What is the Office of Privacy and Data Protection?

The Office of Privacy and Data Protection, housed within the N.C. Department of Information Technology, leads the state's privacy program, providing guidance, training and support to state agencies to accomplish their goals and embed privacy, data protection and transparency into their activities.

The office works in support of the State Chief Information Officer, who is responsible for statewide security and privacy standards, as per N.C.G.S. 143B-1376 – Statewide Security and Privacy Standards.

The office works with state agencies and agency divisions, stakeholders and business partners to prioritize privacy risk assessment and security. It works closely with the state chief risk officer and the chief data officer to ensure privacy and data protection while leveraging data assets to improve North Carolina.

In 2022, the state officially adopted the Fair Information Practice Principles to help state agencies reduce privacy risk, improve individual’s trust in government data handling, and embed a culture of “privacy first” in all continuing and new data collection, storage and use projects. 

The privacy program is tailored to the state of North Carolina. Its policies and processes are designed to enable consistent and effective information privacy practices and assure data protection standards for individual’s personal information. The North Carolina chief privacy officer, Dr. Cherie Givens, manages the statewide privacy and data protection program to support privacy and data protection across state agencies.

Where does the Office and State CIO get their authority for these activities?

Pursuant to N.C.G.S. 143B-1376 – Statewide Security and Privacy Standards, the State Chief Information Officer is responsible for the security and privacy of all state information technology systems and associated data. The state CIO manages all executive branch information technology security and shall establish a statewide standard for information technology security and privacy to maximize the functionality, security and interoperability of the state’s distributed information technology assets, including, but not limited to, data classification and management, communications and encryption technologies.