Christine Scarpelli reports:
…. A 7 On Your Side investigation found that South Carolina has no specific requirements for when a business has to warn you of a data breach. Companies can wait weeks, or even months, before telling customers their personal and financial information is in the hands of thieves.
7 On Your Side learned that some companies have waited months before reporting the breach to state officials.When financial information is stolen, every passing second is a missed chance to closely monitor bank accounts or place a hold on a credit card.
Read more on WSPA.
You can read South Carolina’s relevant laws here and here. Note that it is not uncommon for states to leave the notification deadline unspecified. Only about half a dozen states currently specify when notification has to be made by. Most states talk about “without unreasonable delay” or in “most expedient time possible,” but allow for delays due to law enforcement investigation or need to secure the system or investigate the scope of a breach.