South Carolina

South Carolina has recently enacted new state privacy laws effective July 1, 2025, which introduce significant consumer privacy protections, including opt-out rights and deletion rights, similar to those in California and Virginia. This marks a shift from the state’s previous lack of comprehensive data privacy legislation. While House Bill 3401 was introduced in January 2025 to create extensive privacy rights for residents, the status of this bill is unclear. However, other privacy-related bills, such as the Child Data Privacy and Protection Act, have been enacted or are pending. Understanding the current legal landscape and ongoing legislative developments is crucial for residents seeking to protect their personal information in an increasingly digital world.

Privacy Law Status and Legislative Developments

South Carolina’s approach to data privacy has evolved significantly in recent years, with lawmakers recognizing the growing need for comprehensive consumer protection measures. The state’s current legal framework primarily relies on common law privacy torts and federal regulations, though recent legislative activity suggests a shift toward more robust state-level protections. Understanding the current status requires examining both existing protections and recent legislative efforts that have shaped the privacy landscape.

Comprehensive Privacy Law

As of July 1, 2025, South Carolina has enacted comprehensive data privacy laws that grant consumers rights similar to those in states like California and Virginia[1]. These new laws provide residents with rights to opt out of targeted advertising, delete personal data, and demand transparency, marking a significant development in the state’s privacy landscape.

The state recognizes all four common law torts of invasion of privacy, which provides some legal recourse for privacy violations, but these protections are significantly narrower than comprehensive privacy statutes[2]. Additionally, South Carolina has data breach notification requirements that mandate businesses notify consumers when their personal information has been compromised, though these laws focus on post-breach notification rather than proactive privacy protections.

Legislative Activity

House Bill 3401, introduced on January 14, 2025, represented South Carolina’s most significant attempt to establish comprehensive data privacy protections[3][4]. The legislation, officially titled the “Technology Transparency Act,” would have added Chapter 31 to Title 37 of the South Carolina Code of Laws, creating extensive consumer rights and business obligations similar to privacy laws in other states. The bill proposed rights including data access, correction, deletion, portability, and opt-out privileges, along with requirements for privacy notices and data protection assessments.

The status of House Bill 3401 is unclear, but other privacy-related bills, such as the Child Data Privacy and Protection Act, have been introduced and enacted[5]. Consumer advocacy groups, including Consumer Reports, opposed the legislation due to its high applicability threshold of $1 billion in annual revenue and other limitations that would have significantly restricted its scope[6][7].

Implementation Timeline

Had House Bill 3401 passed, it would have taken effect immediately upon the Governor’s approval[4]. The proposed law included a 45-day cure period that the South Carolina Attorney General could have provided to businesses before initiating enforcement actions, though this cure period was not mandatory. The legislation also included provisions for data protection assessments that would have been required for high-risk processing activities created after July 1, 2025.

Currently, there is no active timeline for comprehensive privacy legislation in South Carolina. With the enactment of new privacy laws effective July 1, 2025, residents now have enhanced privacy protections, though further legislative developments may continue to shape the privacy landscape[1].

Sector-Specific Privacy Protections

While South Carolina has recently enacted comprehensive privacy legislation, the state has also enacted targeted privacy measures addressing specific concerns and vulnerable populations. Recent legislative activity demonstrates lawmakers’ recognition of privacy as an important issue. These sector-specific laws provide insight into South Carolina’s evolving approach to privacy protection and may serve as building blocks for future comprehensive legislation.

The state recently passed significant privacy protections in specific areas, including the Unauthorized Disclosure of Intimate Images Act, which Governor Henry McMaster signed into law on May 12, 2025[8]. This legislation creates felony penalties for sharing intimate images without consent, addressing both traditional “revenge porn” and AI-generated deepfake imagery. The law recognizes the severe privacy violations and potential harm caused by non-consensual image sharing, establishing penalties of up to five years in prison and $5,000 in fines for first offenses, with enhanced penalties for repeat violations.

