South Carolina Legislature


1976 South Carolina Code of Laws
Unannotated
Updated through the end of the 2014 Session

DISCLAIMER

The South Carolina Legislative Council is offering access to the unannotated South Carolina Code of Laws on the Internet as a service to the public. The unannotated South Carolina Code on the General Assembly's website is now current through the 2014 session. The unannotated South Carolina Code, consisting only of Code text, numbering, and history, may be copied from this website at the reader's expense and effort without need for permission.

The Legislative Council is unable to assist users of this service with legal questions. Also, legislative staff cannot respond to requests for legal advice or the application of the law to specific facts. Therefore, to understand and protect your legal rights, you should consult your own private lawyer regarding all legal questions.

While every effort was made to ensure the accuracy and completeness of the unannotated South Carolina Code available on the South Carolina General Assembly's website, the unannotated South Carolina Code is not official, and the state agencies preparing this website and the General Assembly are not responsible for any errors or omissions which may occur in these files. Only the current published volumes of the South Carolina Code of Laws Annotated and any pertinent acts and joint resolutions contain the official version.

Please note that the Legislative Council is not able to respond to individual inquiries regarding research or the features, format, or use of this website. However, you may notify the Legislative Services Agency at [email protected] regarding any apparent errors or omissions in content of Code sections on this website, in which case LSA will relay the information to appropriate staff members of the South Carolina Legislative Council for investigation.


Title 30 - Public Records

CHAPTER 2

Family and Personal Identifying Information Privacy Protection

ARTICLE 1

The Family Privacy Protection Act

SECTION 30-2-10. Short title.

This chapter shall be designated as the "Family Privacy Protection Act of 2002".

HISTORY: 2002 Act No. 225, Section 1.

SECTION 30-2-20. Privacy policies and procedures required of all state entities.

All state agencies, boards, commissions, institutions, departments, and other state entities, by whatever name known, must develop privacy policies and procedures to ensure that the collection of personal information pertaining to citizens of the State is limited to such personal information required by any such agency, board, commission, institution, department, or other state entity and necessary to fulfill a legitimate public purpose.

HISTORY: 2002 Act No. 225, Section 1.

SECTION 30-2-30. Definitions.

For purposes of this act, the following terms have the following meanings:

(1) "Personal information" means information that identifies or describes an individual including, but not limited to, an individual's photograph or digitized image, social security number, date of birth, driver's identification number, name, home address, home telephone number, medical or disability information, education level, financial status, bank account numbers, account or identification number issued by or used, or both, by any federal or state governmental agency or private financial institution, employment history, height, weight, race, other physical details, signature, biometric identifiers, and any credit records or reports.

"Personal information" does not mean information about boating accidents, vehicular accidents, driving violations, boating violations, or driver status, or names and addresses from any registration documents filed with the Department of Revenue as a business address which also may be a personal address.

(2) "Legitimate public purpose" means a purpose or use which falls clearly within the statutory charge or mandates of an agency, board, commission, institution, department, or other state entity.

(3) "Commercial solicitation" means contact by telephone, mail, or electronic mail for the purpose of selling or marketing a consumer product or service. "Commercial solicitation" does not include contact by whatever means for the purpose of:

(a) offering membership in a credit union;

(b) notification of continuing education opportunities;

(c) selling or marketing banking, insurance, securities, or commodities services provided by an institution or entity defined in or required to comply with the Federal Gramm-Leach-Bliley Financial Modernization Act, 113 Stat. 1338; or

(d) contacting persons for political purposes using information on file with state or local voter registration offices.

(4) "Medical information" includes, but is not limited to, blood samples and test results obtained and kept by the Department of Health and Environmental Control pursuant to Section 44-37-30.

HISTORY: 2002 Act No. 225, Section 1; 2003 Act No. 20, Section 1; 2003 Act No. 69, Section 3.II.

SECTION 30-2-40. Display of privacy policy on web site; access to personal information disclosure; criminal justice and judicial agency exception.

(A) Any state agency, board, commission, institution, department, or other state entity which hosts, supports, or provides a link to page or site accessible through the world wide web must clearly display its privacy policy and the name and telephone number of the agency, board, commission, institution, department, or other state entity person responsible for administration of the policy.

(B) Where personal information is authorized to be collected by an entity covered by this section, the entity must at the time of collection advise the citizen to whom the information pertains that the information is subject to public scrutiny or release.

(C) Subsection (B) does not apply to criminal justice or judicial agencies, or both.

HISTORY: 2002 Act No. 225, Section 1.

SECTION 30-2-50. Obtaining personal information from state agency for commercial solicitation; penalty.

(A) A person or private entity shall not knowingly obtain or use any personal information obtained from a state agency for commercial solicitation directed to any person in this State.

