Lawmaker pitches blueprint for post-DOGE privacy overhaul

Rep. Lori Trahan, D-Mass., wants to overhaul the federal government's half-century-old privacy law as concerns about the Department of Government Efficiency’s use of data linger. 

On Tuesday, Trahan released a 68-page staff report on the Privacy Act of 1974 that she said could serve as a blueprint for bipartisan, bicameral reform. 

This push comes as many lawsuits continue to work their way through the courts alleging that DOGE broke the government’s main privacy law when it accessed data at the Treasury Department, Consumer Financial Protection Bureau, Office of Personnel Management and elsewhere.

Whistleblowers have raised alarms about DOGE exfiltrating sensitive data from the National Labor Relations Board and storing sensitive Social Security data on a vulnerable cloud server.

Trahan’s blueprint offers 10 recommendations for how to amend the Privacy Act, informed by dozens of responses to a request for information she issued last spring. She’s not the only lawmaker interested in overhauling the law: Sens. Ron Wyden, D-Ore., and Ed Markey, D-Mass., have also introduced a bill to do so.

“Americans deserve to know that their Social Security number, tax information, health data, and employment records are handled responsibly,” Trahan said in an email announcing the new report. “They deserve clear rules, strong safeguards, and meaningful accountability. And they deserve a government that puts their privacy first while also optimizing the efficient delivery of Americans’ hard-earned benefits.”

Trahan wants to strengthen limits on government use of sensitive, personal data; improve transparency; strengthen enforcement and account for modern technology in the overhaul of the government’s main privacy law.

Among the suggestions is that Congress extend privacy protections to more people beyond its currently more limited scope of American citizens and lawful permanent residents. 

This is especially salient now, as the Trump administration has continued to spark privacy concerns by tapping into previously unused government databases for its immigration crackdown, including those at the IRS and within the Medicaid program. 

Other recommendations include establishing a new legislative branch oversight entity or empowering the Government Accountability Office to oversee privacy issues, as well as resourcing chief privacy officers at government agencies.

Trahan also wants to narrow the exceptions in the decades-old law to the requirement that agencies don’t share records without an individual’s consent.

These exceptions have been at the center of many of the DOGE-related lawsuits, with government agencies arguing that the law’s broad “need-to-know” exception allowed DOGE to access records without obtaining individuals’ written consent. 

Trahan wants Congress to get rid of this and the “routine use” exception — one of the most used — entirely.

She also wants to strengthen enforcement by increasing penalties against those that violate privacy laws, recognizing more types of privacy harms beyond monetary ones and expanding civil remedies.

That may help address some current legal questions under debate. Whether or not those suing the government for violations of the Privacy Act and the Administrative Procedure Act have sufficient standing to do so has been a common question in the many lawsuits filed against the administration.

Trahan is also calling on Congress to regulate the government’s use of commercially available information, which can raise its own, unique privacy risks. Using commercially available information is especially common in the law enforcement and intelligence community, although civilian agencies also use data brokers for things like fraud prevention.

Ironically, government agencies are at times pushed to data brokers because the requirements to share information internally can be so burdensome. Trahan’s report acknowledges that the Privacy Act can sometimes hamstring low-risk, noncontroversial use of data.

For years, some civic technology and other good government advocates have pushed for more data sharing in the government. Better data could make government benefits easier to access, for example, by having the government enroll people in benefits programs by using data they already gave from another program. 

Anti-fraud experts have also said they need better data sharing to prevent bad actors from getting government funds.