The Office of Personnel Management submitted the assessment, but Justice Department lawyers argued it was unnecessary.
The Office of Personnel Management (OPM) has submitted a privacy assessment in an ongoing lawsuit over the Trump administration’s plan to implement a government-wide email system for communication with federal employees.
The Feb. 5 filing was made after a lawsuit in which two anonymous employees alleged that the Trump administration had failed to issue a privacy impact assessment (PIA) purportedly required by federal law. A subsequent motion for a temporary restraining order requested that a federal judge in Washington prevent the OPM from operating computer systems tied to an email address—[email protected]—associated with the administration’s project.
OPM had announced on Jan. 23 that it was “testing a new capability allowing it to send important communications to ALL civilian federal employees from a single email address.”
Attorneys with the Department of Justice filed the PIA but argued that the law didn’t actually require one in this situation.
“For one, this case is moot because—even though the E-Government Act does not require a PIA under these circumstances—OPM has now completed a PIA of the systems used in association with the [email protected] address,” the DOJ said in a Feb. 5 filing.
District of Columbia Judge Randolph Moss had ordered the parties to appear for a hearing on Feb. 5 but rescheduled that hearing for Feb. 6 while noting that plaintiffs’ counsel failed to appear.
The PIA, which came from OPM Chief Information Officer Greg Hogan, said the government-wide system “increases efficiency and transparency by allowing simultaneous communication with the federal workforce OPM has been tasked with overseeing.” It added that the system “operates entirely on government computers and in Microsoft mailboxes.”
The lawsuit had referenced a Reddit post alleging that political appointees were directing agencies to collect information on government employees and send it to an employee of xAI, one of Elon Musk’s companies.
“We think they’re building a massive email list of all federal employees to generate mass RIF notices down the road,” the post stated, apparently referring to the acronym for reduction in force, or layoffs.
The administration said in one of its Feb. 5 filings that “many of the plaintiffs’ factual allegations—based on a since-deleted Reddit post … are unsubstantiated and, if this case proceeds, will be rebutted in due course.”
The PIA also addressed multiple potential privacy concerns, such as information being accessed by unauthorized users or for an unauthorized purpose.
“This risk is mitigated by restricting access to a limited number of individuals assigned to access the GWES [Government Wide Email System] information and blocking others from access,” it read.
According to Hogan, the GWES gathered information from Enterprise Human Resources Integration and Official Personnel Folder record systems. It also came from data collected by the agencies, which Hogan said was received through email.
In responding to the request for a temporary restraining order, the Trump administration said that the law cited by plaintiffs—the E-Government Act—did not require a PIA when the government was seeking to collect information about employees of the federal government. It also told the judge that the plaintiffs were seeking relief based on a potential data breach.
“Plaintiffs do not allege that any such data breach has occurred, and any alleged injury stemming from a hypothetical, future data breach is too speculative to establish standing,” the administration said.