State and federal privacy laws govern the use of personally identifiable information. These laws are supplemented by policy and guidance. The Office of Privacy & Data Protection is responsible for establishing a statewide standard for information technology privacy and for reviewing existing privacy standards and practices to determine whether they meet statewide privacy requirements.

Statewide standards and practices incorporate state and federal privacy law, IT guidance and requirements, and records retention and management requirements. The following laws and guidance inform North Carolina state privacy standards. 

Please note that the list below is not exhaustive and will continue to be updated.

Tab/Accordion Items

National Institute of Standards and Technology (NIST) Publications

Privacy by Design

Controlled Unclassified Information

Office of Management & Budget Publications

Data Retention Requirements & Schedules

Other Guidance