North Carolina’s Chief Privacy Officer Martha Wewer has been a pivotal leader in advancing the state’s data protection efforts since assuming the role in May 2025. With more than 25 years of experience in privacy governance across public and private sectors, including a decade as global privacy officer at RTI International, five years as privacy officer at the North Carolina State Health Plan, and prior private law practice, Wewer brings substantial expertise. She holds a Juris Doctor from the University of San Diego School of Law, a bachelor’s degree in political science from the University of California, San Diego, and is a Certified Information Privacy Professional (CIPP/U).
Wewer heads the Office of Privacy and Data Protection within the North Carolina Department of Information Technology’s (NCDIT) Enterprise Security and Risk Management Office. Her office oversees the state’s comprehensive privacy program, develops policies, delivers training, offers guidance to agencies, and promotes transparency in how data is used while safeguarding residents’ personal information.
Among her primary initiatives are early prioritization of data classification to map sensitive information, identify locations, and address potential gaps—essential groundwork for secure adoption of emerging technologies like AI. She champions “privacy by design,” integrating protections into systems from inception rather than as retrofits. Processes such as mandatory privacy threshold analyses evaluate risks before tools are implemented. To broaden accountability, her office has established privacy liaisons in various agencies and conducts ongoing employee training on best practices.
Wewer fosters strong collaboration with key counterparts, including Chief AI Officer I-Sah Hsieh and the Chief Information Security Officer, likening their roles to the three legs of a stool supporting secure, responsible data handling amid AI advancements. This synergy underpins structures like the state’s AI Council and Accelerator, established by executive order, ensuring privacy frameworks guide AI policy.
A core tenet of her approach is data minimization—collecting only what’s necessary—coupled with emphasizing choice and transparency for government operations and public advice. During Data Privacy Week in late January 2026, these efforts received heightened attention. Governor Josh Stein proclaimed January 28 as Data Privacy Day, underscoring the value of personal information and threats from bad actors. Wewer authored a blog post titled “Data Privacy: Take Control of Your Data” on the NCDIT website, educating residents that online activities generate vast data trails and urging proactive management of personal information.
She participated in a Data Privacy Lunch & Learn session on January 28, joined by a colleague from the N.C. Department of Justice, discussing confident data-sharing decisions in professional and personal contexts. Throughout the week, NCDIT promoted tips via social media under #DataPrivacyWeek, such as questioning unnecessary requests, deleting unused accounts, and cautious use of generative AI tools that retain inputs.
Wewer’s advocacy extends to legislative conversations, including proposals like the North Carolina Consumer Privacy Act, which would grant residents rights to access, delete, and opt out of data sales by businesses, enhancing control and mirroring laws elsewhere. She views such measures as complementary to education, encouraging daily critical thinking about data sharing to foster informed choices.
In essence, Wewer positions privacy as practical, interconnected with cybersecurity, AI oversight, and daily life. Her leadership builds enduring protections, cultivates trust, and empowers both state operations and residents to prioritize responsible data stewardship beyond annual observances. (Approximately 650 words)
