As used in this chapter:

(1) "Authorized individual" means an individual known to and screened by the licensee and determined to be necessary and appropriate to have access to nonpublic information held by the licensee and its information systems.

Ask an insurance law question, get an answer ASAP!
Click here to chat with a lawyer about your rights.

Terms Used In South Carolina Code 38-99-10

  • Beneficiary: A person who is entitled to receive the benefits or proceeds of a will, trust, insurance policy, retirement plan, annuity, or other contract. Source: OCC
  • Consumer: means an individual including, but not limited to, an applicant, policyholder, insured, beneficiary, claimant, and certificate holder who is a resident of this State and whose nonpublic information is in a licensee's possession, custody, or control. See South Carolina Code 38-99-10
  • Corporation: A legal entity owned by the holders of shares of stock that have been issued, and that can own, receive, and transfer property, and carry on business in its own name.
  • Department: means the Department of Insurance. See South Carolina Code 38-99-10
  • Director: means the Director of the Department of Insurance or his designee. See South Carolina Code 38-99-10
  • Encrypted: means the transformation of data into a form which results in a low probability of assigning meaning without the use of a protective process or key. See South Carolina Code 38-99-10
  • Information system: means a discrete set of electronic information resources organized for the collection, processing, maintenance, use, sharing, dissemination or disposition of electronic information, as well as any specialized system such as industrial or process controls systems, telephone switching and private branch exchange systems, and environmental control systems. See South Carolina Code 38-99-10
  • insurance: includes annuities. See South Carolina Code 38-1-20
  • Insurer: includes a corporation, fraternal organization, burial association, other association, partnership, society, order, individual, or aggregation of individuals engaging or proposing or attempting to engage as principals in any kind of insurance or surety business, including the exchanging of reciprocal or interinsurance contracts between individuals, partnerships, and corporations. See South Carolina Code 38-1-20
  • Jurisdiction: (1) The legal authority of a court to hear and decide a case. Concurrent jurisdiction exists when two courts have simultaneous responsibility for the same case. (2) The geographic area over which the court has authority to decide cases.
  • License: means a document issued by the state's director or his designee authorizing a person to act as an insurance producer for the lines of authority specified in the document. See South Carolina Code 38-1-20
  • Licensee: means a person licensed, authorized to operate, or registered, or required to be licensed, authorized, or registered pursuant to the insurance laws of this State but does not include a purchasing group or a risk retention group chartered and licensed in a state other than this State or a licensee that is acting as an assuming insurer that is domiciled in another state or jurisdiction. See South Carolina Code 38-99-10
  • Nonpublic information: means information that is not publicly available information and is:

    (a) business-related information of a licensee the tampering with which, or unauthorized disclosure, access, or use of which, would cause a material adverse impact to the business, operations, or security of the licensee;

    (b) any information concerning a consumer which because of name, number, personal mark, or other identifier can be used to identify such consumer, in combination with any one or more of the following data elements:

    (i) social security number;

    (ii) driver's license number or nondriver identification card number;

    (iii) account number, credit or debit card number;

    (iv) security code, access code, or password that would permit access to a consumer's financial account; or

    (v) biometric records;

    (c) any information or data, except age or gender, in any form or medium created by or derived from a health care provider or a consumer and that relates to:

    (i) the past, present, or future physical, mental or behavioral health or condition of a consumer or a member of the consumer's family;

    (ii) the provision of health care to a consumer; or

    (iii) payment for the provision of health care to a consumer. See South Carolina Code 38-99-10
  • Partnership: A voluntary contract between two or more persons to pool some or all of their assets into a business, with the agreement that there will be a proportional sharing of profits and losses.
  • Person: means any individual or any nongovernmental entity including, but not limited to, a nongovernmental partnership, corporation, branch, agency, or association. See South Carolina Code 38-99-10
  • Publicly available information: means information that a licensee has a reasonable basis to believe is lawfully made available to the general public from federal, state, or local governmental records, widely distributed media, or disclosures to the general public that are required to be made by federal, state, or local law. See South Carolina Code 38-99-10
  • Risk assessment: means the risk assessment that each licensee is required to conduct under this chapter. See South Carolina Code 38-99-10
  • State: means the State of South Carolina. See South Carolina Code 38-99-10

(2) "Consumer" means an individual including, but not limited to, an applicant, policyholder, insured, beneficiary, claimant, and certificate holder who is a resident of this State and whose nonpublic information is in a licensee’s possession, custody, or control.

