What We Sought
Democracy Forward Foundation is tracking the Trump–Vance administration’s efforts to remove long-established safeguards put in place to protect people’s personal data in order to pursue its harmful immigration enforcement agenda.
The Privacy Act of 1974 was created to provide safeguards against unwarranted invasions of privacy by establishing a code of fair information practices, which requires agencies to comply with statutory norms for collection, maintenance, access, use and dissemination of records. While the act has several exemptions, when any agency plans to use personal data for a new purpose it is required to provide notice in the Federal Register detailing the purpose, to allow the public and Congress to weigh in. Everyday individuals provide personal information to receive such benefits from agencies across the federal government, such as when enrolling in Medicaid or applying for a passport. By providing this information, individuals expect that this information will be used solely for the purpose of those benefits.
However, under the Trump-Vance administration, we have seen unauthorized secondary usage of data held by agencies as well as the centralization of data into a collective federal government database, both of which appear to violate our nation’s privacy laws, in order to weaponize sensitive personal data for immigration purposes.
In January 2025, the Trump-Vance administration sought access to a database of immigrant minors that is housed in the Department of Health and Human Service’s Office of Refugee Resettlement (ORR), which includes information on hundreds of thousands of immigrant children and teenagers who arrived in the country without their parents. The data is used to care for these minors and assist in getting them housing with sponsors, which sometimes includes close family, and out of government facilities. The administration threatened to use this data to assist in deportation efforts.
The Washington Post in spring 2025 reported that the United States Postal Service’s Postal Inspection Service (USPIS) joined a federal task force to locate undocumented immigrants using data from mail and packages. The partnership means fewer resources to pursue the service’s mandate in maintaining the safety of the mail system.
U.S. Immigration and Customs Enforcement (ICE) in summer 2025 was has been given access to the personal data of Medicaid’s 79 million enrollees across the country. The data provided includes enrollees’ ethnicities and home addresses. According to the agreement between the agencies, the Centers for Medicare and Medicaid (CMS) would provide this information to ICE in order to locate individuals targeted by the agency, a move that specifically targets individuals who sought assistance in times of medical emergencies. Immigrants who are not living in the U.S. legally, and even some lawfully present immigrants, are not allowed to enroll in Medicare, however state systems are mandated by federal law to offer emergency Medicaid, in order to provide temporary coverage for only lifesaving services in emergency rooms to anyone, regardless of status in this country. By illegally sharing this data with ICE, CMS is sharing personal information that puts people’s lives and data at risk.
U.S. Immigration and Customs Enforcement (ICE) has been given access to the personal data of Medicaid’s 79 million enrollees across the country. The data provided includes enrollees’ ethnicities and home addresses. According to the agreement between the agencies, the Centers for Medicare and Medicaid (CMS) would provide this information to ICE in order to locate individuals targeted by the agency, a move that specifically targets individuals who sought assistance in times of medical emergencies. Immigrants who are not living in the U.S. legally, and even some lawfully present immigrants, are not allowed to enroll in Medicare, however state systems are mandated by federal law to offer emergency Medicaid, in order to provide temporary coverage for only lifesaving services in emergency rooms to anyone, regardless of status in this country. By illegally sharing this data with ICE, CMS is sharing personal information that is putting people’s lives and data at risk.
Additionally, in December 2025, the Guardian reported that the Department of Veterans Affairs (VA) was creating a new internal database to track non-U.S. citizens who are either employed or affiliated with the department. Relevant data discovered through the tracking of this data would potentially be shared with other federal agencies, including those who work on immigration enforcement.
To shed light on the administration’s data sharing efforts in regards to immigration enforcement, we have submitted requests on the federal and state level.
What We Received
In response to our FOIA seeking a copy of the VA memorandum launching the non-U.S. citizen database, we received the full unredacted memorandum as well as screenshots of the spreadsheets designed to track this information.
