Democrats Explore Whether Musk Efforts Violate Privacy Laws

Democrats cited the Privacy Act and the Federal Information Security Management Act (FISMA) as statutes that could potentially apply to DOGE's data-gathering efforts. Lawmakers and consumer advocates are trying to get more information on what data DOGE has been handling in Musk's policy initiatives related to the U.S. Agency for International Development (USAID) and the Treasury Department’s central payments database.

Senate Minority Leader Chuck Schumer, D-N.Y., said Tuesday that DOGE has "unprecedented access" to the Treasury Department payment systems, which include social security and tax refund data. Information related to Medicare and Medicaid benefits, veterans' benefits and disability payments may have also been compromised, he said.

The White House didn't comment Tuesday.

DOGE's activities have brought the privacy conversation on Capitol Hill to a “whole new level of concern,” Sen. Richard Blumenthal, D-Conn., told reporters. “To have a private individual have access to your tax returns, your social security records, your most private, sensitive information, medical history, is absolutely mind-boggling and gut-wrenching.”

Sen. Ron Wyden, D-Ore., was asked if he's seen direct evidence of the DOGE team abusing privacy laws and standards. “We are trying to excavate the answers ourselves to that," said Wyden. "Let’s put it this way: The Trump and Musk regime is not going out of its way to keep us posted. We’re trying to get more details.”

Senate Intelligence Committee ranking member Mark Warner, D-Va., Sen. Angus King, I-Maine, and Blumenthal discussed the possible application of laws like the Privacy Act and the Federal Information Security Modernization Act (FISMA).

The Privacy Act of 1974 prohibits agencies from sharing individuals’ records without their written consent, unless the disclosure meets exemption requirements. Exemptions include purposes tied to law enforcement, national security, research and historical preservation. It also includes exemptions for agency employees who need to access records to carry out government duties. FISMA outlines government cybersecurity standards and guidelines for protecting government-held data.

House Oversight Committee ranking member Gerry Connolly, D-Va., and House Cybersecurity Subcommittee ranking member Shontel Brown, D-Ohio, on Tuesday requested DOGE information from the Office of Personnel Management. They raised concerns about reports that Musk and his team “ignored cybersecurity and privacy protections and introduced vulnerabilities into information technology systems.” Creating a government-wide employee database without conducting a privacy impact assessment could be a “dangerous violation of the 2002 E-Government Act,” they said.

“I don’t know who works for DOGE," said Warner. "I don’t know if any of them have clearances.” He said he'll be seeking information on who was involved, what they accessed, how it might be copied and what laws might have been broken.

Musk posted to X on Tuesday, saying DOGE is “dismantling the radical-left shadow government in full view of the public. This is our ONE CHANCE to return POWER to the PEOPLE from an unelected BUREAUcracy back to DEMOcracy!!”

Republicans expressed support for DOGE. “I’m happy anybody is taking a look at all the waste, fraud and abuse throughout government; so I’m very supportive of their efforts,” said Sen. Ron Johnson, R-Wis.

“I trust that all the usual rules, laws, guidelines about classified information, personal information, all that stuff, are being followed,” said Sen. Josh Hawley, R-Mo.

Senate Commerce Committee ranking member Maria Cantwell, D-Wash., said she's "very concerned" and her office is trying to gather information. “We need stronger privacy rules, and the last thing we should do is have somebody from government getting access to our personal information that they shouldn’t" have.