Can I use third-party project management tools that collect personal information in North Carolina? What are the requirements?

Based on the context documents provided, if you are using third-party project management tools that collect personal information in North Carolina, you must ensure that you comply with the state’s regulations on project management and data sharing agreements.

Project Management Requirements

According to NCGS 143B-1340 and NCGS 143B-1341, all information technology projects in North Carolina must be managed through a standardized, fully documented process established and overseen by the State CIO. The State CIO is responsible for ensuring that participating agency information technology projects are completed on time, within budget, and meet all defined business requirements upon completion. For separate agency projects, the State CIO ensures that projects follow the Department’s established process and monitors schedule, budget, and adherence to business requirements. The State CIO also establishes procedures to limit the need for change requests and reports on this process to the Joint Legislative Oversight Committee on Information Technology and the Fiscal Research Division by January 1, 2016.

If you are using a third-party project management tool, you must ensure that it complies with the state’s project management requirements. The State CIO must review, approve, and monitor all information technology projects for State agencies, and project approval may be granted upon the State CIO’s determination that the project conforms to project management procedures and policies, does not duplicate a capability already existing in the State, conforms to procurement rules and policies, and sufficient funds are available. No State agency, unless expressly exempt within this Article, shall proceed with an information technology project until the State CIO approves the project.

Data Sharing Agreements Requirements

According to 09 NCAC 06D .0104, all Requestors shall enter into a data sharing agreement with the Contributors that are the custodians of the Data that may be needed to generate a requested report. The Requestor data sharing agreements shall contain limitations on Report access to authorized persons, prohibition on the re-identification of persons included in Reports in accordance with G.S. 116E-5(e), information technology system and data security standards required by the Contributor who will be providing Data for the Report, privacy compliance standards, data breach procedures, terms regarding the disclaimer of liability as applied to Contributors pursuant to the doctrine of sovereign immunity and statutory immunity, and data retention and data removal standards.

If the third-party project management tool collects personal information, you must ensure that it complies with the state’s data sharing agreements requirements.

Conclusion

Based on the context documents provided, you must ensure that the third-party project management tool you are using complies with North Carolina’s regulations on project management and data sharing agreements. If the tool collects personal information, you must ensure that it complies with the state’s data sharing agreements requirements.

Jurisdiction

North Carolina

• Privacy