Attention: You are using an outdated browser, device or you do not have the latest version of JavaScript downloaded and so this website may not work as expected. Please download the latest software or switch device to avoid further issues.

LEARN > Press Releases > Data Foundation Calls for Independent Investigation of SSA CDO's Whistleblower Allegations

Data Foundation Calls for Independent Investigation of SSA CDO's Whistleblower Allegations

Statement from the Data Foundation calling for an independent review of the SSA CDO's allegations of data governance gaps at the agency in 2025
29 Aug 2025
Press Releases

CDO disclosure raises urgent concerns about data security and access to sensitive information on hundreds of millions of Americans

Washington, D.C. – August 29, 2025 – The Data Foundation expresses significant concern regarding the credible whistleblower complaint filed this week by Charles (Chuck) Borges, Chief Data Officer (CDO) at the Social Security Administration (SSA). SSA's CDO alleges serious data security violations and unauthorized access to highly sensitive personal information belonging to hundreds of millions of Americans.

The allegations detailed in the now-public complaint describe potential unauthorized access to the NUMIDENT database – containing Social Security information for over 300 million Americans – as well as other sensitive data systems that include information related to child welfare and other vulnerable populations. These assertions, if accurate and validated, undermine longstanding protections governing federal data systems and multiple statutes.

"The gravity of the allegations about risks to sensitive data at the Social Security Administration by a select few individuals demands an immediate, comprehensive, and independent investigation," said Nick Hart, President and CEO of the Data Foundation. "CDO Chuck Borges is fulfilling his legal obligations under the OPEN Government Data Act, a law signed by President Trump in 2019, to assess risks to sensitive data and is raising public concerns related to potential data governance breaches. If accurate, the reported creation of unmonitored copies of Americans' sensitive personal data, potentially in violation of court orders and federal law, threatens the privacy and security of every American with potential for long-term harms, financial losses, and multi-generational risks."

The Data Foundation calls for immediate and concurrent investigation by federal oversight bodies including the SSA Inspector General, White House Office of Management and Budget (OMB), Department of Justice, Government Accountability Office (GAO), and relevant House and Senate committees.

These allegations are particularly troubling given the Data Foundation's warnings earlier this year about potential risks from data access issues at SSA, suggesting an escalation that requires comprehensive investigation. In March 2025, the Data Foundation requested GAO and congressional oversight of SSA data access and raised concerns about algorithmic analysis of Social Security systems, citing the need for objective, independent assessment of data access methodologies and privacy safeguards.

"The Trump Administration's goals to focus on government efficiency and eliminating fraud, waste, and abuse must be pursued through established legal frameworks that build and maintain public trust in government data stewardship," Hart noted. "Effective oversight ensures both objectives can be achieved simultaneously and responsibly."

Following objective, independent investigation, should wrongdoing be identified, the Data Foundation calls on SSA to:

  • Immediately address any security vulnerabilities or policy violations
  • Publish a System of Record Notice associated with any system that NUMIDENT data resides on in compliance with the Privacy Act of 1974
  • Provide radical transparency to communicate about what harms occurred and to whom, and efforts to reconcile harms and damages
  • Provide clear assurances to affected vulnerable persons that their data and personally identifiable information are protected
  • Demonstrate through independent validated mechanisms and an independent audit that the integrity of SSA operations remains sound

SSA maintains some of the federal government's most sensitive data systems, containing comprehensive personal, financial, and health information on nearly every American. The agency disburses more than $1.5 trillion annually in benefits, with more than one in five Americans receiving SSA benefits. Any compromise of these systems could have significant consequences for vulnerable Americans, including seniors, disabled individuals, and children.

"The government must function as a trusted steward of data about the American people," Hart continued. "The federal government can never afford to 'move fast and break' data systems with sensitive information, unnecessarily risking the privacy of hundreds of millions of Americans. Federal agencies have a fundamental obligation to protect citizens, and SSA specifically has a responsibility to protect beneficiaries and the vulnerable populations served by systems under its management."

The Data Foundation and members of its Data Coalition community have consistently advocated for responsible use of government data with appropriate privacy safeguards, supporting both innovation in government operations and robust protection of sensitive personal information. These principles are not in conflict – they are essential complements in building and maintaining public trust in government data systems.

The Data Foundation has consistently supported balanced approaches to federal data policy, including backing the Federal Data Strategy (OMB M-19-18) developed during President Trump's first term. This framework articulated clear principles and expectations for protecting data about the American people, including upholding ethics by protecting the public good, exercising responsibility through sound data security practices, and promoting transparency to maintain public trust. The Data Foundation also endorsed the Foundations for Evidence-Based Policymaking Act signed by President Trump in 2019. These frameworks provide tested approaches for responsible data access that advance government effectiveness while maintaining appropriate protections.

"Effective government requires both innovation and institutional integrity," Hart concluded. "Efforts to improve efficiency and effectiveness can never come at the expense of the American people's privacy rights. Independent oversight strengthens both by ensuring that efficiency initiatives operate within established legal frameworks and maintain public trust."

###

About the Data Foundation

The Data Foundation is a non-profit organization based in Washington, D.C. that champions the use of open data and evidence-informed public policy to make society better for everyone. As a nonpartisan think tank, we conduct research, collaborative thought leadership, and advocacy programs that advance practical policies for the creation and use of accessible, trustworthy data. Our activities proactively address emerging data-related needs in the country with the goal of devising realistic solutions, accelerating policy coordination, and advancing innovation. The Data Foundation is recognized by Candid Guidestar with the Platinum Seal of Transparency and received 4-Stars from Charity Navigator. To learn more, visit www.datafoundation.org. (LEI: 254900I43CTC59RFW495)

image

DATA FOUNDATION
1100 13TH STREET NORTHWEST
SUITE 800, WASHINGTON, DC
20005, UNITED STATES

INFO@DATAFOUNDATION.ORG

FINANCIAL REPORTS
BLOGS
STATEMENTS
RESOURCES
JOIN THE DATA COALITION
SIGN UP FOR OUR NEWSLETTER

image
This website is powered by
ToucanTech