As legal challenges mount over how federal agencies share Americans’ personal information, Rep. Lori Trahan, D-Mass., is calling for an overhaul of the Privacy Act of 1974, arguing the law has not kept pace with modern data practices and emerging technologies.
Trahan published a 68-page report on Tuesday after spending the last 10 months gathering and reviewing stakeholder input on how to revamp the Privacy Act.
“The Privacy Act was written for a world of file cabinets and mainframe computers, not one defined by cloud storage, data brokers, and AI,” Trahan said in a Feb. 17 press release. “Americans should be able to trust that their personal information is handled responsibly by their government.”
Trahan explained that the report lays out “practical, commonsense updates to strengthen privacy protections, restore public trust, and ensure the federal government can operate effectively in the digital age.”
In the report, Trahan said she investigated the Department of Government Efficiency’s (DOGE) handling of Americans’ personal information. Notably, DOGE has faced allegations of improperly accessing data at agencies including the Social Security Administration, the Treasury Department, and the Office of Personnel Management.
Trahan outlines a bipartisan framework for Congress to modernize the Privacy Act, including recommendations such as strengthening the limits on the collection, use, and sharing of Americans’ sensitive personal data.
She also recommends Congress update the Privacy Act’s definitions to reflect modern systems, technologies, and practices.
Her recommendations also include enhancing oversight mechanisms to prevent misuse of personal information, right-sizing requirements to promote compliance, and establishing and resourcing a chief privacy officer at every agency.
She also recommended Congress establish “an authorization process for agencies’ use of commercially available information that may contain personally identifiable information” – potentially modeled on the Federal Risk and Authorization Management Program (FedRAMP).
“By modeling this process on or incorporating it into [FedRAMP], which provides a security assessment process for cloud service offerings, Congress could standardize evaluations of commercially available datasets and mitigate privacy risk,” the report says.
The Privacy Act was enacted in 1974 following the Watergate scandal and amid the rise of computerized information systems. Trahan argues that the statute has not been substantially updated since its passage and does not account for modern data ecosystems or emerging technologies such as artificial intelligence.
The congresswoman also wrote that the law could not have “accounted for the aggrandizing nature of the modern imperial presidency,” framing reform as both a safeguard against abuse and a tool to strengthen government operations.
“Privacy Act reform is both a defensive measure against abuse and an offensive strategy to engender good government, regardless of which party controls the White House,” Trahan wrote. “Congress should not squander its opportunity or ignore its charge.”