Bill would add AI review duties to the Office of Privacy and Data Protection
Get AI-powered insights, summaries, and transcripts
Subscribe
Summary
HB 2,606 would update reporting and performance measures for the Office of Privacy and Data Protection (OPDP), add AI project review responsibilities aligned with NIST guidance, and align OPDP statute with a recent JLARC audit; OPDP and WATEC testified supportively with questions about capacity and process.
House Bill 2,606 would revise the statutory duties of the Office of Privacy and Data Protection (OPDP) to reflect current practice, add a responsibility to review agency projects that use artificial intelligence, and revise performance reporting measures.
Sponsor Representative Stephanie Barnard said the bill is an efficiency measure responsive to a 2025 JLARC performance audit and is not an agency request bill. Katie Ruckel, the state's chief privacy officer and director of OPDP, testified the bill implements JLARC recommendations and can be operationalized within existing resources. Ruckel said OPDP will incorporate an AI risk assessment for high‑risk projects that process personally identifiable information and align assessments with the National Institute of Standards and Technology (NIST) AI risk management framework; human review and "human‑in‑the‑loop" safeguards are part of the approach.
Committee members asked technical questions about review procedures and incident response; OPDP described its existing review process for major PII projects and said it would add AI risk assessment elements for high‑risk systems, and offered to work with agencies following any incidents to improve processes. The committee closed the public hearing with record of strong support and requests for technical clarifications in bill language.