Judge says Treasury, Education, OPM can’t share personal information with DOGE
The Office of Personnel Management and the departments of Treasury and Education are now barred from sharing individuals’ personally identifiable information with DOGE representatives, a federal judge ruled Monday.
Judge Deborah L. Boardman of the U.S. District Court for the District of Maryland said in her decision that in granting associates with Elon Musk’s so-called government efficiency initiative access to systems containing plaintiffs’ PII, the agencies “likely violated” the Privacy Act and the Administrative Procedure Act.
“Enacted 50 years ago, the Privacy Act protects from unauthorized disclosure the massive amounts of personal information that the federal government collects from large swaths of the public,” Boardman wrote. “Congress’s concern back then was that ‘every detail of our personal lives can be assembled instantly for use by a single bureaucrat or institution’ and that ‘a bureaucrat in Washington or Chicago or Los Angeles can use his organization’s computer facilities to assemble a complete dossier of all known information about an individual.’”
The lawsuit was filed by the American Federation of Teachers, the International Association of Machinists and Aerospace Workers, the International Federation of Professional and Technical Engineers, the National Active and Retired Federal Employees Association, the National Federation of Federal Employees, and six military veterans.
The plaintiffs specifically cited the exposure of their PII to DOGE associates in Treasury’s Bureau of Fiscal Service, which includes names, Social Security numbers, birth dates, birth places, home addresses and telephone numbers, email addresses, and bank account information of Americans who have transacted with the federal government. For Education, the plaintiffs focused their case on the management of the federal student loan system. And as the government’s human resources office, OPM “maintains a host of systems with information about federal government personnel,” the suit noted.
The plaintiffs alleged that the “unrestricted access” to those systems provided to DOGE violated the Privacy Act because none of the parties “requested disclosure or provided express written consent to the disclosure of their information to DOGE representatives.” Additionally, they contended that DOGE staffers did not need to know their personal information to carry out their duties.
Having their PII exposed to unauthorized government personnel, the plaintiffs said, caused “major distress and anxiety, as they do not know who their data has been or will be shared with, whether these disclosures have made them vulnerable to further privacy breaches, and how it may be weaponized against them.”
Boardman’s opinion noted that the plaintiffs’ injuries in this case were akin to “a specific type of invasion of privacy” and they would “suffer irreparable harm if the defendants are not enjoined.”
Boardman, whose decision extends an existing temporary restraining order that was entered Feb. 24, said that although President Donald Trump’s day-one executive order establishing DOGE called for “full and prompt access to all unclassified agency records, software systems, and IT systems,” the concerns spelled out in the Privacy Act half a century ago “are just as salient today.”
“No matter how important or urgent the President’s DOGE agenda may be, federal agencies must execute it in accordance with the law,” Boardman wrote. “That likely did not happen in this case.”
The government will now have a week to decide whether it plans to file a notice of appeal or if the court should move forward by entering a scheduling order. The parties must file a joint status report on these decisions by March 31.