Additionally, South Carolina has enacted privacy protections for law enforcement officers and judges through House Bill 3736, which restricts the disclosure of personal contact information in public records[9]. This legislation allows current and former law enforcement officers and judges to request that their personal information be restricted from publicly available government websites, while maintaining the information within official records for legitimate governmental purposes. These targeted protections reflect growing awareness of privacy risks faced by public servants, though they represent narrow exceptions rather than broad consumer protections.

The state has also addressed privacy concerns in specific commercial contexts, such as the Second Amendment Financial Privacy Act (House Bill 3930), which passed the House and prohibits the use of firearm-specific merchant category codes that could track gun purchases[10]. This legislation demonstrates South Carolina’s willingness to enact privacy protections in specific sectors, even as comprehensive consumer privacy legislation remains elusive.

Consumer Rights Under Current Law

South Carolina residents now have enhanced privacy rights under the new state privacy laws effective July 1, 2025. These laws provide rights to opt out of targeted advertising, delete personal data, and demand transparency, aligning more closely with privacy protections in states like California and Virginia[1]. Understanding these new rights is crucial for consumers seeking to protect their personal information.

Under existing law, South Carolina consumers have very limited statutory rights regarding their personal data held by private companies. Federal laws like the Fair Credit Reporting Act (FCRA), Health Insurance Portability and Accountability Act (HIPAA), and Gramm-Leach-Bliley Act (GLBA) provide protections in specific sectors such as credit reporting, healthcare, and financial services. However, these federal protections do not extend to the vast majority of data processing activities conducted by technology companies, retailers, and other businesses operating in the digital economy.

The state’s recognition of common law privacy torts provides some legal recourse for egregious privacy violations, including intrusion upon seclusion, public disclosure of private facts, false light invasion of privacy, and appropriation of name or likeness[2]. These common law protections require individualized legal action and typically apply only to the most serious privacy violations, making them impractical for addressing routine data collection and processing practices that concern most consumers.

South Carolina’s data breach notification law requires businesses to notify consumers when their personal information has been compromised in a security breach, providing some transparency about data security incidents. However, this law is reactive rather than proactive, offering notification after harm has potentially occurred rather than preventing privacy violations or providing ongoing control over personal information.

Business Compliance Requirements

With the new privacy laws effective July 1, 2025, companies operating in South Carolina face increased regulatory requirements regarding data privacy. Businesses must now provide opt-out mechanisms, honor deletion requests, and ensure transparency in data processing activities[1]. These obligations align South Carolina more closely with states that have comprehensive privacy laws.

Federal compliance requirements continue to apply to South Carolina businesses in regulated sectors. Financial institutions must comply with GLBA privacy and safeguards rules, healthcare entities must follow HIPAA privacy and security requirements, and companies dealing with credit information must adhere to FCRA provisions. These federal laws establish baseline privacy and security standards for their respective sectors but do not create comprehensive obligations for businesses operating outside these specific areas.

Data breach notification requirements under South Carolina law mandate that businesses notify affected individuals when personal information has been compromised. Companies must provide notice “without unreasonable delay” after discovering a breach, though the law provides some flexibility in timing to accommodate law enforcement needs and the preparation of appropriate notifications. The notification must include information about the types of data involved and steps consumers can take to protect themselves.

Had House Bill 3401 become law, South Carolina businesses would have faced significantly more extensive compliance requirements. The proposed legislation would have required businesses with over $1 billion in annual revenue to provide privacy notices, honor consumer requests for data access and deletion, conduct data protection assessments for high-risk processing activities, and implement systems for managing opt-out requests[4][6]. The failure of this legislation means these requirements do not currently apply, though businesses operating in other states may already have many of these systems in place.

Enforcement and Regulatory Oversight

South Carolina’s current approach to privacy enforcement reflects the limited scope of existing privacy protections, with enforcement authority distributed among various agencies depending on the specific type of privacy violation. The South Carolina Attorney General’s office handles consumer protection matters and unfair trade practices, while federal agencies maintain primary jurisdiction over sector-specific privacy violations. Understanding the enforcement landscape is important for consumers seeking redress and businesses assessing compliance risks.

