EPIC has filed comments with the IRS concerning its proposed rule that would allow employers to submit the last four digits of SSNs on W-2s rather than full SSNs. Due to the high risk of identity theft and financial fraud, EPIC recommended that the IRS make it mandatory to truncate SSNs on W-2s, saying “allowing the use of full SSNs will create unnecessary risk for those who do not truncate their SSNs.” EPIC has participated in leading cases—Greidinger v. Davis, Beacon Journal v. Akron, and Ingerman v. IRS—involving the privacy of the SSN and has frequently testified in Congress about the need to establish privacy safeguards for the SSN.
The DC Circuit has issued an order in EPIC’s suit to compel the Commission to conduct a Privacy Impact Assessment required by law and to halt the Presidential Election Commission’s collection of state voter data. The Court held that EPIC, a privacy and open government organization, did not have standing to challenge the Commission’s failure to conduct and publish a privacy assessment as required under the E-Government Act. EPIC’s initial filing led the Commission to suspend the collection of voter data, discontinue the use of an unsafe computer server, and delete the voter information that was unlawfully obtained. Many states and over 150 members of Congress have opposed the Commission’s efforts to collect state voter data. EPIC’s case is EPIC v. Commission, No. 17-1320 (D.D.C.) & 17-5171 (D.C. Cir.).
The White House has released the 2017 National Security Strategy. The report underscores the importance of democratic institutions and the rule of law. The report states the “government must do a better job of protecting data to safeguard information and the privacy of the American people,” and calls out "actors such as Russia [who] are using information tools in an attempt to undermine the legitimacy of democracies.” The report also cautions that cyber policy must be pursued "In accordance with the protection of civil liberties and privacy.” EPIC is currently pursuing several related FOIA cases about Russian interference in the 2016 Presidential election, including EPIC v. FBI (cyberattack victim notification), EPIC v. ODNI (Russian hacking), EPIC v. IRS (Release of Trump Tax Returns), and EPIC v. DHS (election cybersecurity).