What are the data security requirements for vendors and contractors?

Data security requirements for vendors and contractors in North Carolina are outlined in the North Carolina General Assembly’s Code Chapter 75-65. These requirements vary depending on the extent of access and contact that the vendors and contractors have with the private data of North Carolina state agencies. Vendors and contractors who collect data on behalf of North Carolina state agencies must first have written contracts in place that outline the obligations of the parties involved. These obligations include data security requirements that must be followed to protect private data. All vendors and contractors must also agree to abide by North Carolina’s policies for the protection of private data. Vendors and contractors must have reasonable security measures in place to protect the security and confidentiality of any information they collect, use, store, or transmit for North Carolina state agencies. These measures must include organizational, technical, and administrative safeguards to prevent unauthorized access and use of the private data. Vendors and contractors must also ensure that any third parties they share the data with have similar data security measures in place. They must also regularly update their security measures as needed to protect the data. Finally, vendors and contractors must provide North Carolina state agencies with prompt notification if there is a security breach that puts the private data at risk. They must also keep all records related to the private data for seven years and provide the records to the agency upon request.

Related FAQs

What is the purpose of the GDPR breach notification requirement?
What is the difference between security of data and security in data?
What is the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework?
What is the definition of “personal data” under GDPR?
How can I ensure I meet GDPR's requirements?
What is the UK’s Data Protection Act (DPA)?
What is a data breach?
What are the key principles of data security?
What is a data subject access request?
What is the role of the data protection regulator?

Related Blog Posts

Top 5 Recent Developments in Data Security Law - July 31, 2023
Understanding the Impact of Data Security Law on Businesses - August 7, 2023
What is the GDPR and How Does it Apply to Data Security Law? - August 14, 2023
What is the Role of the Federal Government in Regulating Data Security Laws? - August 21, 2023
Are State Data Security Laws Compliant With GDPR Regulations? - August 28, 2023