More and more, lawmakers are showing that they get the magnitude of the security breach at the Department of Revenue.
The Senate last week passed a bill that authorizes up to a decade of credit monitoring and creates a department of information security.
But the bill's complexity and the debate over what the state can do to help the more than 6 million individuals and businesses whose information was stolen -- and for how long -- also shows there is no easy fix for this egregious error.
The bill also authorizes tax deductions of $300 for individual filers or $1,000 for joint filers for those who want to pay for credit protection services beyond what the state offers.
Never miss a local story.
The state is paying Experian $12 million for a year of credit monitoring and lifetime help with fraud resolution. But unfortunately, only 38 percent of those affected by the security breach signed up for the protection by the March 31 deadline.
The Senate also approved creating a victims fund for those who have been financially harmed by the state's security breach. How much money would go into the fund hasn't been determined.
The creditor monitoring, while helpful, is an after-the-fact alert that something might be amiss. Some lawmakers want the state to offer identify theft protection that would include such services as monitoring utility applications and address changes and searching websites known to deal in stolen information.
The victims fund would probably be difficult to tap. How do you prove that this particular breach is the source of your problems? Victims would have to prove an actual financial loss and that it came from the breach of data held by a state agency. They would file their claim with the state treasurer, who would have 90 days to decide if the claim was valid. Victims could appeal an adverse decision to the state's administrative law court.
As for the tax credits, as we've said before, that's fine if you pay income taxes in South Carolina. But what if you have already moved away or will move away in the future? Anyone who filed an online tax return since 1998 was affected.
The bill also creates an identity-theft unit at the S.C. Department of Consumer Affairs and two committees to recommend statewide technology and cyber-security policies.
The state needs to become the example of what to do to avoid a security breach. It already is an example of what not to do.