Oregon Appoints Nik Blosser as First Chief Privacy Officer & AI Strategist

Table of Contents

As we’ve said that the states are only ramping up enforcement from here on out. Oregon is  has named Nik Blosser a former Biden administration official and past chief of staff to Oregon Governor Kate Brown—as its inaugural Chief Privacy Officer (CPO) and Artificial Intelligence Strategist, under the state’s Enterprise Information Services (EIS) agency. Blosser brings a hybrid public-private background, including leadership roles in the White House, Oregon government, and sustainable business ventures.

As the Oregon AG and enforcement team made clear at the 2025 IAPP Global Privacy Summit that they want businesses to not only represent California residents but to also respect the data subject rights of Oregon’s residents. This hire showcases that they are putting this plan into action.

Terrence Woods, Oregon’s Chief Information Officer and Director of EIS, emphasized the long-planned nature of the appointment:

“Adding a Chief Privacy Officer and AI Strategist to the team at EIS has been a goal of mine for a few years and I am excited to bring Nik onboard,” Woods said. “Nik will significantly enhance our ability to safeguard data, ensure compliance with privacy regulations, prioritize workforce AI literacy, and lead efforts to promote a culture of awareness across all state agencies, ultimately making Oregon a leader in data protection, privacy management, and AI Governance.”

Nik Blosser Oregon Privacy and AI Enforcer

Privacy Law Momentum: Oregon Leading with Enforcement and New Restrictions

Oregon’s appointment of a top-level privacy and AI official comes as it doubles down on consumer data protection and regulatory enforcement.

Enforcement Underway

The Oregon Consumer Privacy Act (OCPA), effective July 1, 2024, began generating enforcement action quickly. By March 2025, the Oregon Attorney General’s office had received over 110 consumer complaints and issued more than a dozen violation notices—often for missing disclosures, unclear opt-out processes, and weak privacy notice design.

For nonprofits, the grace period ends July 1, 2025, and they now face the same compliance obligations as businesses—exposing them to civil penalties of up to $7,500 per violation.

New Consumer Protections

In mid-2025, Governor Tina Kotek signed two major bills—HB 3875 and HB 2008—amending the OCPA:

  • HB 3875 removes exemptions for auto manufacturers, forcing automakers to comply with data deletion, consumer access, and opt-out requirements related to in-vehicle data collection.
  • HB 2008 bans the sale of precise geolocation data (within about 1,750 feet) for any consumer, and prohibits profiling or targeted advertising using data of consumers under 16—regardless of whether the company knowingly handles such data.

These amendments take effect January 1, 2026, and signal a clear tilt toward strict regulation of sensitive data.

Regulatory Leadership in AI

Oregon’s legal ambitions extend beyond privacy to include regulating AI under consumer protection laws. State attorneys general—including Oregon’s—are proactively issuing guidance and pursuing enforcement even in the absence of comprehensive federal AI legislation.

This trend underscores a nationwide patchwork of state-level privacy and AI regulation, reinforcing the necessity of state-led frameworks as federal bills continue to stall.

Why Blosser’s Appointment Matters

Oregon’s new role filled by Nik Blosser is not symbolic—it is strategic:

  • Centralizing strategy and accountability: As CPO and AI Strategist, Blosser will guide privacy and AI policy across all state agencies—crucial given the rapid expansion of regulatory obligations.
  • Strengthening compliance capacity: Blosser’s mandate includes workforce AI literacy and culture-building in privacy awareness, aligning agency practices with evolving enforcement standards.
  • Future-proofing governance: Positioned ahead of major bill impacts in 2026, Oregon aims for leadership in data protection and AI governance.

Blosser’s arrival signals that privacy and AI are now core elements of Oregon’s technology infrastructure strategy—not afterthoughts.

At a Glance

Key Element Description
New role Chief Privacy Officer & AI Strategist
Law enforcement since July 1, 2024 (OCPA); enforcement started early 2025
New restrictions effective Jan 1, 2026: geolocation bans & minors’ ad prohibitions
Related legislation HB 3875 (auto data), HB 2008 (location & minors data)
Regulatory trend State AGs filling gaps in AI regulation

Conclusion

Oregon is emerging as a model for combining policy, enforcement, and strategic oversight in both privacy and AI. The appointment of Nik Blosser reflects a high-level commitment to data governance excellence. With the OCPA enforcement ramping up, and robust new statutory safeguards for children, location data, and auto-collected data, Oregon is setting a new bar for how states can lead in protecting citizens in the digital age.

Blosser arrives at a pivotal moment: Oregon is not just reacting—it’s legislating, enforcing, educating, and preparing for a future where privacy and AI intersect at every level of government.

Written by: 

Online Privacy Compliance Made Easy

Captain Compliance makes it easy to develop, oversee, and expand your privacy program. Book a demo or start a trial now.