Privacy advocates are raising red flags over a proposal by the Trump Administration that would allow the government to collect, store, and broadly share sensitive personal data from several pandemic-era relief programs.

The plan, quietly disclosed in a technical regulatory filing known as a Systems of Records Notice (SORN), would create a sweeping database containing information such as bank account numbers, Social Security numbers, employment records, and income data. Treasury officials say the database would combine information gathered from eight federal programs administered during the COVID-19 emergency, including programs designed to help small businesses, homeowners, and renters.

But consumer advocates warn the proposal could dramatically expand the government’s ability to monitor and share financial data about millions of Americans — including people who may never have directly received federal aid.

Nearly 50 legal aid and consumer advocacy organizations, led by the National Consumer Law Center (NCLC), have filed formal comments urging Treasury to withdraw or significantly scale back the plan.

“The federal government’s overbroad and imprecise proposal opens the door to the invasion of privacy of millions of people,” said Steve Sharpe, a senior attorney at NCLC. “The proposed system could capture data on people who have little to no relationship to Treasury programs.”

A quiet proposal with big implications

Systems of Records Notices are normally routine bureaucratic filings required under federal privacy law. They describe how agencies store personal data and how that information may be used or shared.

But advocates say Treasury’s February 6 notice goes far beyond routine housekeeping.

Instead of simply describing existing data systems, the proposal would allow Treasury to combine and cross-match personal data across multiple programs. Anyone whose information appeared in the files — not just program applicants — could potentially be included in the database.

That could include:

• Small business owners who applied for pandemic aid

• Homeowners seeking mortgage assistance

• Renters who applied for emergency relief

• Employees or business partners associated with applicants

• Landlords or mortgage servicers involved in program payments

In addition to consolidating the information, Treasury’s proposal would allow the agency to share the data with a wide array of other entities.

According to the notice, as many as 21 categories of organizations could gain access to the information. Those categories include multiple government agencies and certain outside organizations.

Critics say the breadth of those categories creates enormous uncertainty about who might ultimately obtain access to the data.

“The ways this sensitive information could be shared with other agencies are unjustifiable and dangerous,” Sharpe said.

Pandemic relief programs at issue

Many of the records in question come from federal relief programs created during the COVID-19 pandemic to stabilize the economy and prevent mass foreclosures and evictions.

Two of the programs cited by advocates include:

• Homeowner Assistance Fund (HAF) This program helped struggling homeowners catch up on mortgage payments, property taxes, and insurance.

• Emergency Rental Assistance Program (ERAP) ERAP provided funds to help renters and landlords cover overdue rent and utility bills during the pandemic.

Both programs collected detailed financial information from applicants in order to verify eligibility.

However, advocates say those programs already include robust fraud-prevention safeguards, including oversight by the Treasury Inspector General.

They also note that funds were typically paid directly to landlords or mortgage servicers, not to individuals.

Because of that structure, consumer advocates argue that building a large, centralized personal-data system is unnecessary.

“The programs already have effective measures in place to prevent fraud and non-compliance,” said Anneliese Lederer, senior policy counsel at the Center for Responsible Lending.

Cybersecurity and Data Breach Concerns

Beyond privacy concerns, critics warn that creating a centralized database containing sensitive financial information could become a prime target for hackers.

Large government databases have repeatedly been compromised in recent years, exposing millions of Americans’ personal data.

Advocates say Treasury’s proposal raises serious cybersecurity questions.

“This proposal raises serious cybersecurity concerns that could expose sensitive information from millions of people, including small business owners, employees and struggling households,” Lederer said.

Consumer groups worry the system could store:

• Social Security numbers

• Bank account details

• Income and employment records

• Housing and mortgage information

If breached, such data could enable identity theft, financial fraud, or other forms of exploitation.

Privacy advocates say the more widely the data is shared, the greater the risk becomes.

An expansion of government data sharing

Another major concern is the proposal’s broad data-sharing authority.

Treasury’s notice lists more than twenty types of entities that may receive access to the records. Within those categories are additional subcategories, further expanding the potential reach.

Critics say the proposal leaves too many unanswered questions.

Among them:

• Which agencies will actually receive the data?

• What limits will exist on its use?

• How long will the information be stored?

• What safeguards will prevent misuse?

Advocates argue the proposal effectively lays the groundwork for expanded government surveillance of financial data without a clear explanation of why the system is necessary.

“Protecting consumers’ privacy and financial security should not require a system that risks unnecessary surveillance or widespread data exposure,” Lederer said.

A “dramatic departure” from past practice

Sharpe said Treasury’s proposal stands out because SORN filings rarely generate controversy.

In most cases, agencies simply describe existing data practices. Major expansions of data collection or sharing typically occur through legislation or more transparent rulemaking processes.

“The announcements of government data collection are typically routine matters that do not warrant comment,” Sharpe said. “But the scope of this notice is an astonishing and dramatic departure from prior Treasury practice.”

The coalition of advocacy organizations says the proposal could transform what were once narrowly targeted relief programs into a permanent government data repository.

Calls to withdraw the plan

In their formal comments, the advocacy groups urged Treasury to withdraw the proposal and return with a narrower plan that better protects consumer privacy.

They argue any data-sharing system should include strict limitations, clear purposes, and strong safeguards.

At minimum, advocates say the agency should:

• Limit the types of information stored

• Restrict which agencies may access the data

• Provide stronger cybersecurity protections

• Ensure individuals’ data is not retained indefinitely

Without those safeguards, critics say the proposal could undermine trust in government programs designed to help people during emergencies.

“Privacy safeguards are not optional,” Sharpe said. “The administration must withdraw this effort to sweep up massive amounts of personal information for no apparent purpose.”

Broader debate over government data collection

The controversy comes amid growing debate over how federal agencies handle personal data collected through public programs.

During the COVID-19 pandemic, emergency relief programs required millions of Americans to submit sensitive financial information in order to receive assistance.

While such information was necessary to verify eligibility, advocates argue that repurposing that data years later raises serious privacy questions.

For people who turned to those programs during financial hardship, the expectation was that their information would be used only to determine eligibility for aid — not incorporated into a broader government data system.

Consumer groups say maintaining public trust is essential for future emergency programs.

“If people believe their personal information will be widely shared or permanently stored, they may hesitate to seek help when they need it most,” one advocate said.

What happens next

Treasury’s proposal remains in the public comment stage.

After reviewing comments from advocacy groups, industry representatives, and other stakeholders, the agency can choose to:

• Finalize the notice as proposed

• Revise the proposal

• Withdraw it entirely

Privacy advocates say they hope the agency will reconsider.

For now, the debate highlights a growing tension between government efforts to combat fraud and improve oversight and the need to protect the sensitive personal data millions of Americans submit when applying for assistance.

As Sharpe put it: “Collecting and safeguarding people’s personal information is a serious responsibility. Expanding that collection without a clear purpose is simply unacceptable.”