The South Carolina Attorney General has exclusive authority to enforce the state’s data breach notification law and investigate consumer protection violations that may involve privacy concerns[4]. Attorney General Alan Wilson has demonstrated active engagement in privacy-related issues, including recent efforts to support federal legislation addressing mortgage data privacy concerns[11]. The Attorney General’s office can pursue civil penalties and injunctive relief for violations of consumer protection laws, though the absence of comprehensive privacy legislation limits the scope of available enforcement actions.

The South Carolina Department of Consumer Affairs serves as the state’s primary consumer protection agency, providing mediation services for consumer complaints and addressing issues including identity theft and business practices that may implicate privacy concerns[12][13]. Consumers can file complaints through the department’s website or by calling (803) 734-4200 or (800) 922-1594. While the department cannot enforce privacy laws that don’t exist, it can investigate unfair or deceptive practices related to privacy representations and work with consumers to resolve disputes.

Federal agencies maintain primary enforcement authority for privacy violations in regulated sectors. The Federal Trade Commission (FTC) can investigate unfair or deceptive privacy practices, the Department of Health and Human Services enforces HIPAA violations, and financial regulators oversee GLBA compliance. These federal enforcement mechanisms provide some protection for South Carolina consumers, though they operate within the constraints of federal law rather than providing comprehensive state-level protections.

Your Rights as a South Carolina Resident

South Carolina residents now have enhanced statutory privacy rights due to the enactment of comprehensive state privacy legislation effective July 1, 2025. These new laws provide rights to opt out of targeted advertising, delete personal data, and demand transparency, aligning more closely with privacy protections in states like California and Virginia[1].

Right to know what data is collected: Currently limited to specific sectors like healthcare (HIPAA) and financial services (GLBA). Most businesses have no obligation to disclose data collection practices beyond general privacy policy requirements.
Right to delete personal information: South Carolina’s new privacy laws provide a general right to deletion, aligning with recent legislative developments[1].
Right to opt out of data sales: The new state privacy laws grant consumers the right to opt out of data sales or sharing[1].
Right to correct inaccurate data: Limited correction rights exist under federal laws like FCRA for credit information, but no general right to correct personal information held by businesses.
Right to non-discrimination: No specific privacy-related non-discrimination protections exist, though general consumer protection laws may provide some recourse for retaliatory business practices.

These enhancements mean that South Carolina residents now have more privacy rights than before, although they still lag behind states like California, Virginia, or Connecticut, where comprehensive privacy laws provide extensive consumer protections and business obligations.

Business Requirements

Companies operating in South Carolina now face increased state-level privacy compliance requirements due to the new privacy laws effective July 1, 2025. These laws require businesses to provide opt-out mechanisms, honor deletion requests, and ensure transparency in data processing activities[1].

Which companies must comply: Currently, only businesses in federally regulated sectors (healthcare, financial services, credit reporting) face comprehensive privacy obligations. General businesses have minimal state privacy requirements beyond breach notification.
Notice and transparency requirements: Limited to data breach notification requirements and general consumer protection law obligations regarding truthful advertising and disclosure of material terms.
Consumer request response procedures: The new privacy laws require businesses to respond to consumer privacy requests, including opt-out and deletion requests[1].
Security and breach notification rules: Businesses must notify consumers of data breaches involving personal information “without unreasonable delay” and may need to notify law enforcement or regulatory agencies depending on the circumstances.

Practical Impact

How these laws protect residents in daily life: The new privacy laws provide South Carolina residents with more control over how businesses collect, use, or share their personal information, reducing vulnerability to privacy violations in online shopping, social media, and digital services[1].
What to do if rights are violated: File complaints with the South Carolina Department of Consumer Affairs at (803) 734-4200, contact the Attorney General’s office for potential unfair trade practices, or pursue common law privacy tort claims through private litigation for serious violations.
Limitations and gaps in protection: Major gaps exist in regulating data brokers, social media platforms, online retailers, and most technology companies. Consumers have little control over targeted advertising, data sales, or algorithmic decision-making that affects them.

Comparison Context

How South Carolina compares to leading privacy states: South Carolina has made significant strides with the new privacy laws, but it still lags behind states like California (CCPA/CPRA), Virginia (VCDPA), Connecticut (CTDPA), and others that provide comprehensive consumer privacy rights and business obligations.
What residents might be missing compared to other states: Rights to access personal data, delete information, opt out of sales and targeted advertising, correct inaccuracies, and receive transparent privacy notices. Enhanced protections for sensitive data and children’s information are also absent.

