RALEIGH – A new report about how states are taking steps to protect the data privacy of their citizens finds that North Carolina scores a mere 20 on a scale of 100, meeting four of 20 study criteria. California, meanwhile, leads the nation with a score of 75.

The news comes as data breaches ranging from identity theft to ransomware occur on a regular basis.

Idtheftcenter.org documented 74 data breaches alone in September, exposing more than 1.5 million “sensitive” records and 218 million “non-sensitve” records. Meanwhile, there is growing concern about personal data exposed through such devices as “smart speakers.”

Paul Bischoff, editor of Comparitech, which conducts the annual analysis, talked with WRAL TechWire about why North Carolina scored poorly and what steps can be taken to imrpove citizens’ privacy. Comparitech says it is a “pro-consumer website providing information, tools, and comparisons to help consumers in the US, UK and further afield to research and compare tech services.”

  • Why did NC score so low?

North Carolina lacks a few privacy laws that are common in other states.

Students and employees have no explicit protection from schools and employers who demand access to their social media accounts, for example.

Compareitech graphic

Government agencies in the state are not required to dispose of personal data after it’s done being used for the purpose it was collected.

Out of the 20 criteria we looked at, North Carolina only met four.

[Criteria for 2019 was revised to include six new categories:

  • Companies must allow consumers to opt out of third-party data sharing
  • Companies must delete personal data on request of the person
  • Companies must disclose what person data they’ve collected about a person
  • A warrant is required for law enforcement to access personal data on users held by service providers
  • A warrant is necessary to track someone’s location via GPS or other geo-location technologies
  • Laws to protect biometric data

[North Carolina does meet criteria for data disposal, protection of K-12 students and two different measures to “shield” journalists.]

  • Does NC place residents at risk as a result of its privacy laws?

“At risk” might be an overstatement, but North Carolina certainly has some catching up to do.

Better privacy laws can empower residents to take control of their personal data and hold government and businesses accountable when they fail to protect it.

  • What needs to be done to improve the score?

Many states are modeling new privacy legislation after Europe’s GDPR [General Data Protection Regulation] and California’s CCPA. [California Consumer Privacy Act] North Carolina could take a similar approach.

[In the study, here’s what Bischoff wrote about California: “[California has enacted many laws for specific privacy issues that other states ignore. What’s more, the state has also created what the ACLU called the most comprehensive digital privacy law in the nation. California is the only state to mention an inalienable right to privacy in its state constitution. It’s also the only state to enact a law that specifically protects data gathered from the internet-of-things.”]

  • Were you surprised by the findings about NC?

No. I don’t think North Carolina and other low-scoring states lack privacy laws because they don’t want them. It’s more likely that they just haven’t caught up yet.