Pitfalls of Trump’s Info Silo Executive Order Compromise Privacy

The federal government collects a vast amount of highly sensitive personal data from the public that informs its regular operations and policies. Federal agencies carefully safeguard the collection and usage of this data to prevent it from being misused. President Donald Trump’s March 2025 Executive Order 14243, Stopping Waste, Fraud, and Abuse by Eliminating Information Silos, challenges this protection by granting federal agencies unfettered access to unclassified records and information technology systems. In doing so, the order mistakenly equates information protection, like redacted personally identifiable information, to barriers and inaccessibility, even though data protection often requires some form of limited access through disaggregation.

Despite the order’s purpose of “enhancing the Government’s ability to detect overpayments and fraud,” the administration has failed to articulate how expanded access to highly personal data has prevented waste, fraud, and abuse. Data silos do exist and are worth addressing, but the executive order oversimplifies a complex information-sharing issue with a solution that is more likely to become a new problem, especially when factoring in the administration’s history of misusing agency data. The best way to address both the challenges caused by data silos and the abuse of data is for Congress to take action.

The Executive Order’s Shortcomings

The Project On Government Oversight (POGO) has been at the forefront of advocating for and working with Congress to identify waste and fraud for decades. Yet this directive invites irreversible harm by leaving sensitive data vulnerable to abuse. For the government to responsibly eliminate duplication and inefficiency, policymakers must strengthen data quality, prioritize data privacy, and enforce strong accountability measures to prevent misconduct.

Agencies are subject to privacy laws and other statutes governing what data they may collect and how it may be used. In addition to law, the government also implements operational safeguards such as security clearances, meaning not everyone is privy to the same data; data use agreements, which detail the purpose of an agency’s request for data access and the conditions of its use; and strict recordkeeping to ensure that government employees are complying with privacy protections. This executive order weakens those protocols because now agencies, along with officials that the president designates, can simply ask for the data. Policymakers and the public deserve to know how these agencies are using their expanded access.

Rather than taking a measured approach to address problems caused by information silos, this executive order rushed to implement a solution that could cause more issues than it solves. POGO has identified several of the executive order’s shortcomings, which are as follows:

Agencies were not given an adequate amount of time to eliminate data silos responsibly.

Agencies were directed to review any regulations and “rescind or modify all agency guidance that serves as a barrier to the inter- or intra-agency sharing of unclassified information” within 30 days of the order. This timeline remains insufficient and does not allow agencies to implement the directive safely. For instance, a working group called the Chief Data Officers Council was established by the Evidence Act in 2018 to fulfill five statutory requirements, such as promoting interagency data sharing and establishing best government-wide practices. The council’s Data Sharing Working Group took two months just to convene and begin identifying key data-sharing challenges across federal agencies. Moreover, current agencies’ limited capacity and resources may further slow the implementation of such a far-reaching directive.

It is not clear who has access to sensitive government information.

The executive order applies to “Federal officials designated by the President or Agency Heads (or their designees).” While agency heads are a matter of public record, there is no comprehensive public list of those who have been designated by their agency head to have access to the data. Consider individuals under the Department of Government Efficiency (DOGE). DOGE’s activities suggest it had and continues to have unprecedented access to agency data, but it has not been forthcoming about who is technically a member of DOGE. We simply do not know who is accessing and possibly exploiting our information. This lack of transparency prevents any accountability to ensure our information is protected.

There is no oversight or enforcement mechanism to ensure agencies are following the laws that govern data usage.

The order says agency heads are required to report to the Office of Management and Budget (OMB) regulations and guidance that could be rescinded or modified, placing OMB at the center of executing the order. However, OMB has previously failed to release agency guidance in a timely manner, which undermines agencies’ ability to act efficiently and ensure compliance. As of this writing, OMB has not released any guidance on this order, even though the deadline for agencies to implement it has already passed.

Examples of Recent Data Misuse

Although the broader impact of this executive order is still unfolding, there are several recent examples of the administration misusing agency data, underscoring that interagency information sharing with the intent to address waste and fraud requires careful oversight and recordkeeping, not unfettered access that risks causing more harm.

Social Security Administration

In August, the public saw the consequences of granting federal officials expanded access to sensitive data at the president’s direction. A whistleblower from the Social Security Administration filed a complaint to Congress and federal auditors reported to the media that they found DOGE had violated “established standards on assessing government work.” Even more troubling, DOGE copied more than 300 million Americans’ Social Security information to a separate cloud server, giving DOGE unchecked access to a master database that consolidates Social Security card applicants’ information. Not only has personally identifiable information been duplicated on a vulnerable system, but the oversight and accountability mechanisms governing that data’s use have been eliminated, risking fraud and abuse.

