Sharing Federal Data Across Agencies Raises Privacy and Oversight Concerns

Action: On March 20, the President issued an Executive Order directing agencies to ensure, to the maximum extent permitted by law, that designated Federal officials have access to unclassified records, data, and technical systems across agencies for the purpose of advancing the Administration’s priorities related to eliminating waste, fraud, and abuse. It also directs agencies to modify guidance or regulations that impede this goal, ensure the Federal government has “unfettered access to comprehensive data from all State programs that receive Federal funding,” including unemployment insurance data, and conduct a review of classified information policies to determine whether they lead to more information being classified than is necessary to protect national security interests.

Key Insights

Access to government data and technical systems has been a key issue in the Administration as officials with the US DOGE Service (DOGE) have sought, and sometimes denied, access to data and systems maintained by a range of agencies, including the Treasury’s payment system, the Internal Revenue Service, the Social Security Administration, the Centers for Medicare and Medicaid Services, and the Consumer Financial Protection Bureau.
A previous Executive Order establishing DOGE contained similar language, directing agencies to take all necessary steps to ensure DOGE has “full and prompt access” to unclassified data and systems.
However, a variety of statutes and regulations govern the collection, storage, and use of data the Federal government collects. The 1974 Privacy Act requires that when for all systems that collect personally identifiable information, agencies issue a System of Records Notice (SORN), which describes that information that the agency will collect and how it will be used.
Under the Privacy Act, agencies cannot use data about an individual for any purposes other than those specified in the SORN unless it receives consent from the individual or it meets one of the exemptions specified under the Privacy Act. Agencies are also required by law to conduct Privacy Impact Assessments (PIAs) to determine potential privacy risks when, for example, agencies merge or match information across databases.
In addition, the directive to gain access to data and systems maintained by the states may conflict with state privacy laws.
Given these legal constraints, the scope of new access the Order—including how DOGE uses these systems—will permit remains uncertain. Privacy advocates have also raised concerns that the data could be aggregated in ways that facilitates a vast surveillance capacity across any interaction an individual has with the government.
Experts also warn that the Order’s directive to grant officials access to all “data and records currently available to the Department of Labor’s Office of Inspector General” could undermine the independence of IG investigations and expose sensitive oversight activities to political influence.

Sharing Federal Data Across Agencies Raises Privacy and Oversight Concerns

March 28, 2025

Key Insights

Access to government data and technical systems has been a key issue in the Administration as officials with the US DOGE Service (DOGE) have sought, and sometimes denied, access to data and systems maintained by a range of agencies, including the Treasury’s payment system, the Internal Revenue Service, the Social Security Administration, the Centers for Medicare and Medicaid Services, and the Consumer Financial Protection Bureau.

A previous Executive Order establishing DOGE contained similar language, directing agencies to take all necessary steps to ensure DOGE has “full and prompt access” to unclassified data and systems.

However, a variety of statutes and regulations govern the collection, storage, and use of data the Federal government collects. The 1974 Privacy Act requires that when for all systems that collect personally identifiable information, agencies issue a System of Records Notice (SORN), which describes that information that the agency will collect and how it will be used.

Under the Privacy Act, agencies cannot use data about an individual for any purposes other than those specified in the SORN unless it receives consent from the individual or it meets one of the exemptions specified under the Privacy Act. Agencies are also required by law to conduct Privacy Impact Assessments (PIAs) to determine potential privacy risks when, for example, agencies merge or match information across databases.

In addition, the directive to gain access to data and systems maintained by the states may conflict with state privacy laws.

Given these legal constraints, the scope of new access the Order—including how DOGE uses these systems—will permit remains uncertain. Privacy advocates have also raised concerns that the data could be aggregated in ways that facilitates a vast surveillance capacity across any interaction an individual has with the government.

Experts also warn that the Order’s directive to grant officials access to all “data and records currently available to the Department of Labor’s Office of Inspector General” could undermine the independence of IG investigations and expose sensitive oversight activities to political influence.

CED Newsletters & Policy Alerts

Key Insights