The Flow Report - A New World Order
In the first month of the new administration in the United States, the federal government has changed course sharply and made headlines with firings, buyouts, and a complete halt of operations at the Consumer Financial Protection Bureau. Regulated businesses are left guessing as to longer-term plans for priorities in regulating AI development, data collection, cybersecurity, and more. And DOGE's attempts to access sensitive Treasury and IRS data is prompting renewed calls for a national privacy law. There seems to be a new world order – but what will it mean for organizations that depend on emerging technology?
What has changed so far?
Federal agencies are shrinking across the board (with the exception of the Departments of Defense and Homeland Security). It is difficult to get an accurate tally of staff departures, but reporting suggests that cuts could reach 30% of the federal workforce. That number may be significantly limited by legal challenges. Yet as these cuts deepen, Glacier observed 190 US government-related alerts from agencies including the Federal Trade Commission and Securities Exchange Commission (e.g., orders, proceeding updates, etc.) in January of 2025 versus 31 similar alerts during the same period in 2024. This probably reflects the agencies’ swift plans to close, delay, or change course on existing actions, and is not necessarily an indicator of future activity.
At the SEC
Still, the SEC has been underwater with a relatively low headcount and high number of entities overseen for years. A 10-20% cut, especially in junior staff, will slow down enforcement and examinations; however, it would be a mistake to assume that routine work will cease. It takes years to develop data and AI strategies at scale and the enforcement activity that follows can be equally slow. This is a long-term challenge that will span administrations and firms should plan accordingly.
Paul Atkins will return and take over as chair of the SEC, with many expecting a more pro-free-markets and pro-cryptocurrency approach. It is worth noting that the investigation of App Annie (now data.ai) took place under Republican leadership, even though the settlement was announced in 2021.
At the CFPB
The CFPB shutdown is more clearly a "reboot" of the regulatory agenda, assuming that the agency reopens and is not successful in entirely eliminating its staff. This may lead to more limited authority if Congress steps in.
At the FTC
Finally, the Federal Trade Commission, criticized by some for its expansive use of authority in recent years, has paused its request for public comments on surveillance pricing practices. In 2024, the agency settled a case against X-Mode and brought others against firms like Kochava for collecting sensitive location data. In 2025, the agency has been sidetracked early on with ugly, public disputes in its decision-making. It is hard to assess the FTC's priorities while it is focused on issues like the recent American Bar Association public letter in support of the rule of law.
That said, the newly appointed chairman, Andrew Ferguson, has championed consent requirements for consumer data collection as recently as December 3rd, 2024 in his statement on Gravy Analytics and Mobilewalla:
“The sale of precise location data collected without the consumer’s consent poses a similarly unavoidable and substantial risk of injury to the consumer as does the sale of the non-anonymized data.”
The chairman seems to follow the more conservative viewpoint that transparency (in the form of consent) is the relevant factor for regulatory enforcement, rather than protection of “sensitive” categories of data under a broad interpretation of the FTC Act.
How are companies responding?
So far, most data-driven firms that we work with are optimistic and moving ahead with their plans to build out data capabilities and implement corresponding governance controls. The same is true for their AI programs, although these seem to be progressing less rapidly than media reporting and social media commentary suggests. More than ever before, defensible positions on risk and compliance are critical to success.
Key rules to watch
SEC outsourcing rule – the proposal has been left open since 2022, and the agency has not offered any update in response to recent inquiries.
Don D'Amico
Founder & CEO, Glacier Network
©2025 Glacier Network LLC d/b/a Glacier Risk (“Glacier”). This post has been prepared by Glacier for informational purposes and is not legal, tax, or investment advice. This post is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. This post was written by Don D’Amico without the use of generative AI tools. Don is the Founder & CEO of Glacier, a data risk company providing services to users of external and alternative data. Visit www.glaciernetwork.co to learn more.