South Carolina Data Privacy Laws: Breach Notification & Consumer Rights (2026)

South Carolina takes a sectoral approach to data privacy. The state has not enacted a comprehensive consumer data privacy statute that grants residents broad rights over their personal data. Instead, South Carolina protects personal information through a combination of breach notification requirements, insurance industry cybersecurity mandates, identity theft protections, a newly enacted intimate-image statute, and federal law.

This guide covers every major data privacy protection available to South Carolina residents as of May 2026. It explains the state's breach notification law, the Insurance Data Security Act, consumer protection statutes, the 2025 intimate-image law, the federal framework that applies in South Carolina, and answers to common questions about data privacy rights in the Palmetto State.

South Carolina Breach Notification Act (S.C. Code Ann. Section 39-1-90)

The primary data privacy protection for South Carolina residents is the state's breach notification law. Codified at S.C. Code Ann. Section 39-1-90, this statute was enacted as part of the Financial Identity Fraud and Identity Theft Protection Act (FIFITPA) in 2008. It requires both businesses and government agencies to notify residents when their personal identifying information is compromised.

Who Must Comply

The breach notification law applies to two categories of entities.

Private businesses. Any person conducting business in South Carolina who owns or licenses computerized data or other data that includes personal identifying information must comply. The law does not set a minimum company size or revenue threshold. Any business that holds South Carolina residents' personal data falls under the statute.

Government agencies. State agencies and other public bodies in South Carolina that own or license data containing personal identifying information must also provide breach notifications under the same requirements. A separate provision, S.C. Code Ann. Section 1-11-490, governs state agency data breaches and imposes notification obligations to the State Chief Information Officer in addition to the resident notice required under Section 39-1-90.

What Triggers a Notification

A breach notification is required when there is unauthorized access to and acquisition of computerized data that compromises the security, confidentiality, or integrity of personal identifying information. The notification obligation arises when the illegal use of the information has occurred or is reasonably likely to occur, or when the use creates a material risk of harm to the resident.

This is an important distinction from many other state breach laws. South Carolina uses a harm-based trigger rather than a blanket notification requirement. If a business determines that unauthorized access occurred but the likelihood of harm is low, it may not need to send notifications. However, the burden of making that determination falls on the business and is subject to scrutiny if harm later materializes.

Definition of Personal Identifying Information

The statute defines personal identifying information as a resident's first name or first initial and last name in combination with one or more of the following data elements, when neither encrypted nor redacted:

• Social Security number
• Driver's license number or state identification card number
• Financial account number, credit card number, or debit card number in combination with any required security code, access code, or password

The definition does not include information that is lawfully obtained from publicly available sources or from federal, state, or local government records lawfully made available to the general public.

South Carolina's definition is narrower than many other states' breach notification laws. States like California, Colorado, and Oregon have expanded their definitions to include biometric data, medical information, passport numbers, and usernames with passwords. South Carolina has not amended Section 39-1-90 to add these categories as of May 2026.

Notification Timeline

South Carolina does not set a specific day count for breach notifications. Instead, the law requires disclosure in the most expedient time possible and without unreasonable delay. The notification timeline must be consistent with the legitimate needs of law enforcement and any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system.

A law enforcement agency may request a delay in notification if it determines that the notification would impede a criminal investigation. Once law enforcement determines the notification no longer compromises the investigation, the business must proceed with disclosure.

How Notification Must Be Provided

Businesses can provide breach notifications through several methods:

Written notice. A letter sent to the last known mailing address of the affected resident.

Electronic notice. Permitted if electronic communication is the primary method of interaction between the business and the affected individual.

Telephonic notice. Direct phone calls to affected individuals.

Substitute notice. Available when the cost of direct notification exceeds $250,000, the affected class exceeds 500,000 persons, or the business does not have sufficient contact information. Substitute notice requires all three of the following: email notification when an email address is available, conspicuous posting on the business's website, and notification to major statewide media.

Reporting to State Authorities

When a business provides breach notification to more than 1,000 persons at one time, it must also notify the Consumer Protection Division of the South Carolina Department of Consumer Affairs and all nationwide consumer reporting agencies without unreasonable delay. The notice to consumer reporting agencies must include the timing, distribution, and content of the notification sent to residents.

The SC Department of Consumer Affairs publishes received breach notices on its public website, which residents can monitor to check whether organizations that hold their data have reported incidents.

