As we’ve said that the states are only ramping up enforcement from here on out. Oregon is has named Nik Blosser a former Biden administration official and past chief of staff to Oregon Governor Kate Brown—as its inaugural Chief Privacy Officer (CPO) and Artificial Intelligence Strategist, under the state’s Enterprise Information Services (EIS) agency. Blosser brings a hybrid public-private background, including leadership roles in the White House, Oregon government, and sustainable business ventures.
As the Oregon AG and enforcement team made clear at the 2025 IAPP Global Privacy Summit that they want businesses to not only represent California residents but to also respect the data subject rights of Oregon’s residents. This hire showcases that they are putting this plan into action.
Terrence Woods, Oregon’s Chief Information Officer and Director of EIS, emphasized the long-planned nature of the appointment:
“Adding a Chief Privacy Officer and AI Strategist to the team at EIS has been a goal of mine for a few years and I am excited to bring Nik onboard,” Woods said. “Nik will significantly enhance our ability to safeguard data, ensure compliance with privacy regulations, prioritize workforce AI literacy, and lead efforts to promote a culture of awareness across all state agencies, ultimately making Oregon a leader in data protection, privacy management, and AI Governance.”
Privacy Law Momentum: Oregon Leading with Enforcement and New Restrictions
Oregon’s appointment of a top-level privacy and AI official comes as it doubles down on consumer data protection and regulatory enforcement.
Enforcement Underway
The Oregon Consumer Privacy Act (OCPA), effective July 1, 2024, began generating enforcement action quickly. By March 2025, the Oregon Attorney General’s office had received over 110 consumer complaints and issued more than a dozen violation notices—often for missing disclosures, unclear opt-out processes, and weak privacy notice design.
For nonprofits, the grace period ends July 1, 2025, and they now face the same compliance obligations as businesses—exposing them to civil penalties of up to $7,500 per violation.
New Consumer Protections
In mid-2025, Governor Tina Kotek signed two major bills—HB 3875 and HB 2008—amending the OCPA:
- HB 3875 removes exemptions for auto manufacturers, forcing automakers to comply with data deletion, consumer access, and opt-out requirements related to in-vehicle data collection.
- HB 2008 bans the sale of precise geolocation data (within about 1,750 feet) for any consumer, and prohibits profiling or targeted advertising using data of consumers under 16—regardless of whether the company knowingly handles such data.
These amendments take effect January 1, 2026, and signal a clear tilt toward strict regulation of sensitive data.
Regulatory Leadership in AI
Oregon’s legal ambitions extend beyond privacy to include regulating AI under consumer protection laws. State attorneys general—including Oregon’s—are proactively issuing guidance and pursuing enforcement even in the absence of comprehensive federal AI legislation.
This trend underscores a nationwide patchwork of state-level privacy and AI regulation, reinforcing the necessity of state-led frameworks as federal bills continue to stall.
Why Blosser’s Appointment Matters
Oregon’s new role filled by Nik Blosser is not symbolic—it is strategic:
- Centralizing strategy and accountability: As CPO and AI Strategist, Blosser will guide privacy and AI policy across all state agencies—crucial given the rapid expansion of regulatory obligations.
- Strengthening compliance capacity: Blosser’s mandate includes workforce AI literacy and culture-building in privacy awareness, aligning agency practices with evolving enforcement standards.
- Future-proofing governance: Positioned ahead of major bill impacts in 2026, Oregon aims for leadership in data protection and AI governance.
Blosser’s arrival signals that privacy and AI are now core elements of Oregon’s technology infrastructure strategy—not afterthoughts.
At a Glance
| Key Element | Description |
|---|---|
| New role | Chief Privacy Officer & AI Strategist |
| Law enforcement since | July 1, 2024 (OCPA); enforcement started early 2025 |
| New restrictions effective | Jan 1, 2026: geolocation bans & minors’ ad prohibitions |
| Related legislation | HB 3875 (auto data), HB 2008 (location & minors data) |
| Regulatory trend | State AGs filling gaps in AI regulation |
Conclusion
Oregon is emerging as a model for combining policy, enforcement, and strategic oversight in both privacy and AI. The appointment of Nik Blosser reflects a high-level commitment to data governance excellence. With the OCPA enforcement ramping up, and robust new statutory safeguards for children, location data, and auto-collected data, Oregon is setting a new bar for how states can lead in protecting citizens in the digital age.
Blosser arrives at a pivotal moment: Oregon is not just reacting—it’s legislating, enforcing, educating, and preparing for a future where privacy and AI intersect at every level of government.
