State CIO group urges states to shore up data, governance and workforce for AI

Amy Glasscock, program director for innovation and emerging issues at the National Association of State Chief Information Officers (NASCIO), told the House Technology Innovation Committee that state governments must prioritize data quality, governance and workforce training to use generative artificial intelligence responsibly.

Glasscock said three top takeaways for states are: improve data quality; establish governance (rules, processes and people) for AI; and invest in training for current workers so agencies can use AI tools effectively and safely.

She described generative AI as a recent development that 'enables you to generate something' (text, images, audio, video or code) and said state CIO organizations have moved AI to a top priority: generative AI was listed among the highest-impact emerging technologies in recent surveys, and NASCIO's 2025 priorities placed artificial intelligence near the top.

Glasscock summarized state use cases and trends: enterprise pilots for virtual meeting transcription and document generation, code assistance to modernize legacy systems, AI-enabled cybersecurity operations and threat detection, call-center virtual agents, fraud detection, language translation for online services, and data analytics to improve operations such as traffic and crash analysis.

She emphasized cybersecurity as a 'double-edged sword,' noting that while states use AI to improve detection, adversaries also use AI to craft attacks. Glasscock said that in surveys CISOs identified AI-enabled attacks as an emerging threat vector and that roughly 41% of states reported already using generative AI in cybersecurity operations with about 43% planning deployment within 12 months.

Glasscock also cited data-management survey results: 96% of respondents expected increased AI adoption to raise the importance of data management; 91% rated data quality as important or critically important; but 78% reported they did not have a formal data quality program. On workforce readiness she said only 4% of CIO respondents were 'highly confident' their technology workforce had the necessary expertise for GenAI and 16% were 'slightly confident.'

Her recommendations for state chief information offices included encouraging safe exploration and policies, establishing governance and oversight, starting with low-risk pilot projects, focusing on data quality, building partnerships across agencies, reskilling existing staff and being transparent about AI's limits and successes.

During questions, Representative Dimitrio asked whether states develop their own models or use vendor platforms. Glasscock said most states work with existing vendors and increasingly act as brokers of services rather than building in-house large models. Representative White asked whether current broadband and infrastructure readiness affects deployment; Glasscock said states must continue to offer multiple access channels and that AI deployment should account for existing connectivity limits. Representative Matthews asked about liability when AI provides incorrect information; Glasscock urged caution and said agencies should not rely on AI for subjects where staff lack expertise and that humans remain responsible for what the agency publishes.

Glasscock identified privacy and contracting as top concerns: she said about 30 states now have a chief privacy officer or equivalent and that privacy experts are closely involved in AI work; states are revising vendor contracts to address data-usage and privacy issues. She named Innovate US as a training resource, referenced reports NASCIO published with partners including McKinsey, and pointed legislators to National Conference of State Legislatures (NCSL) materials tracking AI bills.

Glasscock concluded by saying many agencies already use AI and the time to set policy and inventories is now.