Third-Party Data Holders

A business that maintains computerized data containing personal identifying information that it does not own must notify the owner or licensee of the information immediately following discovery of a breach if the personal identifying information was acquired by an unauthorized person.

Penalties and Enforcement

The breach notification law provides several enforcement mechanisms.

Willful and knowing violations. A South Carolina resident injured by a willful and knowing violation may file a civil action to recover damages. Courts have discretion in determining the amount of damages.

Negligent violations. A resident may also bring a civil action for negligent violations, though recovery is limited to actual damages resulting from the violation.

Administrative penalties. A person who knowingly and willfully violates the notification requirement is subject to an administrative fine of $1,000 per resident whose information was accessible by reason of the breach. The Department of Consumer Affairs administers this penalty.

Injunctive relief. Affected residents may seek an injunction to enforce compliance with the statute.

Attorney's fees. A successful plaintiff may recover attorney's fees and court costs.

The Consumer Protection Division of the Department of Consumer Affairs handles administrative enforcement of the breach notification requirements.

Financial Institution Exemption

A financial institution that is subject to and in compliance with the federal Interagency Guidance Response Programs for Unauthorized Access to Consumer Information and Customer Notice is considered to be in compliance with Section 39-1-90. This covers institutions regulated by the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision.

South Carolina Insurance Data Security Act (Title 38, Chapter 99)

South Carolina was the first state in the nation to adopt the National Association of Insurance Commissioners (NAIC) Insurance Data Security Model Law. The South Carolina Insurance Data Security Act, codified at S.C. Code Ann. Title 38, Chapter 99, took effect on January 1, 2019. It establishes comprehensive cybersecurity requirements specifically for insurance industry licensees.

Who Must Comply

The Act applies to all licensees of the South Carolina Department of Insurance. This includes insurance companies, agents, brokers, adjusters, and other entities licensed to conduct insurance business in the state. Small licensees with fewer than specified employee or revenue thresholds may qualify for modified or reduced compliance requirements under the Act.

Information Security Program Requirements

Every licensee must develop, implement, and maintain a comprehensive written information security program. The program must be based on the licensee's own risk assessment and must include administrative, technical, and physical safeguards for the protection of nonpublic information.

The security program must address:

• The size and complexity of the licensee's business
• The nature and scope of the licensee's activities, including the use of third-party service providers
• The sensitivity of the nonpublic information the licensee collects and stores

Risk Assessment Requirements

Licensees must conduct a risk assessment that identifies reasonably foreseeable internal and external threats that could result in unauthorized access to nonpublic information. The assessment must evaluate the likelihood and potential damage of identified threats and assess the sufficiency of existing policies, procedures, information systems, and safeguards.

Board of Directors Oversight

The Act requires the board of directors (or an appropriate committee) to oversee the development and implementation of the licensee's information security program. The board must require executive management to develop and maintain the program and must receive regular reports on the status of the program.

Third-Party Service Provider Management

Licensees that share nonpublic information with third-party service providers must exercise due diligence in selecting providers. The licensee must require third-party providers to implement appropriate safeguards and must monitor and verify compliance with those safeguards.

Cybersecurity Event Notification

When a licensee determines that a cybersecurity event has occurred, it must notify the Director of the South Carolina Department of Insurance within 72 hours if any of the following conditions are met:

• South Carolina is the licensee's state of domicile (for insurers) or home state (for producers)
• The licensee reasonably believes the event involved nonpublic information of 250 or more South Carolina consumers
• The event requires notice to another state or federal governmental entity
• There is a reasonable likelihood of material harm to a South Carolina consumer or to the licensee's operations

Penalties

The Director of the South Carolina Department of Insurance may examine and investigate licensees to determine compliance with the Act. Violations may result in regulatory action by the Department, including:

• A fine of up to $15,000 per violation
• A fine of up to $30,000 per violation when the licensee acted willfully

These penalty amounts are codified at S.C. Code Ann. Section 38-99-60.

Act 37 of 2025: Non-Consensual Intimate Image and Deepfake Law (S.C. Code Ann. Section 16-15-332)

South Carolina enacted Act 37 of 2025, codified at S.C. Code Ann. Sections 16-15-330 and 16-15-332, when Governor Henry McMaster signed the bill on May 12, 2025. The law criminalizes the unauthorized disclosure of intimate images and extends those prohibitions to AI-generated deepfake intimate imagery. South Carolina was the final state to enact a non-consensual intimate image statute.

