Privacy law in North Carolina

There is no signed, comprehensive consumer privacy law in North Carolina yet. House Bill 462 — the North Carolina Personal Data Privacy Act (NCPDPA) — was introduced in the 2025 legislative session and referred to committee, but has not been enacted into law. If passed, it would give you the right to access, correct, delete, and port your personal data, and opt out of its sale and use in targeted advertising. Until then, a limited set of sector-specific and federal protections apply to North Carolina residents.

What protections do exist in North Carolina

North Carolina Identity Theft Protection Act

North Carolina requires businesses and government agencies to notify residents when their unencrypted personal information (such as Social Security numbers, financial account numbers, or driver's license numbers) is exposed in a security breach. Notification must be made in the most expedient time possible and without unreasonable delay. (N.C. Gen. Stat. § 75-65)

North Carolina Genetic Privacy Act

North Carolina restricts the collection, retention, and disclosure of genetic information without consent. Employers and insurers generally cannot require or use genetic tests to make employment or coverage decisions. (N.C. Gen. Stat. § 130A-45.1 et seq.)

North Carolina Personal Health Information Privacy (HIPAA supplement)

North Carolina law restricts the disclosure of confidential health information and communicable disease records held by state and local health departments, supplementing federal HIPAA protections for medical privacy. (N.C. Gen. Stat. § 130A-12)

North Carolina Children's Online Privacy (COPPA complement)

North Carolina law includes criminal penalties for displaying harmful material to minors online, and the pending HB 462 Social Media Safety Act provisions (if enacted) would add age-verification and parental-consent requirements for social media platforms targeting NC minors. (N.C. Gen. Stat. § 14-190.17A)

Federal protections that apply to North Carolina residents

Even without a state privacy law, federal rules still provide some protection. The FTC Act (Section 5) prohibits unfair or deceptive data practices by companies. HIPAA protects your medical and health information held by covered entities. COPPA restricts how websites collect data from children under 13. The Gramm-Leach-Bliley Act covers personal financial information held by financial institutions, and the Fair Credit Reporting Act governs how your credit data may be used.

What’s happening in the North Carolina legislature

Several privacy bills have been introduced in North Carolina. None has passed into law yet, but they signal where consumer privacy legislation in the state may be heading.

HB 462 — North Carolina Personal Data Privacy Act / Social Media Safety Act

House Bill 462 would enact the North Carolina Personal Data Privacy Act (Chapter 75F) and a Social Media Safety Act (Chapter 75G), effective January 1, 2026. The privacy act would give NC residents rights to access, correct, delete, and port their personal data, and to opt out of targeted advertising, data sales, and automated profiling. It would apply to businesses that process data of at least 35,000 NC consumers, or at least 10,000 consumers while deriving more than 20% of revenue from data sales. The Social Media Safety Act would require social media platforms to verify ages and obtain parental consent before allowing minors to create accounts. Status: in committee. Read the bill text.

How Optery helps North Carolina residents

Data brokers collect and sell personal information about almost every American adult — home addresses, phone numbers, family relationships, employment history. They do this regardless of whether your state has a comprehensive privacy law. Optery scans over 200 data brokers to find where your information is exposed, then submits removal requests on your behalf and tracks compliance. Our service works for every US resident, not just those in states with strong privacy statutes.

See which data brokers have your information →