May 2025 Privacy Points

Webinar: Intro to Navigating AI Risks Recording Available

Thank you to everyone who joined us for our May Office of Privacy and Data Protection (OPDP) webinar. Both Chaney Currey and Matt King provided a wealth of information about how the state is approaching AI and managing risks. I made a brief appearance to remind everyone about the Responsible AI Principles in the state of Washington based on the NIST AI Risk Management Framework.  A deeper dive into the principles were covered in a previous AI webinar. You can find the most recent slide deck and the webinar (Introduction to Navigating AI Risks) on the OPDP Government Agency Resources page.

Partnership with UC Berkeley

I am happy to announce that WaTech (and OPDP’s own Zack Hudgins) is partnering with the University of California, Berkeley’s Center for Long-Term Cybersecurity to conduct a statewide survey assessing the cybersecurity readiness of nonprofit organizations. Funded by a $500,000 grant from Okta, the project will survey 500 nonprofits starting July 2025, focusing on their digital security practices and vulnerabilities. The goal is to strengthen the digital security of nonprofits that deliver vital community services and often operate without dedicated IT support, helping safeguard sensitive data and maintain essential program operations.

“The real benefit of this partnership is the focus on people who get vital services in Washington — no matter where those services come from — government, or non-profits,” WaTech Director and State CIO Bill Kehoe told StateScoop. “By protecting non-profit organizations from cyberattacks, we’re working to ensure people get the best from their state or local governments.”

For more information, please see StateScoop's coverage.

Technical Services Board meeting

I was invited to present at the Technology Services Board meeting this month to provide an update on recent legislative developments. I highlighted Senate Bill 5014 on election security and House Bill 1205 which makes it a gross misdemeanor (criminal Impersonation in the second degree) to knowingly distribute a “forged digital likeness” of another person with intent to defraud, harass, threaten, or intimidate. I also discussed the moratorium on AI regulation by states at the federal level.  Washington state government’s approach to its own use and adoption of AI is not expected to be impacted, but we will be monitoring the developments.

I’m also happy to report that the State and Local Cybersecurity Grant Program received matching state funding in the recently signed budget bill (ESSB 5167). This is terrific news for Washington given that of the 839 projects funded across the U.S., 252 of those projects were funded in Washington. As such, Washington state was responsible for a whopping 30% of all cybersecurity grant projects funded in the nation under this program. Congratulations to the SLCGP leadership team and special thanks to the Military Department for their collaboration and guidance of this important work.

Spring Privacy Primer Workshop

I also want to thank the OPDP team, our guest speakers, and all the participants for their thoughtful engagement and lively discussions throughout the workshop. Dedicating two full days to exploring privacy is no small commitment, but each time we host this workshop, I’m reminded of the incredible work being done across state agencies to advance our collective maturity in this important area.  We expect to host our next workshop in the fall!

Thanks, and see you next month with more updates!

Katy Ruckle

State Chief Privacy Officer