What the Law Prohibits

A person who intentionally disseminates an intimate image or a digitally forged intimate image of another person without the effective consent of the depicted person commits the offense of unauthorized disclosure of intimate images under Section 16-15-332(A).

The law applies when the person disseminating the image knows, or reasonably should have known, that the depicted individual had a reasonable expectation of privacy in the image.

Key Definitions

Intimate image. A visual depiction that shows a person's genitals, pubic area, anus, or female breast, when the person is nude or engaged in sexually explicit conduct, and that was created under circumstances where the depicted person had a reasonable expectation of privacy.

Digitally forged intimate image. An intimate image of an identifiable individual that appears to a reasonable person to be indistinguishable from an authentic visual depiction of that individual, and that is generated or substantially modified using machine-learning techniques or any other computer-generated means to falsely depict the individual's appearance or conduct. The statute expressly applies regardless of whether the image carries a label indicating it is not authentic.

Effective consent. Affirmative, conscious, and voluntary authorization by an individual with legal capacity. The fact that the depicted individual previously disclosed the image to another person does not constitute effective consent for further dissemination under this section.

Penalties

A first offense under Section 16-15-332(A) is a felony punishable by a fine not to exceed $5,000 or imprisonment not to exceed five years, or both. A second or subsequent offense is a felony punishable by a fine not to exceed $10,000 or imprisonment of not less than one year and not more than ten years, or both.

Each disclosure of multiple intimate images of the same individual may be treated as separate and distinct offenses.

Law Enforcement Exception

The Act does not apply to intimate images or digitally forged intimate images created by law enforcement pursuant to a criminal investigation that is otherwise lawful.

Intersection with the Federal TAKE IT DOWN Act

The federal TAKE IT DOWN Act (discussed in the Federal Overlay section below) supplements the state statute by adding platform-level removal obligations. Where Section 16-15-332 governs criminal liability for the person who disseminates the image, the federal Act creates a separate obligation requiring covered online platforms to remove reported nonconsensual intimate visual depictions within 48 hours of notice.

Financial Identity Fraud and Identity Theft Protection Act (FIFITPA)

The Financial Identity Fraud and Identity Theft Protection Act (Act No. 190 of 2008) is the umbrella legislation that established many of South Carolina's data privacy protections. Beyond the breach notification requirements discussed above, FIFITPA includes several additional consumer protections.

Security Freeze Rights

South Carolina residents have the right to place a security freeze on their consumer credit reports at no cost. A security freeze prohibits a credit reporting agency from releasing the consumer's credit report or any information from it without the consumer's express authorization. This helps prevent identity thieves from opening new accounts in the consumer's name.

Records Disposal Requirements

FIFITPA requires both businesses and government agencies to properly dispose of records containing personal identifying information. When disposing of such records, entities must modify the personal identifying information by shredding, erasing, or other means to make it unreadable or undecipherable.

A public body complies with the disposal requirement if it contracts with a person engaged in the business of disposing of records for the modification of personal identifying information on behalf of the body.

Violations of the records disposal requirements constitute a misdemeanor with a fine of up to $500 per violation.

Identity Theft Protections

FIFITPA strengthened South Carolina's criminal penalties for identity-related crimes.

Financial identity fraud. A person who commits financial identity fraud is guilty of a felony and, upon conviction, may be fined at the court's discretion or imprisoned for up to ten years, or both.

Identity theft through garbage rummaging. A first violation is a misdemeanor with a fine up to $250. Subsequent violations carry fines up to $1,000. A person who knowingly and willfully rummages through garbage to commit identity fraud is guilty of a Class F felony, punishable by up to five years imprisonment and a fine of up to $1,000.

Consumer Reporting Protections

The Act includes provisions governing how consumer reporting agencies handle South Carolina residents' data, including requirements around fraud alerts, active duty military alerts, and the handling of identity theft reports.

Family Privacy Protection Act (Title 30, Chapter 2)

The Family Privacy Protection Act of 2002 provides additional privacy protections specifically related to personal information held by South Carolina state government agencies.

Scope and Requirements

All state agencies, boards, commissions, institutions, departments, and other state entities must develop privacy policies and procedures to ensure that the collection of personal information pertaining to citizens is limited to information that is required and necessary to fulfill a legitimate public purpose.

