Press Releases

WASHINGTON, DC – Today, Congresswoman Lori Trahan (MA-03), Shontel Brown (OH-11), and Suzan DelBene (WA-01) wrote to the Deputy Inspectors General of the U.S. Department of Treasury and the Government Services Administration (GSA) requesting an independent investigation into a Department of Government Efficiency (DOGE) staffer’s mishandling of Americans’ personally identifiable information.

“We write to request that you immediately open an investigation into the unauthorized and harmful actions of a former Treasury employee affiliated with the Department of Government Efficiency (DOGE), who shared a spreadsheet containing personally identifiable information (PII) with officials at the General Services Administration (GSA). Such an investigation is especially imperative as we determine the extent to which federal privacy laws were violated and how individual Americans were adversely affected,” the lawmakers wrote.

In late January, DOGE staffers were granted access to the Treasury Department’s payment system, which processes approximately $200 billion in payments each day to Americans. Payments include Social Security benefits, tax refunds, payments to government contractors, and more. One DOGE staffer, who was granted access to the payment system before his background check was complete, sent an email with an attached spreadsheet containing an unknown amount of Americans’ personally identifiable information to two GSA officials, likely in violation of the Privacy Act. The staffer did not gain approval or encrypt the spreadsheet to protect the privacy of the GSA employees, despite receiving a briefing on cybersecurity and privacy rules just days before.

“Under the Privacy Act, which was passed in the wake of the Watergate scandal to protect Americans’ privacy, federal agencies may not disclose records contained within a system of records to third parties without an individual’s prior written consent, subject to certain exceptions. Moreover, case law supports the proposition that information taken from a record maintained in a system of records—say, a few data points pulled from a larger record—are subject to this disclosure requirement, even if this information is incorporated into a new document that is not itself maintained in the system,” the lawmakers continued. “With this understanding, Elez’s compilation of names, transaction types, and payment amounts into a spreadsheet, even if not entire records from Treasury systems, and subsequent disclosure to GSA officials constitutes a likely violation of the Privacy Act.”

Congresswoman Trahan, a member of the House Energy and Commerce Committee, recently announced an effort to rewrite the Privacy Act for the first time since its passage in 1974. Congresswoman Brown is the Ranking Member of the House Oversight and Accountability Committee’s Subcommittee on Cybersecurity, Information Technology, and Government Innovation. Congresswoman DelBene is a member of the House Ways and Means Committee, which has direct jurisdiction over the Treasury Department.

A copy of the letter sent today can be accessed HERE.

###