As North Carolina prepares to harness artificial intelligence, the state’s Chief Privacy Officer emphasizes that accurately identifying data is a pivotal first step in unlocking AI’s full potential. This strategic approach will ensure the state maximizes both efficiency and security.
Martha Wewer, appointed as North Carolina’s Chief Privacy Officer last May after the departure of Cherie Givens, is spearheading a data classification initiative. This project aims to enhance the state’s ability to identify its data, which will subsequently support its AI initiatives. Wewer defines data classification as “knowing exactly what data you have, where it resides, and how sensitive it is.” This process is vital as it lays the groundwork for effective privacy and security controls, particularly in managing one of the most significant risks to data privacy.
“I often joke that no one is as passionate about data classification as I am. It truly represents the largest risk we face as we increasingly integrate artificial intelligence into our operations,” she noted during an interview.
Wewer highlighted that although the state does an admirable job of safeguarding its data, proper classification will empower agencies to discern which data is suitable for AI applications, determine what data requires aggregation or anonymization, and identify high-quality datasets trustworthy for use.
The importance of this project is underscored by its support from state leadership. Last fall, North Carolina Governor Josh Stein signed an executive order establishing a statewide AI framework, which includes an AI leadership council, an AI accelerator at the Department of Information Technology, and oversight teams in each agency.
“Our governor is committed to fostering safe and trustworthy AI utilization statewide. Identifying our sensitive data and labeling it to prevent potential data leakage is my utmost priority. We have made significant strides toward effectively achieving this goal,” Wewer stated. “While agencies are already diligent in protecting their data, this initiative will simplify the process for them.”
Under the leadership of Stein and Chief Information Officer Teena Piccione, Wewer explained that data classification begins with the identification process, creating a comprehensive inventory. Her office categorizes data as public, internal, confidential, highly sensitive, and more. This classification helps the state develop specific rules for data management, such as determining which datasets are appropriate for AI applications and which ones must remain secured within state boundaries.
Data classification is frequently conducted alongside a privacy threshold analysis—a questionnaire that identifies personally identifiable information. This process informs various protective measures, such as access controls, encryption, retention schedules, logging requirements, and vendor protocols. Improperly labeled sensitive information poses the risk of becoming publicly accessible or inadvertently used to train AI models.
Wewer asserts that the stakes are escalating as AI becomes increasingly intertwined with governmental operations.
“There’s a strong desire among people to comprehend how privacy and data protection intersect with artificial intelligence,” she commented. “It’s often the elephant in the room, but I appreciate that individuals within our privacy-conscious state are eager to explore these AI tools, even as they harbor concerns about data privacy.”
She also noted that her office is collaborating with I-Sah Hsieh, North Carolina’s Deputy Secretary for Artificial Intelligence and Policy, due to the natural intersections between privacy, AI, and cybersecurity governance frameworks.
“When discussions about privacy began, there were few guidelines available, prompting us to develop our own frameworks and governance models, apart from regulatory structures like HIPAA. The data we collect at the state requires specific governance, similar to that utilized for artificial intelligence. This has led I-Sah, me, and Chief Information Security Officer Bernice Russell-Bond to work closely together,” Wewer explained.
In summary, the proactive steps that North Carolina is taking to identify and classify its data are essential for harnessing the power of artificial intelligence responsibly. By implementing robust data management strategies, the state aims to navigate the complexities of privacy and security, ultimately paving the way for trusted AI applications in governance. These measures reflect a commitment to both innovation and accountability in addressing the challenges of the digital age.