The Act defines personal information broadly to include photographs, Social Security numbers, dates of birth, driver's identification numbers, names, home addresses, home telephone numbers, medical or disability information, education levels, financial status, bank account numbers, account or identification numbers, employment history, height, weight, race, other physical details, signatures, biometric identifiers, and credit records or reports.

Commercial Solicitation Prohibition

The Act prohibits any person or private entity from using personal information obtained from state agencies for commercial solicitation purposes. A person who knowingly violates this provision is guilty of a misdemeanor and, upon conviction, may be fined up to $500 or imprisoned for up to one year, or both.

South Carolina Unfair Trade Practices Act

The South Carolina Unfair Trade Practices Act (S.C. Code Ann. Title 39, Chapter 5) provides a general consumer protection framework that can apply to data privacy violations. While not specifically a data privacy statute, the Act prohibits unfair or deceptive acts or practices in trade or commerce.

Businesses that engage in deceptive practices related to the collection, use, or protection of consumer data could face enforcement actions under this statute. The Department of Consumer Affairs and the Attorney General's office can take action against businesses whose data handling practices constitute unfair or deceptive trade practices. The Attorney General may also bring an action under this statute for systemic data misrepresentation.

Health Information Privacy in South Carolina

South Carolina does not have a standalone state health data privacy law equivalent to HIPAA. However, several state provisions supplement federal health privacy protections.

Under South Carolina law, medical records must not be released without written consent from the patient, except as otherwise provided by law. The state imposes additional restrictions on certain sensitive health information, including data related to sexually transmitted diseases, HIV, tuberculosis, other communicable diseases, family planning, drug control, substance abuse, and mental health.

Physicians in South Carolina must retain medical records for at least ten years for adult patients and at least thirteen years for minors. These minimum recordkeeping periods begin from the last date of treatment.

Enacted and Pending Privacy Legislation (2025-2026 Session)

The South Carolina General Assembly has been active on privacy legislation in the 2025-2026 session. Two bills have become law; two others remain pending in committee.

Enacted: South Carolina Social Media Regulation Act (Act No. 96, HB 3431)

Governor McMaster signed House Bill 3431 on February 5, 2026, enacting it as Act No. 96. The law is in effect as of the date of signing.

The Act creates age-appropriate design requirements for "covered online services," broadly defined to include platforms and apps that conduct business in South Carolina and are reasonably likely to be accessed by minors. The Act applies to covered services that meet at least one of three size thresholds: annual gross revenues exceeding $25 million, processing the personal data of 50,000 or more consumers, or deriving 50 percent or more of annual revenue from the sale of personal data.

Covered services must implement privacy-by-default settings for minor users. The law requires covered platforms to provide parents and guardians with tools to manage children's account settings, restrict purchases and financial transactions, view time spent on the service, and restrict use during specified times of day. The first independent audit report under the Act is due July 1, 2026.

Enacted: Act 37 of 2025 (HB 3058, S.C. Code Ann. Section 16-15-332)

As described in detail above, this law was signed on May 12, 2025, and criminalizes the non-consensual disclosure of intimate images and AI-generated deepfake intimate imagery.

Pending: Bill 3401 (Technology Transparency Act)

House Bill 3401 would add Chapter 31 to Title 37 of the South Carolina Code. If enacted, it would establish consumer rights to access, correct, delete, and opt out of the sale of personal data; require data controllers to provide privacy notices; mandate data protection assessments; and restrict the processing of sensitive personal data. The bill would also establish appeal processes and require controllers to implement methods for consumers to submit data rights requests.

As of May 2026, Bill 3401 remains referred to the House Judiciary Committee and has not been enacted into law.

Pending: Bill 3400 (Child Data Privacy and Protection Act)

House Bill 3400 would specifically address children's data privacy, providing targeted protections for minors' personal information collected by online services. As of May 2026, this bill also remains in committee and has not been enacted.

Federal Data Privacy Laws Applicable in South Carolina

Because South Carolina lacks a comprehensive state privacy law, federal statutes play an especially important role in protecting residents' personal data. The following federal laws apply to businesses and organizations operating in South Carolina.

