Can I avoid having a data breach response plan in North Carolina? What are the requirements?

Data Breach Response Plan Requirements in North Carolina

Based on the context documents, it is not possible to avoid having a data breach response plan in North Carolina.

North Carolina law requires businesses that own or license personal information of residents of North Carolina or conduct business in North Carolina that owns or licenses personal information in any form to provide notice to the affected person that there has been a security breach following discovery or notification of the breach ^[4.1].

Additionally, Requestor data sharing agreements required by 09 NCAC 06D .0104 include data breach procedures, including notification of DIT of any cybersecurity incidents as described by G.S. 143B-1320(a)(4a) or G.S. 143b-1320(a)(16a) using the incident report form available at: ^[1.1].

Therefore, businesses in North Carolina must have a data breach response plan that includes procedures for notifying affected individuals and the DIT of any cybersecurity incidents.

Additional Information

The North Carolina Forest Service of the Department of Agriculture and Consumer Services is designated an emergency response agency of the State of North Carolina for purposes of supporting the North Carolina Forest Service in responding to all-risk incidents, receipt of any applicable State or federal funding, training of other State and local agencies in emergency management, and any other emergency response roles for which the North Carolina Forest Service has special training or qualifications ^[3.1].

Note that this information is not directly relevant to the query but may be useful for businesses operating in North Carolina to be aware of.

Source(s):

• [1.1] REQUESTOR DATA SHARING AGREEMENTS AND REQUIREMENTS
• [3.1] North Carolina Forest Service designated as emergency response agency.
• [4.1] Protection from security breaches.

Jurisdiction

North Carolina

• Privacy