North Carolina introduces data privacy legislation

Attorney General of North Carolina Josh Stein and House Representative Jason Saine have introduced the “Strengthen North Carolina Identity Theft Protection Act,” mandating organizations to report data breaches within 30 days.

What does the Act say?

The Act updates the definition of a ‘security breach’ to now also encompass ransomware attacks. It also pushes for tighter data protection:

Requires business that own or license personal information to implement and maintain reasonable security procedures and practices – appropriate to the nature of personal information – to protect the personal information from a security breach. Additionally, the definition of protected information is updated to include medical information, genetic information and health insurance account numbers.

The Attorney General’s North Carolina Data Breach Report 2018 showed that the 1,057 data breaches reported over 2018 (a 3.4% increase from 2017) affected more than 1.9 million North Carolina residents. The report also stated:

Over the past 10 years, the number of North Carolinians impacted by security breaches has increased by more than 250 percent. The increase in security breaches is a combined result of the near-universal access to technology from personal devices, an upswing in online scams, and the amount of consumer personal information and financial data that companies keep.

In 2018, North Carolina was also hit with a record number of phishing breaches: 275 (an 11% increase from 2017).

January 2018, Stein and Saine introduced a similar bill. This bill required organizations report breaches to the AG’s office within 15 days.

Protect your data

Unfortunately, data breaches are becoming increasingly common. Although there is no foolproof solution to prevent them, IT Governance USA can work with your organization to meet its ISO 27001, EU GDPR (General Data Protection Regulation), PCI DSS (Payment Card Industry Data Security Standard), and penetration testing requirements.

Our comprehensive range of products and services, combined with flexible and cost-effective delivery options, provide a unique, integrated alternative to the traditional consultancy firm, publishing house, penetration tester, or training provider. We pride ourselves on our international customer base, and delivering a broad range of integrated, high-quality solutions globally, while meeting the real-world needs of today’s organizations, directors, and practitioners.

Contact us on +1 877 317 3454 or email for more information or to discuss your requirements. Follow us on Facebook, LinkedIn, and Twitter to stay up to date on our products and services, and the latest cybersecurity news.