TAKE IT DOWN Act (Pub. L. 119-12)

The TAKE IT DOWN Act, signed into law on May 19, 2025, establishes federal criminal prohibitions and platform obligations regarding nonconsensual intimate visual depictions. The full title is the Tools to Address Known Exploitation by Immobilizing Technological Deepfakes on Websites and Networks Act.

The criminal prohibition on publishing nonconsensual intimate visual depictions took effect immediately upon signing. Covered online platforms had one year to establish compliant notice-and-removal processes; FTC enforcement of those platform obligations began on May 19, 2026.

Key platform obligations under the Act include: creating a process for consumers to notify the platform of a nonconsensual intimate visual depiction, removing reported depictions within 48 hours of receiving notice, and making reasonable efforts to identify and remove identical copies. A platform's failure to reasonably comply constitutes a violation of a rule defining an unfair or deceptive act or practice under the Federal Trade Commission Act.

South Carolina residents affected by nonconsensual intimate imagery can report violations to covered platforms under this federal process, separate from and in addition to the state criminal remedy under Section 16-15-332.

Health Insurance Portability and Accountability Act (HIPAA)

The HIPAA Privacy Rule establishes national standards for the protection of individually identifiable health information. It applies to health plans, health care clearinghouses, and health care providers who conduct certain electronic transactions. HIPAA gives patients the right to access their medical records, request corrections, and receive an accounting of disclosures.

The HIPAA Security Rule requires covered entities to implement administrative, physical, and technical safeguards for electronic protected health information. Violations can result in civil monetary penalties ranging from $100 to $50,000 per violation, with annual maximums up to $1.5 million per violation category.

Gramm-Leach-Bliley Act (GLBA)

The Gramm-Leach-Bliley Act requires financial institutions to explain their information-sharing practices to customers and to safeguard sensitive data. Financial institutions must provide annual privacy notices describing what personal information they collect, how they use it, and with whom they share it. The FTC's Safeguards Rule requires financial institutions to develop and maintain a comprehensive information security program.

Family Educational Rights and Privacy Act (FERPA)

FERPA protects the privacy of student education records at schools that receive federal funding. It gives parents the right to access their children's education records, request corrections, and control the disclosure of personally identifiable information from those records. When a student turns 18 or enters a postsecondary institution, these rights transfer to the student.

Children's Online Privacy Protection Act (COPPA)

The COPPA Rule requires operators of websites and online services directed to children under 13 to obtain verifiable parental consent before collecting, using, or disclosing personal information from children. It also requires these operators to maintain reasonable security procedures and to post clear privacy policies.

Fair Credit Reporting Act (FCRA)

The FCRA regulates how consumer reporting agencies collect, maintain, and distribute consumer credit information. It gives consumers the right to know what is in their credit file, to dispute inaccurate information, and to have outdated negative information removed. The FCRA also limits who can access consumer credit reports and for what purposes.

FTC Act Section 5

The Federal Trade Commission Act's prohibition on unfair or deceptive acts or practices (Section 5) serves as a general backstop for privacy and data security failures by companies that collect consumer data. The FTC has brought enforcement actions against companies for inadequate security practices, misleading privacy policies, and failure to honor stated data commitments. This authority applies to companies operating in South Carolina.

American Privacy Rights Act (APRA): Not Enacted

The American Privacy Rights Act of 2024 (H.R. 8818) was a bipartisan proposal that would have established a comprehensive federal privacy framework. The bill expired at the end of the 118th Congress in January 2025 without passing. As of May 2026, APRA has not been reintroduced in the 119th Congress. South Carolina businesses and residents should not rely on APRA as a source of current legal rights or obligations.

How South Carolina Compares to Other States

As of May 2026, more than 25 states have enacted comprehensive consumer data privacy laws. South Carolina is not among them. States including California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Texas, Oregon, Delaware, New Hampshire, New Jersey, Nebraska, Kentucky, Minnesota, Maryland, Rhode Island, Montana, and Florida have all enacted comprehensive or broad-scope privacy statutes.

South Carolina's approach differs in several important ways.

No general consumer data rights. South Carolina residents do not have a statutory right to access, delete, or correct personal data held by private businesses. They cannot opt out of data sales or targeted advertising under state law, and no state agency is authorized to enforce such rights.

No data controller obligations. Businesses operating in South Carolina are not required by state law to conduct data protection assessments, maintain data processing records, or provide privacy notices (outside of the insurance and financial sectors).

