Skip to main content
The Official Web Site of the State of South Carolina

Security Breaches

Notifications

If a business sends notice of a data security breach to 1,000 or more South Carolina residents at one time, the business must also notify the Department and the national credit reporting agencies. When sending notice to consumers, breached entities should include contact information for the Department so consumers may seek additional help from the Identity Theft Unit. When a business is required to notify the Department of a breach, the notice should include all of the following:

  1. Date of the breach;
  2. Date business became aware of the breach;
  3. Date notice was/will be sent to affected consumers;
  4. Method of consumer notification (i.e., direct mail, electronic mail, etc.)
  5. Number of affected South Carolina consumers; 
  6. Content of the consumer notice (i.e., copy of the letter sent to consumers); and
  7. Action taken to avoid future breaches.

Breach notifications should be sent to the Department's Legal Division, P.O. Box 5757, Columbia, SC 29250 or emailed to scdca@scconsumer.gov.

For more information on the applicable laws in South Carolina, refer to the Identity Theft & The Law: A Guide for Business and Government (PDF)

Data Security Breach Reports

Data Security Breach Tips

Handouts

Other Important Information