(A) When a business disposes of a business record that contains personal identifying information of a customer of a business, the business shall modify, by shredding, erasing, or other means, the personal identifying information to make it unreadable or undecipherable.
(B) A business is considered to comply with subsection (A) if it contracts with a person engaged in the business of disposing of records for the modification of personal identifying information on behalf of the business in accordance with subsection (A).
(C) This section does not apply to:
(1) a bank or financial institution that is subject to and in compliance with the privacy and security provision of the Gramm-Leach-Bliley Act;
(2) a health insurer that is subject to and in compliance with the standards for privacy of individually identifiable health information and the security standards for the protection of electronic health information of the Health Insurance Portability and Accountability Act of 1996; or
(3) a consumer credit-reporting agency that is subject to and in compliance with the federal Fair Credit Reporting Act.
HISTORY: 2008 Act No. 190, Section 2, eff December 31, 2008.
Structure South Carolina Code of Laws
Title 37 - Consumer Protection Code
Chapter 20 - Consumer Identity Theft Protection
Section 37-20-110. Definitions.
Section 37-20-120. Verification of addresses.
Section 37-20-130. Initiating law enforcement investigation of identity theft.
Section 37-20-161. Security freezes by consumer reporting agencies for protected consumers.
Section 37-20-180. Restrictions on publication and use of social security numbers; exceptions.
Section 37-20-190. Requirements for disposition of business records; exceptions.
Section 37-20-200. Penalties imposed on consumer credit-reporting agencies for violation of chapter.