Office of Information and Regulatory Affairs (OIRA) The OIRA, a statutory part of the OMB within the Executive Office of the President, is the U.S. government’s central authority for the review of Executive Branch regulations, approval of government information collections, establishment of government statistical practices, and coordination of federal privacy policy. OIRA

Cyber and Data Security Resources

This section includes resources that offer standards, guidelines and tools related to security and data privacy.

• Cybersecurity and Infrastructure Security Agency (CISA) CISA is the operational lead for federal cybersecurity and the national coordinator for critical infrastructure security and resilience. CISA
• International Association of Privacy Professionals A not-for-profit association with a mission to define, support and improve the privacy profession globally. IAPP
• Multi State-Information Sharing & Analysis Center The MS-ISAC is the focal point for cyber threat prevention, protection, response, and recovery for the nation's state, local, tribal, and territorial (SLTT) governments. MS-ISAC
• National Institute of Standards and Technology As a part of the U.S. Department of Commerce, NIST creates standards for a wide sector of technologies includes privacy and security. NIST Computer Security Resource Center