The Privacy Act of 1974 has not been updated in over fifty years. In March 2025, Rep. Lori Trahan (D-MA) launched a formal inquiry into reforming the law. The RFI cites a combination of unchecked government officials accessing sensitive federal data and significant technological advances (notably, such as AI). In response, the Census Quality Reinforcement Task Force submitted the following response to Rep. Trahan’s office on April 30, 2025.
April 30, 2025
Introduction
We are writing today as the leadership of the Census Quality Reinforcement Task Force, a multidisciplinary learning community bringing together civil society leaders, historians, statisticians, demographers, and other experts to support accuracy and fairness in public data.
We are responding to the RFI as stakeholders of the U.S. statistical system. As such, we have limited our responses to a subset of issues pertinent to the U.S. statistical system.
How the Privacy Act is Relevant to Federal Statistics
The U.S. federal statistical system operates within a layered framework of several privacy and confidentiality laws. One of these statutes governing the statistical system is the Privacy Act of 1974.
While the Privacy Act does not authorize the federal government to collect data, it governs how federal agencies disclose and manage data. In particular, the Privacy Act mandates agencies to post public and individual notices about personal data held in systems of records. It also limits secondary use of the data without consent unless an exemption is met.
Along with the Confidential Information Protection and Statistical Efficiency Act of 2002 (CIPSEA), the Privacy Act is one of the key statutes governing the use of federal data for evidence building.[1] The purpose of both statutes is to ensure that “information provided to the Federal government under a promise of confidentiality is not released to anyone in identifiable form, except as allowed by law.”[2] The Census Bureau is also bound by specific laws—notably Title 13 of the U.S. Code—which strictly prohibits any non-statistical use of census data and imposes strict penalties for unauthorized disclosure.
Responses
1. a. What are your biggest concerns with the federal government’s collection, maintenance, use, or dissemination of personal information?
The government’s long-term capacity for evidence-based policymaking relies on a robust commitment to confidentiality. Confidentiality is essential to—not at odds with—the goal of accurate, complete, and reliable statistical data. Specifically, confidentiality is key to securing the public’s participation in federal statistical programs.
In recent months, personnel in the Department of Government Efficiency (DOGE) have accessed protected personal information held by federal agencies, including, but not limited to, the Internal Revenue Service. These actions are very likely to damage public confidence in the federal government’s stewardship of sensitive personal information.[3]
The U.S. federal statistical system already faces a climate of serious mistrust of public institutions that reduces individuals’ willingness to respond truthfully or at all to federal surveys.[4] DOGE’s recent access to protected data is likely to exacerbate these concerns and significantly reduce individuals’ willingness to provide information about themselves to the federal government. This will lower response rates and reduce the completeness and accuracy of data collected by the U.S. federal statistical system.
Our most important concern, however, is the federal government’s use of datasets, which DOGE is accessing and combining in ways that betray the purpose, spirit, and words of the Privacy Act.[5] The Census Bureau operates under a narrow statutory exemption, allowing the agency to acquire and link datasets for statistical purposes, including foundational uses for our democracy, such as apportionment and redistricting. In contrast, efforts to consolidate personal information and create a “master database”[6] outside these clear statutory limits risk enabling unchecked government abuse of personal information.
Congress can restore and strengthen the confidentiality practices essential to the well-functioning of the nation’s statistical infrastructure, including clarifying the superseding effect of Title 13’s confidentiality provisions.[7]
2.e.ii. How can the government share personal information–with other agencies, researchers, states and localities, and other entities–in ways that are effective and privacy-preserving? & 2.e.iii. Should Congress consider imposing restrictions on intra-agency data sharing? If so, how?
The Privacy Act provides a specific exemption to the Census Bureau. The Act permits other federal agencies to disclose records to the Census Bureau without prior written consent. However, the exception contains an important caveat and requires that the disclosure is for “the purposes of planning or carrying out a census, survey, or related activity pursuant to the provisions of Title 13.”[8]
The Census Bureau exemption is critical and should not be eliminated. The Census Bureau relies on administrative data from numerous statistical programs and products, and the agency is increasingly exploring ways to integrate administrative data to improve the quality, timeliness, and availability of the nation’s statistics.