(B) Each state agency shall provide a notice to all requestors of records pursuant to this chapter and to all persons who obtain records pursuant to this chapter that obtaining or using public records for commercial solicitation directed to any person in this State is prohibited.

(C) All state agencies shall take reasonable measures to ensure that no person or private entity obtains or distributes personal information obtained from a public record for commercial solicitation.

(D) A person knowingly violating the provisions of subsection (A) is guilty of a misdemeanor and, upon conviction, must be fined an amount not to exceed five hundred dollars or imprisoned for a term not to exceed one year, or both.

(E) This chapter does not apply to a local governmental entity of a subdivision of this state or local government.

HISTORY: 2002 Act No. 225, Section 1; 2003 Act No. 20, Section 2.

ARTICLE 3

Personal Identifying Information Privacy Protection

SECTION 30-2-300. Findings of General Assembly.

The General Assembly finds:

(1) The social security number can be used as a tool to perpetuate fraud against an individual and to acquire sensitive personal, financial, medical, and familial information, the release of which could cause great financial or personal harm to the individual. While the social security number was intended to be used solely for the administration of the federal Social Security System, over time this unique numeric identifier has been used extensively for identity verification purposes and other legitimate consensual purposes.

(2) Although there are legitimate reasons for state and local government entities to collect social security numbers and other personal identifying information from individuals, government entities should collect the information only for legitimate purposes or when required by law. An entity that provides employee benefits has a legitimate need to collect and use social security numbers and personal identifying information as part of its administration and provision of employee benefits programs.

(3) When state and local government entities possess social security numbers or other personal identifying information, the governments should minimize the instances this information is disseminated either internally within government or externally with the general public.

HISTORY: 2008 Act No. 190, Section 3.B, eff December 31, 2008.

SECTION 30-2-310. Collection of and maintenance and disposition of records containing social security numbers by public agencies.

(A)(1) Except as provided in Sections 30-2-320 and 30-2-330 of this article, a public body, as defined in Section 30-1-10(B), may not:

(a) collect a social security number or any portion of it containing six digits or more from an individual unless authorized by law to do so or unless the collection of the social security number is otherwise imperative for the performance of that body's duties and responsibilities as prescribed by law. Social security numbers collected by a public body must be relevant to the purpose for which collected and must not be collected until and unless the need for social security numbers has been clearly documented;

(b) fail, when collecting a social security number or portion of it containing six digits or more from an individual, to segregate that number on a separate page from the rest of the record, or as otherwise appropriate, so that the social security number may be easily redacted pursuant to a public records request;

(c) fail, when collecting a social security number or any portion of it containing six digits or more from an individual, to provide, at the time of or before the actual collection of the social security number by that public body, upon request of the individual, a statement of the purpose or purposes for which the social security number is being collected and used;

(d) use the social security number or a portion of it containing six digits or more for any purpose other than the purpose stated;

(e) intentionally communicate or otherwise make available to the general public an individual's social security number or a portion of it containing six digits or more or other personal identifying information. "Personal identifying information", as used in this section, has the same meaning as "personal identifying information" in Section 16-13-510, except that it does not include electronic identification names, including electronic mail addresses, or parent's legal surname before marriage;

(f) intentionally print or imbed an individual's social security number or a portion of it containing six digits or more on any card required for the individual to access government services;

(g) require an individual to transmit the individual's social security number or a portion of it containing six digits or more over the Internet, unless the connection is secure or the social security number is encrypted;

(h) require an individual to use the individual's social security number or a portion of it containing six digits or more to access an Internet web site, unless a password or unique personal identification number or other authentication device is also required to access the Internet web site; or

(i) print an individual's social security number or a portion of it containing six digits or more on materials that are mailed to the individual, unless state or federal law requires the social security number be on the mailed document.

(2) An entity that collects and uses social security numbers or other personal identifying information as part of the maintenance and reporting of employment records or the administration or provision of employee benefits programs is exempt from the prohibitions in this subsection.

(B) Before a public body, as defined in Section 30-1-10(B), may transfer or dispose of information technology hardware or storage media owned or leased by it, all personal and confidential information must be removed and the hardware and storage media must be sanitized in accordance with standards and policies adopted by the State Budget and Control Board, Division of the State Chief Information Officer. The director or appropriate information technology manager of the public body owning or leasing the information technology hardware or storage media shall verify that all personal and confidential information is removed and the information technology hardware and storage media are sanitized in accordance with those standards and policies before the transfer or disposal occurs.

(C) When a public body disposes of a record that contains personal identifying information of an individual, the body shall modify, by shredding, erasing, or other means, the personal identifying information to make it unreadable or undecipherable.

(D) A public body is considered to comply with subsection (C) if it contracts with a person engaged in the business of disposing of records for the modification of personal identifying information on behalf of the body in accordance with subsection (C).

