Consumer data protection is more important than ever, especially as our lives are increasingly conducted online. The United States does not currently have a federal data privacy protection law, which leaves states free to enact their own consumer privacy protections. North Carolina’s Identity Theft Protection Act currently creates security obligations for businesses who handle personal data, and the proposed Consumer Privacy Act of North Carolina could create additional obligations. Keeping up with changes to privacy law, at both the federal and state level, is often expensive and time-consuming. Fortunately, a North Carolina privacy policy generator can cut down on the time and cost it takes to stay compliant in the state.
SixFifty’s state-specific privacy tools help you automatically generate a privacy policy. Read on to learn more about North Carolina’s privacy law, and how our privacy tools make it cost-effective and easy to stay in compliance.
Who is affected by North Carolina data privacy laws?
The Identity Theft Protection Act creates obligations for any company who owns or licenses the personal information of North Carolina residents, or any business that conducts business in North Carolina who also owns or licenses that information in any form.
If passed, the Consumer Privacy Act of North Carolina (CPA) would apply to businesses who target their services to North Carolina residents. It requires compliance from any company who controls or processes the personal data of:
- At least 100,000 consumers on an annual basis; or
- At least 25,000 consumers, and derives over 50 percent of their revenue from the sale of personal data.
What’s the difference between privacy policies and privacy notices?
You might wonder why you’ll need two separate documents for compliance. A privacy notice and privacy policy serve different purposes. A privacy notice is a public document that you post for consumers to see. It outlines your personal information gathering practices, and tells consumers what you do with their data. A privacy policy is an internal document that your employees follow. It tells them how they should handle consumers’ personal information.
North Carolina privacy laws
The Identity Theft and Protection Act primarily focuses on data breaches. The CPA expands on the ITPA by focusing on personal consumer data, giving consumers more control over how their data is used.
Key differences include:
- Right of knowledge and access: Consumers can confirm whether their data is being collected and processed. They may also request a copy of that data.
- Right to correction or deletion: Consumers can correct their personal data or ask that the controller delete the data.
- Right to opt out: Consumers are entitled to opt out of personal data processing for targeted purposes.
- Private right of action: The attorney general has the right to enforce the CPA, if passed, but individuals also have a right to civil action.
- Responses to consumer requests: Data controllers are required to comply with any of the requests above, typically within 45 days.
- Disclosure obligation: Controllers must tell consumers why they’re collecting data.
- Limitations on data collection: Controllers need to limit data collection to “adequate, relevant, and reasonably necessary” data for the disclosed purposes above. Furthermore, if the controller has obtained a consumer’s sensitive data without consent, they may not process it. This includes data relating to race, ethnicity, health diagnoses, citizenship or immigration status, religion, biometric or genetic data, and precise geolocation data.
- Privacy notices: Data controllers need to provide consumers with a privacy notice, including what kind of data is being processed, for which purpose, how to exercise consumer rights, and whether the information is shared with third parties.
- Data processor contracts: Controllers must ensure their contracts with processors comply with CPA procedures and requirements.
- Assessments: Controllers must conduct and document a data protection assessment on an annual basis.
If passed, the law will go into effect in January 2023.
Is there a North Carolina privacy policy template?
Creating a compliant privacy policy would be easier with a North Carolina privacy policy generator, especially if the CPA is signed into law. Unfortunately, one-size-fits-all templates rarely cover each applicable law and scenario. SixFifty’s NC website privacy policy generator specifically addresses these needs.
Instead of racking up billable hours with outside counsel, or having your in-house lawyers draft the documents and monitor changes to the law, we do the hard work for you. You can quickly generate a privacy policy that’s compliant with North Carolina law. Best of all, we keep an eye on changes to the law. You’ll be notified whenever privacy restrictions change, so you can regenerate your privacy documents. A North Carolina privacy policy generator can cut down on the cost and effort it takes to stay on top of state and federal privacy laws.
Our software pairs technology with real legal expertise to deliver compliant North Carolina privacy policies and notices in record time. Simply answer a series of questions, download the generated document, and have your lawyer review. It’s the easiest way to stay compliant and avoid incurring penalties—all while saving money on legal fees.
Generate a privacy policy for North Carolina with SixFifty
If your company does business in North Carolina and meets the CPA or ITPA thresholds, you’ll need to create a compliant, state-specific privacy policy and notice. Let SixFifty do the hard work for you with our North Carolina privacy policy generator. Reach out today to schedule a demo, or learn more about our privacy tools!