Discourse among statistical experts has focused on how Congress may amend federal statutes to facilitate the sharing, linkage, and use of administrative data for statistical purposes.
The concern regarding the underutilization of administrative data across agencies is a well-founded one. Expert bodies, such as the Commission on Evidence-Based Policymaking, have highlighted the need for greater legal clarity to better support responsible inter-agency data sharing for statistical purposes. The existing patchwork of statutes has led to institutional reluctance and operational inefficiencies, even for authorized statistical purposes.[9] For example, despite the utility of income data to evaluate federal programs, existing legal constraints can bar researchers—both within and outside of agencies—from accessing earnings and tax records already collected by federal agencies.[10] The solution proposed by the Commission was the creation of a National Secure Data Service (NSDS) and an amendment of the Privacy Act to extend the narrow Census Bureau exemption to the NSDS.[11] Advancing data sharing and evidence-building must not come at the expense of robust confidentiality protections and laws.
We caution against broad modifications to the Privacy Act based on a view that the statute is an unnecessary barrier to efficient data sharing among agencies for program evaluation and evidence-based policymaking. Instead, the facilitation of inter-agency data sharing should happen within the existing confidentiality framework to ensure public trust in government data programs, to uphold the functional separation between statistical and non-statistical uses of data, and to ensure that combined data does not empower the federal government over individuals as has happened in technocracies such as China.
Moreover, any revisions to the Privacy Act should not conflict with the Title 13 provisions that strictly prohibit the Census Bureau from disclosing personal information to other agencies. Any potential revisions to the Privacy Act must preserve the essential principle of “functional separation.” There must be a clear and bright line delineating the uses of government data for statistical versus non-statistical purposes.
1.d. How can the federal government most effectively leverage privacy-enhancing technologies (PETs)?
The Census Bureau and other government agencies responsible for producing public data have a dual mandate: They must provide useful statistics for public policymakers while ensuring that those published statistics do not disclose or allow others to discover confidential information about individuals, households, and businesses.
The Census Bureau has long recognized the utility of PETs in balancing the dual mandate. In particular, the agency has relied on a subset of PETs called statistical disclosure limitation (SDL) techniques or disclosure avoidance systems (DAS) to ensure respondent confidentiality in publishing statistics. In response to concerns about emerging threats (i.e. reconstruction-abetted reidentification attacks), the Census Bureau implemented formal privacy methods for the 2020 Census.
Real-world application of PETs has yielded important lessons, including the need for cross-agency implementation guidance and investment in and training for data stewards and privacy officers to support PET implementation. More broadly, PETs must be deployed to not only protect respondent confidentiality but also to ensure that the resulting noise-infused data is sufficiently useful. To that end, the federal statistical system needs to assemble a comprehensive catalog of the uses of its statistical products, including funding allocations, legal mandates, and regulatory practices across all agencies of the federal government as well as at state and local levels. Then, analyses of the fitness for use of statistical products following PET application should be conducted to ensure that the final data products are sufficiently accurate for each use.
Beyond protecting statistical outputs, federal statistical agencies should also advance PET implementations that support “input privacy.”[12] In contrast to the use of SDL methods to protect the confidentiality of individuals and entities in aggregated statistical releases, input privacy refers to the protection of sensitive data during the process of sharing and linking data across datasets held by different organizations. These input privacy approaches include technical methods for enabling organizations to run joint computations and analyses across datasets without the need to share the underlying personal information with other organizations. This is especially important where legal or regulatory barriers prohibit direct data sharing.
Governments are employing these tools to conduct statistical analyses and advance evidence-based policymaking. For example, in Estonia, privacy laws prevented the Ministry of Education and the Tax Board from sharing and linking education and tax records. However, to evaluate correlations between education and income, the agencies utilized Secure Multi-Party Computation (MPC) to calculate joint statistics across both datasets while ensuring compliance with privacy laws.[13] Similarly, in the U.S., the City of Boston and Boston Women’s Workforce Council sought to analyze pay disparities by gender and race across employers. Due to privacy concerns associated with sharing individual salary information, the organizers relied on Secure MPC to allow employers to submit salary data with technical privacy safeguards.[14]
Conclusion
In enacting the Privacy Act, Congress was clear-eyed about the dangers posed by centralizing government databases. Lawmakers of both parties warned of government overreach and threats to personal liberty and human dignity stemming from, in the words of Senator Jacob Javit (R-NY), the “new menaces of computer data banks and indiscriminate government and private sector dossiers.”[15] The Privacy Act was carefully crafted to constrain the risk of a “dictatorship of dossiers,”[16] requiring that personal data be collected and shared for specific, narrow, and lawful purposes. This foundational principle should remain a source of guidance for building a trustworthy and effective federal statistical system.
