by Meghan Maury
The Privacy Act of 1974 was designed to give people at least some control over how the federal government uses and shares their personal data. Under the law, agencies must notify the public when they plan to use personal information in new ways – including when they intend to share it with another agency – and give the public an opportunity to weigh in.
At dataindex.us, we track these data-sharing notices on our Take Action page. Recently, a pattern has emerged that you might miss if you’re only looking at one notice at a time.
Since around July of last year, the number and pace of data-sharing agreements between federal agencies and the Department of the Treasury has steadily increased. Most are framed as efforts to reduce “waste, fraud, and abuse” in government programs.
Sounds good, right?
It might be. Cutting waste and fraud could mean taxpayer dollars are used more efficiently, programs run more smoothly, and services improve for the people who rely on them.
I’ve personally benefited from this kind of data sharing. When the Department of Education began pulling tax information directly from the IRS, I no longer had to re-enter everything for my financial aid forms. The process became faster, simpler, and far less error-prone.
So… what’s the risk?
The danger comes when automated data matching is used to decide who gets help (and who doesn’t!) without adequate safeguards. When errors happen, the consequences can be devastating.
Imagine a woman named Olivia Johnson. She has a spouse and three children and earns about $40,000 a year. Based on her income and family size, she qualifies for SNAP and other assistance that helps keep food on the table.
Right down the road lives another Olivia Johnson. She earns about $110,000 a year, has a spouse and one child, and doesn’t qualify for any benefits.
When SNAP runs Olivia’s application through a new data-matching system, it accidentally links her to the higher-earning Olivia. Her application is flagged as “fraud,” denied, and she’s barred from reapplying for a year.
This is a fictional example, but false matches like this are not rare. In many settings, a data error just means a messy spreadsheet or a bad statistic. In public benefit programs, it can mean a family goes hungry.
This isn’t an argument against data sharing.
Done well, sharing data across agencies can reduce paperwork, improve accuracy, and make government work better for the people it serves. The problem is not that data are shared, it’s how they are shared, how decisions are made using those data, and what recourse people have when things go wrong.
If data sharing is going to expand, it needs strong guardrails. That includes robust internal processes to ensure high-quality data linkage and regular testing for false matches. It also means giving individuals a clear, easy-to-access way to review decisions made about them, correct errors, and restore benefits quickly when mistakes occur. Clear timelines for updating records and firm retention and deletion schedules are equally important, so outdated or incorrect information doesn’t continue to follow people through multiple systems.
How many copies is too many?
There’s also a quieter but serious issue lurking beneath many of these agreements: how the data are technically shared. In some cases, data sharing appears to involve transferring large datasets from one agency to another. If every agency ends up holding its own copy of sensitive databases, the security risks multiply. More systems, more access points, and more opportunities for misuse or breach. There are technical strategies for reducing that risk, but it’s not clear that those are being used.
That’s why the growing use of these data-sharing agreements deserves close attention. Efficiency matters. But when people’s lives and livelihoods are on the line, accuracy, transparency, accountability, and basic data stewardship matter just as much.