Breach notification only. The state's primary protection for personal data remains the breach notification statute, which activates only after a security incident has already occurred.

Targeted sectoral laws. South Carolina has enacted strong protections in two specific areas: insurance-sector cybersecurity (the IDSA) and criminal prohibitions on intimate-image misuse. But neither creates general consumer data rights.

Reliance on federal law. For most industries and data types, South Carolina residents depend on federal statutes like HIPAA, GLBA, FERPA, COPPA, and FCRA for privacy protections.

The pending Technology Transparency Act (Bill 3401) would bring South Carolina closer to the comprehensive privacy frameworks adopted by other states, but it has not been enacted as of this writing.

Practical Steps for South Carolina Residents

Even without a comprehensive privacy law, South Carolina residents can take several steps to protect their personal data.

Place a security freeze. Under FIFITPA, you have the right to freeze your credit reports at no cost. This prevents new accounts from being opened in your name without your explicit authorization. Contact each of the three major credit bureaus (Equifax, Experian, and TransUnion) separately to place the freeze.

Monitor breach notifications. The SC Department of Consumer Affairs publishes security breach notices on its website. Check this page regularly to see if organizations that hold your data have reported breaches.

Report intimate-image violations. If your intimate images are shared without consent, you may report the matter to South Carolina law enforcement under Section 16-15-332. You may also submit a removal request to the platform under the TAKE IT DOWN Act's 48-hour removal process.

File complaints. If you believe a business has violated the breach notification law or engaged in unfair data practices, file a complaint with the South Carolina Department of Consumer Affairs.

Exercise federal rights. Request your medical records under HIPAA, review your credit reports under the FCRA, and check your children's school records under FERPA. These federal rights apply regardless of South Carolina state law.

Review privacy policies. Even without a state law requiring data access rights, many businesses voluntarily extend California CCPA or other state privacy rights to all U.S. consumers. Check whether the businesses you interact with offer data access, deletion, or opt-out tools.

Practical Steps for Businesses Operating in South Carolina

Businesses that collect personal data from South Carolina residents should take the following steps to ensure compliance with existing law.

Develop a breach response plan. Prepare procedures for detecting, investigating, and responding to data breaches. Include templates for notification letters that comply with Section 39-1-90. Identify your threshold for the harm-based trigger and document the analysis.

Encrypt personal data. The breach notification requirement does not apply to encrypted data. Implementing encryption for personal identifying information significantly reduces breach notification obligations and liability exposure.

Implement records disposal procedures. FIFITPA requires proper destruction of records containing personal identifying information. Establish shredding, erasing, or other disposal protocols.

Review content moderation policies. If your platform hosts user-generated images or video, the TAKE IT DOWN Act (effective for FTC enforcement as of May 19, 2026) requires a functioning notice-and-removal process for nonconsensual intimate visual depictions. Build the 48-hour removal workflow now if you have not already done so.

Monitor legislative developments. With Bill 3401 (Technology Transparency Act) still pending, businesses should prepare for the possibility of comprehensive privacy requirements in South Carolina.

Comply with federal requirements. Ensure compliance with HIPAA, GLBA, COPPA, and other federal privacy laws that apply to your industry.

Insurance licensees. If your business is licensed by the South Carolina Department of Insurance, ensure full compliance with the Insurance Data Security Act, including maintaining a written information security program, conducting risk assessments, meeting the 72-hour cybersecurity event notification requirement, and understanding the penalty exposure of up to $30,000 per willful violation.

More South Carolina Laws

• South Carolina AI Meeting Recording Laws
• South Carolina Alimony Laws
• South Carolina At-Will Employment Laws
• South Carolina Car Accident Laws
• South Carolina Car Seat Laws
• South Carolina Child Custody Laws
• South Carolina Child Support Laws
• South Carolina Common Law Marriage Laws
• South Carolina Deepfake Laws
• South Carolina Divorce Laws
• South Carolina Dog Bite Laws
• South Carolina Emancipation Laws
• South Carolina Expungement Laws
• South Carolina Hit and Run Laws
• South Carolina Landlord-Tenant Laws
• South Carolina Lemon Laws

This article is for informational purposes only and does not constitute legal advice. Data privacy laws change frequently, and enforcement interpretations evolve over time. Consult a licensed attorney in South Carolina for advice about your specific situation. Last reviewed: May 2026.