Close

New Research from CDW on Workplace Friction

Learn how IT leaders are working to build a frictionless enterprise.

Click Here to Read the Report
May 07 2026
Artificial Intelligence

NASCIO 2026 Midyear: State Chief Privacy Officers Gain Influence as AI Expands Role

CPOs shine in the face of artificial intelligence but still face gaps in funding, authority and staffing.
Mickey McCarter
by

Mickey McCarter is the senior editor of StateTech Magazine.

State chief privacy officers are often tasked with protecting vast amounts of sensitive citizen data — and in Idaho, that official works alone.

“I am a team of one, and I have no funding,” said Taylor Bothke, Idaho’s CPO and accessibility manager, describing the reality of building a statewide privacy program largely from scratch. “You can make magic with very little.”

That tension — expanding responsibility paired with limited resources — is at the heart of a new report from the National Association of State Chief Information Officers, which finds that privacy leaders across state government are gaining influence even as they struggle with authority, staffing and funding. Bothke spoke about the report’s findings at the NASCIO 2026 midyear conference recently.

The report, “Privacy Persevering: How State Chief Privacy Officers Are Advancing Governance With Limited Resources,” shows that 31 states now have a CPO or equivalent role, a dramatic increase over the past decade.

That growth reflects both rising public concern over data protection and the increasing complexity of managing privacy in an era of artificial intelligence and digital services.

“This momentum has continued, and we see that it probably will not be stopping any time soon,” said Amy Glasscock, program director for innovation and emerging issues at NASCIO, during a panel discussion of the report.

Click the banner below for guidance on data insights for AI use cases.

XS_Q225_AI_cta_desktop02 XS_Q225_AI_cta_mobile02

 

Privacy Moves to the Center of State IT

As states collect more data and deploy more advanced technologies, privacy officers are becoming central players in enterprise IT governance.

According to the report, 90% of state CPOs are now involved in developing policies related to artificial intelligence, with many also contributing to risk assessments, procurement reviews and vendor oversight.

Bothke said that shift is evident in her day-to-day work, where privacy is increasingly embedded in conversations about AI, accessibility and data use.

“If we’re talking about AI or we’re talking about data, we must talk about privacy,” she said.

That integration reflects a broader evolution highlighted in the report: Privacy is moving beyond compliance and into a core governance function tied to risk management and public trust.

READ MORE: AI is a top management priority for state and local governments.

States See Privacy Progress — With Constraints

States are making measurable progress in building privacy programs. The NASCIO survey found that only 18% of states now report having no privacy program, down sharply from 35% in 2024, while more than half say their programs are actively in development.

At the same time, adoption of formal frameworks is accelerating, with 79% of states using the National Institute of Standards and Technology privacy framework.

But those gains are happening under significant constraints.

Only a small fraction of states report having a dedicated privacy budget, and many CPOs oversee teams of just a few staff members — or, in some cases, none at all.

“Most state CPOs are not struggling with knowing what to do,” the report says. “They are struggling with having the authority and capacity to do it consistently.”

Bothke’s experience reflects that reality. Despite limited resources, she has focused on building awareness and embedding privacy into existing processes rather than creating entirely new ones.

Click the banner below for the latest state and local IT and cybersecurity insights.

st_newsletter_animated_q125_signup_desktop st_newsletter_animated_q125_signup_mobile

 

Training Becomes a Key Strategy for Privacy Officers

One of the most common ways states are advancing privacy programs is through training and awareness initiatives.

The report found that 61% of states are establishing privacy contacts within agencies and about half are conducting statewide privacy training.

In many cases, privacy training is being incorporated into existing cybersecurity programs — a practical approach to reaching a large number of employees.

“We added it into the longstanding cybersecurity training,” Glasscock said, citing survey responses from state privacy leaders.

In Idaho, Bothke has taken a similar approach, weaving privacy into a range of training efforts, from AI education to data classification workshops and agency-specific sessions: “The more that you bring awareness to the topic, the more people reach out: ‘Can you come give a more in-depth training?’”

She has also leveraged partnerships with universities and internal communications teams to develop training materials, including video series and data classification guidance — efforts designed to help employees better understand the data they handle and their responsibilities in protecting it.

“One of our biggest pitfalls is people,” Bothke said. “People don’t know what data they’re handling.”

DIVE DEEPER: Governments can build AI-ready data foundations.

Authority and Support Remain Critical to Privacy Programs

Even as privacy programs mature, gaps in authority and executive support continue to limit their effectiveness.

The report found that fewer than half of CPOs have authority across the executive branch, and some report having no formal authority at all.

That makes backing from leadership especially important.

“Support of the state CIO provides a necessary foundation for success,” the report notes, emphasizing the role of executive sponsorship in securing resources and driving adoption.

Bothke echoed that point, crediting Idaho’s CIO with opening doors to key conversations and opportunities.

“If you have support at the CIO level, you have a lot,” she said.

As AI reshapes how states use data, the CPO’s role is expected to continue expanding.

The NASCIO report concludes that privacy leaders are increasingly operating at the intersection of governance, technology and public trust, but it warns that progress will depend on sustained investment and stronger authority.

For Bothke, the mission is already clear.

“This is your data. It’s your mom’s data. It’s your brother’s data,” she said. “We have an ethical obligation as civil servants to protect the information that we’re entrusted with.”

Bookmark this page for our coverage of the NASCIO 2026 conference.

Wirestock/Getty Images

More On

Related Articles