Enhance your TRUST relationship with PRIVACY and SECURITY. Privacy Made Simple!

   +1 866 267 0049   830 NE Pop Tilton Place, Jensen Beach, FL 34957

North Carolina
Privacy Laws


BREACH NOTIFICATION – Mandated Timeframe
Without unreasonable delay

FINES & PENALTIES – Violations
Up to $5,000 per offense


Regulation Levels

  • Breach Reporting

    Breach Reporting

  • Consumer Notification

    Consumer Notification

  • Vendor Management

    Vendor Management

  • Vendor Contract Required

    Vendor Contract Required


Laws related to personal information and privacy and security.


North Carolina Privacy Law Information


Organizations must have measures in place for the secure disposal of personal information. Disposal Vendors must be contracted. Vendors contracted for record destruction must be monitored by the Organization for compliance with manners of destruction allowed under the law.


Breach reporting to the Consumer Protection Division of the Attorney General’s Office must be completed without unreasonable delay when a breached Organization provides consumer notice to an affected state resident. In the event an Organization provides notice to more than 1,000 persons, breach reporting is required to all consumer reporting agencies that compile and maintain files on consumers on a nationwide basis.

If a breach affects residents of other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.

Vendors must notify Organization immediately after discovery of a breach or suspected breach. The Organization will be responsible to complete any required regulatory reporting and consumer notifications.


Destruction Vendors must be certified and must provide independent audits to an Organization. In addition, they must have policies and procedures in place to protect against unauthorized access to personal information during and after disposal. There are separate laws for the protection of personal information relating to medical and insurance.


For violations of the law pertaining to security breaches and destruction of personal information records, the court may impose a civil penalty against up to $5,000 for each offense. If a violation is continuous, each week of the continued violation may be considered a separate offense. Restitution of fees to the attorney general may be granted. Organizations may be fined or penalized for Vendor violations.

North Carolina Statutes and Laws

N.C. GEN. STAT. § 14-113.8(6)

Personal Identification Code

N.C. GEN. STAT. § 14-113.20(B)

Defining the term “identifying information”

N.C. GEN. STAT. § 58-2-105

Confidentiality of medical and credentialing records

N.C. GEN. STAT. § 58-39-45

Access to recorded personal information

N.C. GEN. STAT. § 58-39-75

Disclosure limitations and conditions

N.C. GEN. STAT § 75-1.1

Methods of competition, acts and practices regulated; legislative policy

N.C. GEN. STAT. §§ 75-60 – 75-66

Identity theft protection act

N.C. GEN. STAT. § 132-1.10

Social security numbers and other personal identifying information


The information provided is not legal guidance or recommendations and are for informational purposes only.