Angela Besendorfer

The subcommittee discussed and agreed to pursue several key policy research areas. These include exploring the feasibility of a global option for Maryland residents to exercise rights under the Maryland Online Data Privacy Act regarding data brokers, investigating policy issues surrounding chatbots, researching both consensual and nonconsensual deepfakes to develop recommendations, and examining broader state data-sharing practices with the federal government. The members also discussed the need to prioritize these research initiatives in future meetings.

The subcommittee discussed the cybersecurity posture of small and medium-sized utilities, proposing initiatives such as resource mapping, mentorship programs with larger utilities, and the creation of a resource database. For the future policy agenda, members explored cybersecurity risks in the food processing, finance, transportation, and telecommunication sectors. Additionally, the meeting addressed the security implications of agentic AI and quantum computing on critical infrastructure, as well as potential collaboration with the NSA for research resources.

The Subcommittee on State and Local Government Cybersecurity and Emerging Technology held a virtual public meeting. The agenda included opening remarks by the chair, introductions of members, and the facilitation of a discussion involving invited presenters from the National Association of State CIOs.

The council hosted a virtual meeting featuring a Subject Matter Expert presentation by John Gilligan, CEO of the Center for Internet Security, regarding cybersecurity considerations for State, Local, Tribal, and Territorial (SLTT) organizations.

The subcommittee meeting focused on establishing the policy agenda for 2026. Key discussions included reviewing EPIC's model state law on chatbots, which covers transparency requirements, disclosures, risk assessments, and liability provisions, and analyzing its potential standing against federal executive orders. The subcommittee also considered studying California's DELETE Act as a potential regulatory initiative to enhance PII deletion mechanisms across the data broker ecosystem. Furthermore, the discussion addressed concerns raised regarding state data access through the Nlets system by DHS, in conflict with Maryland's warrant requirements. Finally, the merits of broadly regulating deepfakes as a form of counterfeit representation were debated, referencing recent federal and state legislative efforts.