NASCIO 2026 Midyear: State Chief Privacy Officers Gain Influence as AI Expands Role

The NASCIO 2026 Midyear conference unveiled a striking surge in state-level privacy leadership, with 31 states now appointing chief privacy officers or equivalents. This growth mirrors heightened public scrutiny over data protection and the escalating complexity introduced by artificial intelligence in public services. As AI models process citizen information for everything from benefits eligibility to public safety, privacy officers are no longer peripheral compliance figures; they are central to shaping policy, overseeing risk assessments, and guiding procurement decisions that involve sensitive data.

However, the report also paints a sobering picture of resource constraints. Many CPOs, like Idaho’s Taylor Bothke, operate as a one‑person team with little to no dedicated budget. Staffing shortages force officers to embed privacy responsibilities within existing structures, leveraging cybersecurity training programs to disseminate best practices. This approach has proven effective: 61% of states have established privacy contacts across agencies, and roughly half conduct statewide training, often piggybacking on established cyber‑security curricula to maximize reach without additional cost.

The implications for state governance are profound. As privacy moves from a compliance checkbox to a core governance function, executive backing—particularly from chief information officers—becomes a decisive factor in program success. Continued investment in authority, staffing, and specialized training will be essential to sustain momentum and safeguard public trust in an era where AI reshapes data handling. Policymakers and technology leaders must therefore prioritize robust privacy frameworks to ensure that the benefits of digital transformation do not come at the expense of citizen rights.