(3) "Cybersecurity event" means an event resulting in unauthorized access to or the disruption or misuse of an information system or information stored on an information system. The term "cybersecurity event" does not include the unauthorized acquisition of encrypted nonpublic information if the encryption, process or key is not also acquired, released or used without authorization. The term "cybersecurity event" also does not include an event with regard to which the licensee has determined that the nonpublic information accessed by an unauthorized person has not been used or released and has been returned or destroyed.

(4) "Department" means the Department of Insurance.

(5) "Director" means the Director of the Department of Insurance or his designee.

(6) "Encrypted" means the transformation of data into a form which results in a low probability of assigning meaning without the use of a protective process or key.

(7) "Information security program" means the administrative, technical, and physical safeguards that a licensee uses to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle nonpublic information.

(8) "Information system" means a discrete set of electronic information resources organized for the collection, processing, maintenance, use, sharing, dissemination or disposition of electronic information, as well as any specialized system such as industrial or process controls systems, telephone switching and private branch exchange systems, and environmental control systems.

(9) "Licensee" means a person licensed, authorized to operate, or registered, or required to be licensed, authorized, or registered pursuant to the insurance laws of this State but does not include a purchasing group or a risk retention group chartered and licensed in a state other than this State or a licensee that is acting as an assuming insurer that is domiciled in another state or jurisdiction.

(10) "Multifactor authentication" means authentication through verification of at least two of the following authentication factors:

(a) knowledge factors, such as a password; or

(b) possession factors, such as a token or text message on a mobile phone; or

(c) inherence factors, such as a biometric characteristic.

(11) "Nonpublic information" means information that is not publicly available information and is:

(a) business-related information of a licensee the tampering with which, or unauthorized disclosure, access, or use of which, would cause a material adverse impact to the business, operations, or security of the licensee;

(b) any information concerning a consumer which because of name, number, personal mark, or other identifier can be used to identify such consumer, in combination with any one or more of the following data elements:

(i) social security number;

(ii) driver’s license number or nondriver identification card number;

(iii) account number, credit or debit card number;

(iv) security code, access code, or password that would permit access to a consumer’s financial account; or

(v) biometric records;

(c) any information or data, except age or gender, in any form or medium created by or derived from a health care provider or a consumer and that relates to:

(i) the past, present, or future physical, mental or behavioral health or condition of a consumer or a member of the consumer’s family;

(ii) the provision of health care to a consumer; or

(iii) payment for the provision of health care to a consumer.

(12) "Person" means any individual or any nongovernmental entity including, but not limited to, a nongovernmental partnership, corporation, branch, agency, or association.

(13) "Publicly available information" means information that a licensee has a reasonable basis to believe is lawfully made available to the general public from federal, state, or local governmental records, widely distributed media, or disclosures to the general public that are required to be made by federal, state, or local law. For the purposes of this item, a licensee has a reasonable basis to believe information is lawfully made available to the general public if the licensee has taken steps to determine:

(a) that the information is of the type that is available to the general public; and

(b) whether a consumer can direct that the information not be made available to the general public and, if so, that the consumer has not done so.

(14) "Risk assessment" means the risk assessment that each licensee is required to conduct under this chapter.

(15) "State" means the State of South Carolina.

(16) "Third-party service provider" means a person not otherwise defined as a licensee that contracts with a licensee to maintain, process, store or otherwise is permitted access to nonpublic information through its provision of services to the licensee.