US Must Prove DOGE Employees Complied With Privacy Act, Judge Orders
A judge ordered the U.S. Office of Personnel Management (OPM) and the Department of Government Efficiency (DOGE) to submit reports summarizing DOGE employees' access to sensitive data and how those staffers were trained, in order to prove that they didn't violate the Privacy Act.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
The U.S. District Court for Southern New York previously blocked DOGE's access to sensitive information in OPM systems (see 2506090043).
Within two weeks, OPM must "file a report which describes the processes and procedures put in place ... since March 6, 2025, to ensure adherence to the requirements of the Privacy Act with respect to any new grant of access permissions ... to any records containing personally identifiable information (PII) of the plaintiffs that exist in any OPM system of records," said Judge Denise Cote on Friday.
Within four weeks, OPM must "file a report concerning OPM's grant of access permissions to any records containing PII of the plaintiffs that exist in any OPM system of records made to any DOGE Agent, where such access permissions are in effect as of the date of this Order."
The plaintiffs in case 25-01237 are current and former government employees, who allege that sensitive personal data was disclosed to DOGE, violating the Privacy Act (see 2502200047). The government argued against an injunction, saying the Privacy Act was not violated (see 2505190043). The district court ruled on June 9, however, that the employees' rights were violated, though the scope of the injunction hasn't yet been determined (see 2506090043).