Modernizing the Privacy Act: Protecting privacy while enabling improved service delivery

TL;DR: In 1974, a bill called the Privacy Act was passed that placed strict limitations on how the federal government uses, shares, and stores Americans’ personal information. While this act has protected Americans against government overreach and malfeasance, the restrictions it imposed have also limited the effectiveness of digital services in meaningful ways. Inspired by a Congressional RFI, the Verdance team recently explored how a thoughtful update to this foundational bill could build greater public trust and improve how people interact with government.

At Verdance, our day-to-day work has us deep in the weeds of critical government systems—we design tools to help Veterans obtain benefits, build healthcare APIs so providers can deliver the best care possible, and implement delicate changes to modernize legacy mainframe systems. While most of our time is spent improving the implementation of existing policy, we also believe that one of the top priorities of the civic tech community is to close the gap between policymaking and implementation.

That’s why, at our recent company offsite, we explored how updates to federal privacy laws could unlock a new generation of citizen-centered government services. We used our discussions to inform a response we submitted to a Request for Information (RFI) issued by Congresswoman Lori Trahan (MA-3) on Privacy Act modernization. Below are some of our thought.

The Privacy Act's genesis and its implications today

Enacted in 1974 in the wake of the Watergate scandal, the Privacy Act was designed to limit unlawful surveillance and to ensure that federal agencies handle personal information responsibly. The law allowed government to collect and use personal information for formally defined purposes, while restricting most other uses to safeguard individuals’ privacy. To comply with the Privacy Act, agencies must publish System of Records Notices (SORNs)—official notices that explain what data is collected, how it is used, and who can access it. 

However, technology and expectations have evolved dramatically since 1974. Today, if the government wants to use existing data for a new purpose, it’s very often necessary to update SORNs, which can take months or even years. This slows innovation and makes it difficult for agency teams who are implementing program changes to quickly deliver efficient, intuitive services. In practice, agency teams working under tight deadlines often lack the time and resources to navigate these processes, and are often forced to deliver suboptimal customer experiences to avoid making changes to a SORN—for example, the agency might need to duplicatively collect information already stored in another government system. Meanwhile, the average American who doesn’t have a deep knowledge of federal privacy law could be left wondering why the government is asking to collect information that it presumably already has.

Moreover, while today’s federal privacy policy stemming from the Privacy Act has provided valuable transparency into government operations, it hasn’t kept pace with the expectations of modern digital services. For example, there’s currently no easy way for individuals to broadly see how their personal data is being used, or to proactively opt into uses that might benefit them, as is now common with many private-sector platforms.

Prototyping capabilities that could be unlocked by Privacy Act modernization 

Our team identified three principles for policymakers to consider when modernizing the Privacy Act:

1. Transparency — Ensuring individuals understand what data the government holds, how it is used, and for what purposes.

2. Consent— Enabling people to easily grant, limit, or revoke permission for how their data is shared.

3. Error mitigation — Providing straightforward ways, both online and in person, for individuals to correct errors or update their information.

Together, these principles create a foundation for greater accountability, stronger engagement, and increased public confidence in government systems. As agencies begin incorporating artificial intelligence into service delivery, it will be even more critical to give individuals a clear view of how their data is being used — and to ensure clear pathways exist to take action if systems misfire.

At our annual company strategy session, we posed a simple question:

How might the government give individuals genuine control over their personal data?

Drawing on Verdance’s experience with digital identity and data-sharing systems, several teams rapidly prototyped possible solutions using AI-powered tools.  

We called one concept that we explored “myUSA.gov”—a secure, centralized portal where individuals can view and update their personal information and manage how it’s shared between agencies.

This portal could:

• Reduce bureaucratic confusion by offering a clear, intuitive view of personal data and how it is used in delivering government services.

• Empower individuals to decide when and how their information is shared.

• Accelerate service delivery while giving individuals control over their information by allowing faster consent for legitimate uses—particularly during times of crisis.

One team designed a data-sharing consent interface intended to ensure that members of the public can clearly follow why their data is being requested and how sharing it would streamline processes or prevent duplicate efforts. The desire to share personal information with agencies varies greatly from individual to individual. Some might welcome sharing to avoid having to repeatedly assert their information while seeking access to services from different agencies. Others prioritize their privacy and value minimal sharing. While this prototype provides a unified view of government services stemming from multiple agencies, it still affords individuals the choice to decline to have their information shared. 

These prototypes use data to help build a trusted connection between people and their government—a future where privacy preferences are respected and the path is cleared for government entities to build the efficient, effective digital services that are needed today. 

Starting small and iterating on current data infrastructure

These ideas are not entirely new. Federal digital teams have explored similar concepts before but often concluded they weren’t feasible given existing policy and process constraints. What’s different today is the growing momentum across government to modernize privacy frameworks and deliver digital services that reflect how people actually live and work.

Modern infrastructure and shared platforms have made it possible to test new ideas more safely and at lower cost. For instance, Login.gov, managed by the General Services Administration (GSA), already provides secure authentication for millions of users. Its roadmap suggests a shift towards leveraging existing government data to facilitate an individual’s access to services and prevent abuse, all while preserving privacy and consent. 

Exercises like these help Verdance teams connect high-level policy discussions to the practical realities of building digital public services. By understanding where policy and technology intersect, we can make better day-to-day decisions that treat both privacy and user experience as first-class priorities.

If you’re interested in helping build the future of government technology, we’d love to hear from you. Explore our open roles or reach out at hello@verdance.co.