Skip to main content
NCDIT logo NCDIT

Topical Navigation

  • Home
  • Services
  • Programs
    Programs
    • Broadband & Digital Equity
    • CJLEADS
    • Privacy & Data Protection
    • IT Volume Purchasing
    • FirstTech
    • N.C. 911 Board
    • N.C. Health Information Exchange Authority
    • NC360
    • Project Portfolio Management
    • Optimization
  • Resources
    Resources
    • Cybersecurity & Risk Management
    • Statewide IT Strategic Plan
    • Statewide IT Procurement
    • State IT Policies
    • IT Application Portfolio Management
    • Standards
    • Resources Guide
    • Knowledge College
    • Documents
    • Reports
  • About
    About
    • Commitment to Customers
    • Leadership
    • Boards & Commissions
    • Climate Change & Clean Energy
    • NCDIT Strategic Plan
    • Work for NCDIT
    • Annual Report
    • Rules Review
  • News & Events
    News & Events
    • Meetings & Events
    • Press Releases
    • Public Access & Participation Plan
  • Support
    Support
    • NCID
    • Training & User Resources
    • Submit a Service Desk Ticket
    • Report a Cybersecurity Incident
    • Services Status
  • Contact
    Contact
    • Media Inquiries
    • Public Records Requests
    • Speaker Requests
  • PASSWORD HELP
  • SERVICE PORTAL
  • CAREERS
  • NC.GOV
NCDIT »   Programs »   Privacy & Data Protection »   Privacy Laws & Guidance

Privacy Laws & Guidance

State and federal privacy laws govern the use of personally identifiable information (PII). These laws are supplemented by policy and guidance. The Office of Privacy & Data Protection is responsible for establishing a statewide standard for information technology privacy and for reviewing existing privacy standards and practices to determine whether they meet statewide privacy requirements.

Statewide standards and practices incorporate state and federal privacy law, IT guidance and requirements, and records retention and management requirements. The following laws and guidance inform North Carolina state privacy standards. 

State Law

  • N.C. General Statutes - Chapter 143B Article 15: Department of Information Technology
  • N.C. General Statutes - Chapter 75 Article 2A: Identity Theft Protection Act
    • N.C. General Statutes - Chapter 14, Article 19C, Identity Theft, 14- 113.20, Identifying Information
  • N.C. General Statutes - Chapter 132: Public Records
  • N.C. General Statutes - Chapter 115C Article 21A: Privacy of Employee Personnel Records
  • N.C. General Statutes - Chapter 115C-401.2: Student online privacy protection
  • N.C. General Statutes - Chapter 115C-402: Student records; maintenance; contents; confidentiality
  • N.C. General Statutes - Chapter 58 Article 39: Consumer and Customer Information Privacy (Part 1. Insurance Information and Privacy Protection)

Federal Law

  • The Privacy Act of 1974, as amended, 5 U.S.C. 552a (Social Security Numbers) 
  • HIPAA Basics for Providers: Privacy, Security & Breach Notification Rules, U.S. Centers for Medicare & Medicaid Services, Guidance, May 2021
  • Family Educational Rights and Privacy Act (FERPA)

Policy & Memoranda

  • NCDIT, State Adoption of Fair Information Practice Principles (FIPPs)
  • NCDIT, State Adoption of NIST Risk Management Framework (Adoption of NIST SP 800-37 Rev. 2 and NIST SP 800-53 Rev. 5)
  • NCDIT, Statewide Data Classification and Handling Policy

Guidance

National Institute of Standards and Technology (NIST) Publications

  • NIST SP 800-37, Rev. 2 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy 
  • NIST SP 800-53, Rev. 5, Security and Privacy Controls for Information Systems and Organizations
  • NIST SP 800-88, Rev.1, Guidelines for Media Sanitization
  • NIST Privacy Framework

Privacy by Design

  • Ann Cavoukian, Privacy by Design: The 7 Foundational Principles, Implementation and Mapping of Fair Information Practices

Controlled Unclassified Information

  • National  Archives, Controlled Unclassified Information (CUI)

    This list is not exhaustive and will continue to be updated.

    Privacy & Data Protection

    • About the Office of Privacy & Data Protection
    • Fair Information Practice Principles
    • Privacy Laws & Guidance
    • Privacy Resources for Businesses
    • Privacy Tips for Everyone

    Share this page:

    • Facebook
    • Twitter
    • Email

    How can we make this page better for you?

    Back to top

    Contact

    N.C. Department of Information Technology

    P.O. Box 17209
    Raleigh, NC 27619-7209
    919-754-6000
    800-722-3946

     

    @NCDIT

    Tweets by @NCDIT

    Quick Links

    NCDIT Service Portal
    NCDIT Service Desk
    NCID Assistance
    Training & User Resources
    Statewide IT Strategic Plan
    Cybersecurity Incident Reporting
    NCDIT Communications Hub

    Follow Us

    • Facebook
    • Twitter
    • Flickr
    • YouTube
    • LinkedIn
    • Accessibility
    • Terms of Use
    • Privacy Policy
    • Open Budget
    https://it.nc.gov/programs/privacy-data-protection/privacy-laws-guidance