Thank you for this opportunity to comment on this important issue. Please feel free to contact Jae June Lee, on behalf of the Census Quality Reinforcement Task Force, at jaejune@ncoc.org should you have any questions about these comments.
1. Commission on Evidence-Based Policymaking. “The Promise of Evidence-Based Policymaking: Report of the Commission on Evidence-Based Policymaking.” September 2017. Available at: https://bipartisanpolicy.org/download/?file=/wp-content/uploads/2019/03/Full-Report-The-Promise-of-Evidence-Based-Policymaking-Report-of-the-Comission-on-Evidence-based-Policymaking.pdf
2. Percival, Kelly. “Federal Laws That Protect Census Confidentiality.” Brennan Center for Justice, 20 February 2019. Available at https://www.brennancenter.org/our-work/research-reports/federal-laws-protect-census-confidentiality.
3. Pascal, Alexander, et. al. “Understanding DOGE and Your Data.” The Ash Center for Democratic Governance and Innovation, 31 March 2025. Available at https://ash.harvard.edu/resources/understanding-doge-and-your-data/.
4. Census Bureau. “New Study Examines Barriers, Attitudes and Motivators Toward Participating in the Upcoming 2020 Census.” 24 January 2019. Available at https://www.census.gov/newsroom/press-releases/2019/2020-census-cbams.html.
5. Citron, Danielle. “ DOGE Betrays Foundational Commitments of the Privacy Act of 1974.” Lawfare, 7 February 2025. Available at https://www.lawfaremedia.org/article/doge-betrays-foundational-commitments-of-the-privacy-act-of-1974.
6. Kelly, Makena, and Vittoria Elliott. “DOGE Is Building a Master Database to Surveil and Track Immigrants.” WIRED, 18 April 2025. Available at https://www.wired.com/story/doge-collecting-immigrant-data-surveil-track/.
7. For further discussion of this recommendation, see Wolf, Thomas, et. al. “Improving the Census.” The Brennan Center for Justice, 13 September 2022. Available at https://www.brennancenter.org/our-work/policy-solutions/improving-census.
8. Commission on Evidence-Based Policymaking. “The Promise of Evidence-Based Policymaking”; and Census Bureau. “Legal Authority and Policies for Data Linkage at Census.” Last revised, December 2016. Available at https://www.census.gov/about/adrm/linkage/about/authority.html.
9. Commission on Evidence-Based Policymaking. “The Promise of Evidence-Based Policymaking.” 2017.
10. Commission on Evidence-Based Policymaking. “The Promise of Evidence-Based Policymaking.” 2017.
11. The National Secure Data Service (NSDS) is “a platform of shared services to streamline and innovate data access, data linkage, and privacy protections to support expanded data use for evidence building across the nation.” For more information about the NSDS, see U.S. National Science Foundation. “Towards a National Secure Data Service (NSDS).” Available at https://www.nsf.gov/events/towards-national-secure-data-service-nsds.
12. United Nations. The PET Guide. 2023. Available at https://unstats.un.org/bigdata/task-teams/privacy/guide/2023_UN%20PET%20Guide.pdf.
13. Evans, David, Vladimir Kolesnikov, and Mike Rosulek. “A Pragmatic Introduction to Secure Multi-Party Computation,” 2018. Available at https://ieeexplore.ieee.org/document/8584398.
14. Evans, Kolesnikov, and Rosulek. “A Pragmatic Introduction to Secure Multi-Party Computation,” 2018; and Lindell, Yehuda. “Secure Multiparty Computation (MPC).” Communications of the ACM, January 2021. Available at https://eprint.iacr.org/2020/300.pdf.
15. Citron. “DOGE Betrays Foundational Commitments of the Privacy Act of 1974.” 2025.
16. Citron. “DOGE Betrays Foundational Commitments of the Privacy Act of 1974.” 2025.
