Russell Vought, director of the Office of Management and Budget, took time away from his busy schedule on Wednesday for his side gig as acting director of what’s left of the Consumer Financial Protection Bureau.
In that role, Vought just tossed out a proposed CFPB rule that would have limited what data brokers could do with consumers’ private data, like credit history and Social Security numbers.
President Donald Trump often justifies his horrendous actions by saying that the people voted for him to do it, but this is absurd. Though Trump did telegraph a lot of his worst planslike his violent immigration crackdown, surely no one could have foreseen his claim that Americans wanted to be freed from the tyranny of having their private data stay private.
But Trump’s attack against the CFPB was clearly outlined in Project 2025of which Vought was a key architectwith claims that the CFPB is unconstitutional, harmful, and unaccountable. But in reality, the CFPB has paid for itself several times over, returning more than $21 billion to consumers since it began operation in 2011.
Vought is a supporter of destroying government assistanceso why not destroy consumers’ privacy while he’s at it?
Data brokers make billions from selling personal information, often without people knowing they exist. But it turns out that people don’t really like that—not even diehard Republicans. Texas Attorney General Ken Paxton has already gone after data broker Arity for collecting and selling driving data of more than 45 million people without their knowledge.
Sure, this is a giveaway to corporations, a result of the Trump administration’s commitment to ensuring that no pesky regulations get in the way of profits, but it’s also part of Trump’s overall assault on privacy.
For example, Health and Human Services Secretary Robert F. Kennedy Jr. just announced some sort of autism database that would combine electronic health records and Medicare/Medicaid insurance claims in the service of learning the “real” causes of autism. Because one thing that always ends well is assembling a database of people the government finds undesirable.
Elon Musk’s so-called Department of Government Efficiency also has plans to pool all government data into a massive single database, but there are so many things wrong with this idea.
First, it’s unnecessary. There’s no evidence that the existing way private data is maintained somehow hobbled the work of government.
Next, it’s pretty clear that efficiency isn’t the goal here; it’s about making it far easier for Trump to deport people.
Finally, a single centralized data repository is far more vulnerable than multiple databases, and DOGE does not have a great track record with data security, especially considering the launch of its website was so haphazard that hackers nearly immediately figured out how to push updates to the site.
Meanwhile, one DOGE software engineer, Kyle Schutt, recently had his Gmail login credentials in multiple data leaks caused by malware. Schutt had high-level access to data from the Federal Emergency Management Agency and, ironically, the Cybersecurity and Infrastructure Security Agency.
Another DOGE engineer, this one burrowed in at the Department of Justice, has bragged about his past hacking of websites and distribution of pirated software. And another DOGE employee installed a Starlink terminal on the White House roof, even though it’s unclear if Starlink communications are encrypted.
It also appears that DOGE has already deliberately exfiltrated government data.
For anyone clinging to the misguided notion that these are mistakes borne out of moving too fast, recall that DOGE has also taken steps to hide its incursions into sensitive government data by trying to delete logs and records.
Much of this violates longstanding privacy laws, like the Federal Privacy Act of 1974, which restricts how government employees can use and access private data—including prohibiting sharing personal data between agencies unless the data subject consents. DOGE also likely violated the Federal Information Security Modernization Act by failing to report its own major breach of labor data.
The Trump administration’s laissez-faire attitude about letting companies sell sensitive information and its blatant disregard for data security is a terrible combination. The government used to strive to protect privacy—now it’s engaged in nothing less than a full-fledged assault on that very concept.
Campaign Action
