Here’s the reality: What began as a California-led experiment in comprehensive privacy protection has evolved into a cascade of state-level frameworks that are reshaping how state and local agencies fundamentally approach data governance.
In 2025, data leaders will continue to see seismic shifts in the regulatory landscape.
The story of this transformation tells us everything about where we’re heading. In 2020, California stood alone with CCPA, charting new territory in consumer privacy rights. By 2023, we saw Virginia, Colorado and Utah join with their comprehensive frameworks. And by 2026, 18 states will have implemented comprehensive privacy frameworks.
Let that sink in. For government data leaders, this creates immediate operational challenges. Each state law brings its own requirements for how organizations—including government agencies—must handle resident data.
What government data leaders need to pay attention to
While the specific requirements of these new laws are still being interpreted, government data professionals need to pay particular attention to:
- How these laws define and protect resident data rights
- What constitutes valid consent for data processing
- Requirements for data sharing between agencies and across jurisdictions
The complexity increases when agencies operate across multiple states or share data with federal partners. A state health department, for example, might need to comply with both their home state’s privacy law and the laws of neighboring states when managing interstate health data exchanges.
But here’s what’s really interesting: There’s growing momentum for federal privacy legislation. With unified party control in Washington and the FTC stepping back from its privacy rule-making, we might finally see movement on a national framework.
For government data leaders, this means preparing for two distinct scenarios: continued state-by-state compliance adaptation, or a rapid pivot to federal standards.
Neither path is simple, but organizations that unify their governance approach now—moving beyond system-specific controls to implement comprehensive data intelligence—will be better positioned for either future.
What government data leaders should do in 2025
Today, the approach for the new administration on privacy (and AI) is still taking shape.
States, however, aren’t waiting for federal guidance. The California Privacy Protection Agency’s automated decision-making rules are just the beginning. Utah’s AI Policy Act requires clear disclosures for AI interactions. Colorado’s upcoming AI Act creates comprehensive requirements for high-risk AI systems in government services. And in December 2024, New York passed an AI law that will require state agencies to monitor the use of generative AI.
In light of these changes, government data and AI leaders should:
- Stay informed: Continuously monitor federal directives and policies related to AI to ensure compliance and alignment with national objectives
- Engage with private sector initiatives: Explore opportunities to collaborate with private sector projects like Stargate to leverage new resources and technologies
- Adapt to regulatory changes: Be prepared to adjust strategies and operations in response to the evolving regulatory environment, maintaining a balance between innovation and public accountability
By proactively addressing these areas, you can effectively navigate the shifting AI regulatory landscape and contribute to the nation’s leadership.
Turning fragmentation into Data Confidence
The regulatory landscape isn’t just complex. It’s fragmented. But fragmentation presents a unique opportunity. Forward-thinking government agencies can unify their approach to data and AI governance across every system, source and user. Because unified governance is about more than compliance—it’s about accelerating what’s possible with government data while ensuring safety and trust.
Based on these developments, here are your data and AI priorities for early 2025:
- Unify your governance approach: Move beyond system-specific controls to implement governance that works across your entire data ecosystem, from every producer to every consumer
- Build automated visibility: Implement solutions that automatically track and document data flows across state lines and systems
- Create active links between policies and use cases: Ensure your AI governance creates clear connections between datasets, policies and every AI use case
The truth is that governance isn’t about constraining innovation—it’s about accelerating it. When you unify governance across your agency, you give your teams the power to move faster while maintaining compliance. You create an environment where both technical and non-technical users can access, understand and properly use data.
Is your agency ready for 2025? See how Collibra can accelerate all your data and AI use cases, safely.
