Ensuring Privacy & Security

The N.C. Department of Information Technology prioritizes privacy and security when it comes to using Artificial Intelligence (AI). To help us achieve this, we conduct a Privacy Threshold Analysis, which helps us understand and manage any privacy and security risks associated with AI projects.

Privacy Threshold Analysis

A Privacy Threshold Analysis is necessary to assess privacy and security risks. The PTA asks about the use of AI and requires a description of the project or system that will use AI and how that use aligns with the state's AI principles of responsible use. The PTA is used to analyze risks for projects or systems using AI or generative AI from a privacy perspective and to document AI use for auditing and accountability. 

The PTA is based on the Fair Information Practice Principles, which underpin NCDIT’s Principles for Responsible Use of AI, a foundational component of the North Carolina State Government Responsible Use of Artificial Intelligence Framework.

Need More Information?

State agencies seeking additional information about the PTA or privacy AI risk assessment can send an email to the Office of Privacy and Data Protection. Those seeking support to mature generative AI use cases can also send an email to the AI Working Group.  

State agencies seeking to assess and manage AI risk to individuals and organizations should use the NIST AI Risk Management Framework. Agencies should also use the NIST AI Risk Management Framework Playbook to navigate and use the framework.