State and federal privacy laws govern the use of personally identifiable information (PII). These laws are supplemented by policy and guidance. The Office of Privacy & Data Protection is responsible for establishing a statewide standard for information technology privacy and for reviewing existing privacy standards and practices to determine whether they meet statewide privacy requirements.

Statewide standards and practices incorporate state and federal privacy law, IT guidance and requirements, and records retention and management requirements. The following laws and guidance inform North Carolina state privacy standards. 

State & Federal Laws

State Law

Employee Personnel Records

Federal Law

State Policy & Memoranda


National Institute of Standards and Technology (NIST) Publications

Privacy by Design

Controlled Unclassified Information

Other Guidance

This list is not exhaustive and will continue to be updated.