Internal Revenue Service

In April, the Internal Revenue Service (IRS) struck an agreement with Immigration and Customs Enforcement (ICE) to disclose sensitive taxpayer information “solely for the preparation for judicial or administrative proceedings, or investigation that may lead to such proceedings… or any subsequent criminal proceedings.” The administration continues to take an aggressive approach, deploying the National Guard along with ICE to enforce its immigration policies, and this data-sharing agreement makes it easier to detain and arrest individuals, most of whom have no criminal records and who are disproportionately people of color. This marks an unprecedented move for the IRS, whose governing statutes have long prohibited political interference in its operations and data. IRS lawyers have advised both the Department of Homeland Security (DHS) and the Treasury that this agreement is likely to violate privacy law.

Department of Agriculture

In July, the U.S. Department of Agriculture (USDA) requested data, including recipients’ immigration statuses, from state agencies that administer the Supplemental Nutrition Assistance Program (SNAP). The agency claimed the data will be used to perform “integrity checks” and could be shared with other agencies. But the information the UDSA is gathering is unusually intrusive and is typically safeguarded by state laws and program guidance. These legal and technical protections often impose strict limitations to protect recipient information and ensure confidentiality, making this federal request inconsistent with established protections. In response to this request, attorneys general from 21 states filed a lawsuit alleging that USDA’s request violates federal privacy laws, challenging the order’s notion of rooting out fraud. More recently, U.S. District Judge Maxine Chesney blocked USDA from attempting to collect SNAP data from those 21 states.

Health and Human Services

The Department of Health and Human Services agreed to share sensitive Medicaid data with DHS, allowing ICE to access Medicaid recipients’ personal data. This agreement is also part of the larger initiative to consolidate data across agencies to fuel ICE’s deportation efforts. In August, a federal judge found this agreement disrupts Medicaid operations and temporarily blocked the federal health department from continuing to share its data with DHS in 20 states. DHS must comply with the rule of law. As Jeffrey Grant, a former HHS employee who was an operations director at the Centers for Medicare and Medicaid Services, said to PBS, “DHS has no role in anything related to Medicaid.”

Impact

These past six months represent a major breach of trust between the government and the people it serves. The government is supposed to ensure that our information is protected from malfeasance. Instead, we have seen different executive agencies and DOGE shift away from long-standing best practices about data privacy and weaken safeguards for highly sensitive personal information. The administration has not demonstrated how this executive order has stopped any waste, fraud, or abuse in the six months since its release. Instead, the administration has faced legal scrutiny and pending lawsuits.

The relationship regarding the privacy and consent of American society and its federal government is being altered as the directive’s execution remains opaque. Why are agencies like the IRS sharing data with other agencies that lack auditing authority? How will these agencies use our once-confidential personally identifiable data after they consolidate information? None of this is clear, and that is the problem.

To root out waste, fraud, and abuse, we need meaningful transparency and accountability, not sweeping directives. This executive order purports to support the open government goals of eliminating waste, fraud, and abuse, but it has only furthered efforts to increase surveillance, particularly of disfavored groups. It will weaponize the public’s data to, among other things, centralize federal resources to accelerate mass deportation and detention efforts. Mishandling the public’s data could also have unintended consequences, such as making it more difficult for Americans to obtain federal assistance to which they are entitled. The overall impact of this executive order will be widespread, affecting all communities.

Solutions

While every agency experiences different data issues and needs, POGO recommends several overall solutions that Congress can implement to address the information silo issues the executive order sought to reduce and to manage the data abuses outlined above.

Our recommendations are as follows:

• Improve data quality to better detect improper payments and wasteful spending by agencies. High-quality data is essential for effective policies, regulations, and best practices. Both POGO and the administration recognize that duplicative and inaccurate information is prevalent. For a comprehensive list of recommended data reforms, see our fact sheet on federal spending transparency.
• Adequately fund and support the Government Accountability Office (GAO) so it can properly perform audits and investigations. The legislative agency has proven to be a valuable investment for the federal government in identifying and rooting out waste, fraud, and abuse. The GAO establishes audit standards, helps Congress uncover billions of dollars in improper payments, and evaluates the quality of agencies’ oversight structures while providing recommendations for improvements.
• Ensure that the priorities of the Chief Data Officers Council, a statutory group established under the Evidence Act, are met. The bipartisan statute created a framework intended to improve evidence-based policymaking by soliciting feedback from public and private stakeholders, identifying effective information technology systems, and reforming the data-sharing agreements process between agencies. The council has been working towards a more careful approach to improving the same information-sharing issue that this order attempts to address.
• Identify legacy systems and provide agencies with sufficient resources to explore and implement more robust replacement systems. Legacy technology systems are often outdated and lack more modern functionalities, which makes it difficult for data integration and communication across different formats.
• Amend the Privacy Act of 1974 to deter abuse of statutory exceptions, close carve-out loopholes for interagency information sharing, strengthen protections for sensitive data, and ensure that the statute reflects the increased reliance on electronic data and its vulnerabilities.

Congress has many powers and tools to address the operational barriers agencies face. The legislative branch has just as much to do with rooting out waste, fraud, and abuse as the other two branches of our government. Congress should act now to protect and secure the public’s sensitive personal data from potential misuse and prevent further harm.