Rebecca Boughamer

The subcommittee meeting focused on establishing the policy agenda for 2026. Key discussions included reviewing EPIC's model state law on chatbots, which covers transparency requirements, disclosures, risk assessments, and liability provisions, and analyzing its potential standing against federal executive orders. The subcommittee also considered studying California's DELETE Act as a potential regulatory initiative to enhance PII deletion mechanisms across the data broker ecosystem. Furthermore, the discussion addressed concerns raised regarding state data access through the Nlets system by DHS, in conflict with Maryland's warrant requirements. Finally, the merits of broadly regulating deepfakes as a form of counterfeit representation were debated, referencing recent federal and state legislative efforts.

The subcommittee was briefed on the distributed energy resource (DER) cybersecurity regulations under consideration by the Public Service Commission (PSC). Key discussion points included the PSC's authority to regulate DERAs, enforcement mechanisms for cybersecurity requirements, and concerns from electric companies regarding compliance and potential impacts on rates. The subcommittee also considered forming a healthcare ecosystem workgroup to examine ecosystem resilience, discussing objectives such as identifying minimum functional requirements, defining interdependencies, exploring coordinated crisis management, and addressing barriers to strengthening resilience.

The subcommittee meeting addressed several key issues, including raising the cap on firm size for the 'buy-Maryland' program, a presentation on TEDCO's cyber investment fund, and potential tax incentives to attract cyber talent to Maryland. The committee also discussed cyber workforce development efforts in Howard County. Discussions covered the impact of COVID on the cyber business sector in Maryland, the need for a near-term strategy to attract and retain cyber talent through tax incentives, and the possibility of a State program to certify training centers and subsidize companies for employee training.

The meeting included updates from various subcommittees, including Law, Policy and Legislation, Cyber Incident Response, Critical Infrastructure, Education and Workforce Development, Economic Development, and Public Awareness and Community Outreach. The subcommittees discussed topics such as the Cyber First Responder Reserve, data breach legislation, DoIT's security posture improvements, establishing an educational infrastructure for critical infrastructure sectors, assessing cyber workforce demands, developing a scholarship for state service proposal, supporting K-12 computer science pipeline-building efforts, mapping the lifecycle of a technology-oriented firm, developing an asset map for Maryland, and incentives to support the growth of the State's cyber economy. Colonel Shawn Bratton presented on the cybersecurity capabilities of the Maryland National Guard.

The meeting included a review of the agenda and the final report of the Council's Ad Hoc Subcommittee on Consumer and Child Privacy, which included nine recommendations pertaining to consumer privacy and six concerning child privacy. There was also an update on legislation that the report intended to inform, with discussions about its resemblance to a law enacted by Connecticut and potential provisions similar to those of the Biometric Information Privacy Act.