Action Steps for Residents

Immediate steps to protect privacy: Review privacy settings on social media and online accounts, use privacy-focused browsers and search engines, limit data sharing with apps and websites, and regularly monitor credit reports and financial accounts for unauthorized activity.
How to exercise legal rights (if available): Contact businesses directly to request privacy information or opt-outs when available, file complaints with the Department of Consumer Affairs for deceptive practices, and consider consulting privacy attorneys for serious violations that may support common law tort claims.
Resources for staying informed: Monitor the South Carolina Legislature website for future privacy legislation, follow Attorney General privacy initiatives, and subscribe to privacy advocacy organizations for updates on consumer protection developments.

Official Resources and Contact Information

South Carolina Legislature

Contact your state legislators to advocate for comprehensive privacy legislation. The South Carolina General Assembly website provides contact information for all representatives and senators.

South Carolina State House: https://www.scstatehouse.gov

Legislative Contact Information: https://www.scstatehouse.gov/contact.php

Find Your Representatives: https://www.scstatehouse.gov/member.php

State Consumer Protection Agencies

South Carolina Department of Consumer Affairs
File complaints about business practices, identity theft, and consumer protection issues.

Phone: (803) 734-4200 or (800) 922-1594 (toll-free in SC)

Website: Contact through the state consumer protection portal

Mailing Address: P.O. Box 5757, Columbia, SC 29250-5757

South Carolina Attorney General

Attorney General Alan Wilson handles consumer protection enforcement and privacy-related legal matters.

Phone: (803) 734-3970

Website: https://www.scag.gov

Contact Form: https://www.scag.gov/about-the-office/contact-us/

Mailing Address: P.O. Box 11549, Columbia, SC 29211

Legislative Advocacy

To advocate for privacy legislation, contact key legislative committees that handle consumer protection and privacy issues. The House and Senate Judiciary Committees typically handle privacy-related legislation.

General Assembly Information: (803) 734-2100

Legislative Services: Contact through the main legislative website for information about committee hearings and public comment opportunities

Federal Resources

Since state privacy protections are limited, federal agencies provide important consumer protection resources.

Federal Trade Commission: File complaints about privacy violations and unfair business practices at consumer.ftc.gov

Consumer Financial Protection Bureau: For financial privacy concerns at consumerfinance.gov

Sources and Citations

[1] www.tedlaw.com/new-laws-in-effect-south-carolina-2025

[2] www.dataguidance.com/jurisdictions/south-carolina

[3] legiscan.com/SC/bill/H3401/2025

[4] www.wilmerhale.com/en/insights/blogs/wilmerhale-privacy-and-cybersecurity-law/20250128-state-comprehensive-privacy-law-update

[5] www.scstatehouse.gov/sess126_2025-2026/bills/3400.htm

[6] advocacy.consumerreports.org/research/consumer-reports-opposes-south-carolina-h-3401-consumer-privacy-legislation

[7] advocacy.consumerreports.org/wp-content/uploads/2025/01/South-Carolina-H.-3401-Consumer-Privacy-Legislation%E2%80%94-OPPOSE-%E2%80%94-Consumer-Reports.pdf

[8] governor.sc.gov/news/2025-05/gov-henry-mcmaster-signs-unauthorized-disclosure-intimate-images-bill-law

[9] www.scstatehouse.gov/sess126_2025-2026/bills/3736.htm

[10] www.nraila.org/articles/20250411/south-carolina-second-amendment-financial-privacy-bill-passes-house

[11] www.scag.gov/about-the-office/news/attorney-general-alan-wilson-urges-congress-to-pass-bipartisan-bill-to-stop-abusive-mortgage-data-practices

[12] www.consumeraffairs.com/resources/sc

[13] www.scag.gov/about-the-office/contact-us

Last Updated August 2025. Written with contributions from both human authors and Perplexity AI. If you find incorrect or outdated information let us know at support@optery.com.