G.S. 116E-4

§ 116E-4. Powers and duties of the Center.

(a) The Center shall have the following powers and duties with respect to the System:

(1) Develop an implementation plan to phase in the establishment and operation of the System.

(2) Provide general oversight and direction to the System.

(3) Approve the annual budget for the System.

(4) Before the use of any individual data in the System, the Center shall do the following:

a. Create and publish an inventory of the data proposed to be accessible in the System.

b. Develop and implement policies to comply with FERPA, IDEA, HIPAA, CJIS, the Internal Revenue Code, and any other privacy measures relevant to data available to the System, as required by law or the Center.

c. Develop a detailed data security and safeguarding plan that includes the following:

1. Authorized access and authentication for authorized access.

2. Privacy compliance standards.

3. Privacy and security audits.

4. Breach notification and procedures.

5. Data retention and disposition policies.

(5) Oversee routine and ongoing compliance with FERPA, IDEA, HIPAA, CJIS, the Internal Revenue Code, and other relevant privacy laws and policies.

(6) Ensure that any contracts that govern databases that are outsourced to private vendors include express provisions that safeguard privacy and security and include penalties for noncompliance.

(7) Repealed by Session Laws 2025-62, s. 3(a), effective July 1, 2025.

(8) Review research requirements and set policies for the approval of data requests from State and local agencies, the General Assembly, and the public.

(9) Establish an advisory committee on data quality to advise the Center on issues related to data auditing and tracking to ensure data validity.

(b) The Center shall adopt rules according to Chapter 150B of the General Statutes as provided in G.S. 116E-6 to implement the provisions of this Article.

(c) The Center shall report annually to the Joint Legislative Education Oversight Committee, the Joint Legislative Commission on Governmental Operations, and the Joint Legislative Oversight Committee on Information Technology beginning July 1, 2019. The report shall include the following:

(1) An update on the implementation of the System's activities.

(2) Any proposed or planned expansion of System data.

(3) Any other recommendations made by the Center, including the most effective and efficient configuration for the System. (2012-133, s. 1(a); 2013-80, s. 5; 2013-410, s. 22; 2016-94, s. 7.14(b); 2019-165, s. 2.5; 2025-62, s. 3(a).)