North Carolina Department of Information Technology establishes accessibility standards for state agencies aligned with WCAG guidelines.
North Carolina Accessibility & Privacy Laws
North Carolina does not currently have a comprehensive consumer privacy law. However, the state has strong data breach notification requirements and the Identity Theft Protection Act provides important consumer protections. North Carolina also maintains accessibility standards for state government websites through the NC Department of Information Technology.
→
Accessibility Standards
NC DIT Policy
→
Privacy Status
No Comprehensive Law
North Carolina has data breach notification and identity theft protection laws but no comprehensive consumer privacy legislation.
Privacy Law Status
North Carolina has not enacted comprehensive consumer privacy legislation similar to CCPA or VCDPA. However, the state has several important privacy-related laws:
Current Privacy Protections
- Identity Theft Protection Act: Comprehensive identity theft protections including breach notification requirements (N.C. Gen. Stat. ยง 75-61 et seq.)
- Consumer Protection: The Unfair and Deceptive Trade Practices Act protects against misleading privacy claims
- Student Data: The Student Online Personal Information Protection Act (SOPIPA) protects K-12 student data
- Insurance Data: Regulations protect personal information in insurance transactions
Data Breach Notification Requirements
| Requirement | Details |
|---|---|
| Notification Trigger | Unauthorized access to personal information that causes or is likely to cause identity theft |
| Covered Information | Name plus SSN, driver's license, financial account numbers, digital signatures, biometric data |
| Notification Timeline | Without unreasonable delay; within 60 days for HIPAA-regulated entities |
| AG Notification | Required for breaches involving more than 1,000 persons |
| Credit Reporting | Must notify credit bureaus for breaches affecting more than 1,000 persons |
North Carolina State Government Accessibility
The North Carolina Department of Information Technology (NC DIT) establishes accessibility standards for state government websites and applications. State agencies are required to ensure digital accessibility under state policy and ADA Title II obligations.
Covered Entities
- North Carolina state government agencies
- State contractors and IT vendors
- University of North Carolina system
- North Carolina Community College System
- Local government entities
- State-funded programs and services
Accessibility Standards
- WCAG 2.0 Level AA compliance as baseline standard
- Section 508 alignment for federally-funded programs
- NC DIT Accessibility Guidelines for state websites
- Alternative formats required upon request
- Accessibility testing required for new digital content
Identity Theft Protection
North Carolina's Identity Theft Protection Act provides comprehensive protections for consumers:
| Protection | Description |
|---|---|
| Security Freeze | Consumers can place and lift security freezes on credit reports at no charge |
| SSN Protections | Restrictions on printing SSNs on mailed materials and requiring SSNs for access |
| Disposal Requirements | Businesses must properly dispose of records containing personal information |
| Credit Monitoring | Breach victims may be entitled to free credit monitoring services |
→
Business Obligations
- Implement reasonable security measures
- Properly dispose of personal information
- Notify consumers of data breaches
- Report breaches to Attorney General
- Comply with SSN handling restrictions
- Protect student data (educational entities)
→
Key Agencies
- North Carolina Attorney General
- NC Department of Information Technology
- NC Department of Justice
- Human Relations Commission
- Department of Public Instruction (student data)
Consumer Rights
North Carolina consumers have important rights under existing law:
- Breach Notification: Right to be notified of data breaches affecting personal information
- Security Freeze: Free security freezes and fraud alerts on credit reports
- Identity Theft Assistance: Resources for identity theft victims through the AG's office
- Consumer Protection: Protection against unfair and deceptive trade practices
- Public Records: Access to government records under the Public Records Act
Related Resources
- US Privacy Laws Overview
- State Privacy Law Comparison
- Business Privacy Obligations
- ADA Title II Requirements
- All State Laws
- Contact Us
Need Compliance Guidance?
While North Carolina lacks comprehensive privacy legislation, the Identity Theft Protection Act and accessibility requirements still impose significant obligations. Contact our experts for guidance on current compliance and preparing for future regulations.