HISTORY: 2008 Act No. 190, Section 3.B, eff December 31, 2008.

SECTION 30-2-320. Disclosure of social security numbers and identifying information.

Social security numbers and identifying information may be disclosed:

(1) to another governmental entity or its agents, employees, or contractors, if disclosure is necessary for the receiving entity to perform its duties and responsibilities, including a debt collected pursuant to the Setoff Debt Collection Act, Section 12-56-10, and the Governmental Enterprise Accounts Receivable Collections program, Section 12-4-580. The receiving governmental entity and its agents, employees, and contractors shall maintain the confidential and exempt status of those numbers;

(2) pursuant to a court order, warrant, or subpoena;

(3) for public health purposes;

(4) on certified copies of vital records issued by the director of the Department of Health and Environmental Control as the state registrar, pursuant to Section 44-63-30 and authorized officials pursuant to Section 44-63-40. The state registrar may disclose personal identifying information other than social security number on an uncertified vital record;

(5) on a recorded document in the official records of the county;

(6) on a document filed in the official records of the courts; and

(7) to an employer for employment verification or in the course of administration or provision of employee benefit programs, claims, and procedures related to employment including, but not limited to, termination from employment, retirement from employment, injuries suffered during the course of employment, and other such claims, benefits, and procedures.

HISTORY: 2008 Act No. 190, Section 3.B, eff December 31, 2008.

SECTION 30-2-330. Removal of social security numbers and other identifying information from official records filed by register of deeds or clerk of court or county.

(A) A person preparing or filing a document to be recorded or filed in the official records by the register of deeds or the clerk of court of a county may not include an individual's social security, driver's license, state identification, passport, checking account, savings account, credit card, or debit card number, or personal identification (PIN) code, or passwords in that document, unless otherwise expressly required by law or court order or rule adopted by the state registrar on records of vital events. A loan closing instruction that requires the inclusion of an individual's social security number on a document to be recorded is void. A person who violates this subsection is guilty of a misdemeanor, punishable by a fine not to exceed five hundred dollars for each violation.

(B) Notwithstanding Section 30-1-30, or another provision of law, an individual or his attorney-in-fact or legal guardian may request that a register of deeds or clerk of court remove, from an image or copy of an official record placed on a publicly available Internet web site or a publicly available Internet web site used by a register of deeds or court to display public records by the register of deeds or clerk of court, the individual's social security, driver's license, state identification, passport, checking account, savings account, credit card, or debit card number, or personal identification (PIN) code, or passwords contained in that official record. The request must be made in writing, legibly signed by the requester, and delivered by mail, facsimile, or electronic transmission, or delivered in person to the register of deeds or clerk of court. The request must specify the identification page number that contains the social security, driver's license, state identification, passport, checking account, savings account, credit card, or debit card number, or personal identification (PIN) code, or passwords to be redacted. The register of deeds or clerk of court has no duty to inquire beyond the written request to verify the identity of an individual requesting redaction. A fee must not be charged for the redaction pursuant to the request.

(C) A register of deeds or clerk of court immediately and conspicuously shall post signs throughout his offices for public viewing and a notice on any Internet web site or remote electronic site made available by the register of deeds or clerk of court and used for the ordering or display of official records or images or copies of official records a notice, stating, in substantially similar form, the following:

"A person preparing or filing a document for recordation or filing in the official records may not include a social security, driver's license, state identification, passport, checking account, savings account, credit card, or debit card number, or personal identification (PIN) code, or passwords in the document, unless expressly required by law. An individual has a right to request a register of deeds or clerk of court to remove, from an image or copy of an official record placed on a publicly available Internet web site or on a publicly available Internet web site used by a register of deeds or clerk of court to display public records, any social security, driver's license, state identification, passport, checking account, savings account, credit card, or debit card number, or personal identification (PIN) code, or passwords contained in an official record. The request must be made in writing and delivered by mail, facsimile, or electronic transmission or in person, to the register of deeds or clerk of court. The request must specify the identification page number that contains the social security, driver's license, state identification, passport, checking account, savings account, credit card, debit card number, or personal identification (PIN) code, or passwords to be redacted. There is no fee for the redaction pursuant to request."

HISTORY: 2008 Act No. 190, Section 3.B, eff December 31, 2008.

SECTION 30-2-340. Petition for compliance; liability of register of deeds or clerk of court.

Any affected individual may petition the court for an order directing compliance with this section. Liability may not accrue to a register of deeds or clerk of court or to his agents for claims or damages that arise from a social security number or other identifying information on the public record.

HISTORY: 2008 Act No. 190, Section 3.B, eff December 31, 2008.




Legislative Services Agency
h t t p : / / w w w . s c s t a t e h o u s e . g o v