(A) When a business disposes of a business record that contains personal identifying information of a customer of a business, the business shall modify, by shredding, erasing, or other means, the personal identifying information to make it unreadable or undecipherable. (B) A business is considered to comply with subsection (A) if it contracts with a person engaged in the business of disposing of records for the modification of personal identifying information on behalf of the business in accordance with subsection (A). (C) This section does not apply to: (1) a bank or financial institution that is subject to and in compliance with the privacy and security provision of the Gramm-Leach-Bliley Act; (2) a health insurer that is subject to and in compliance with the standards for privacy of individually identifiable health information and the security standards for the protection of electronic health information of the Health Insurance Portability and Accountability Act of 1996; or (3) a consumer credit-reporting agency that is subject to and in compliance with the federal Fair Credit Reporting Act.
‹ Prev All South Carolina sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.