Beleaguered public servants are often left unprotected by state privacy laws
State consumer privacy laws do not offer adequate protections for public servants, who are dealing with escalating threats of violence, according to a report published Tuesday by the Public Service Alliance, a nonprofit that supports government workers facing harassment or security concerns.
The report, which examines the 19 state comprehensive privacy laws on the books, found that not one of those laws grants public servants the right to legally compel state agencies to redact their personal data from public records, or to compel data brokers to stop selling data once they’ve acquired it from public records. Allowing these practices to continue, the report notes, exacerbates “the widespread availability, aggregation, and sale of their personal data, which facilitates doxxing and physical violence.”
“Comprehensive” privacy laws, the term for broad laws that set rules for how businesses and data brokers can use, sell and share personal information collected from consumers, are often billed as frameworks for giving individuals control and transparency over their data. But the report claims that public servants are left out of such considerations. Nineteen states have passed these laws, in part motivated by the absence of a federal data privacy law, creating a patchwork of varying regulations across state lines.
The report also points out that California’s privacy regime appears to be the “strongest,” in part due to its Delete Request and Opt-Out Platform, or DROP, which went live on Jan. 1. It allows consumers to easily submit requests to all registered data brokers for deletion and cessation of sale of covered personal data.
But a number of experts and reports have found that state privacy laws are largely ineffective or to outright fail in regulating how private companies use the data they amass. Some state attorneys general have even critiqued their own comprehensive privacy laws as not being strong enough against improper use and sale of personal data.
These failures, the report claims, are especially concerning for public servants, who, according to research from the advocacy organization The Impact Project, are experiencing unprecedented levels of threats and physical violence. The research found all types of public servants — from federal and state lawmakers, to judges, local school board members and 911 operators — have received threatening statements and experienced physical violence over the last decade.
Researchers found that the violence has become more pervasive via publicly available data, as “perpetrators may rely on public servants’ personal data, such as phone numbers, email addresses, and physical addresses,” which can lead to the public servants being doxxed, subjected to death threats, swatting and other acts of intimidation and violence.
Research conducted jointly by the Public Service Alliance and The Impact Project found that although threats against federal officials accounted for just over half of reviewed incidents, local government workers received an “alarming,” nearly one-third share of violent threats between 2015 and 2025. There were 9,474 threats made against members of Congress in 2024, and more than 1,000 serious threats to federal judges were investigated between 2019 and 2024. Nearly 90% of state legislators experienced some form of threat or verbal abuse between 2021 and 2024.
The report recommends four changes to state privacy laws to better protect public servants. First, states should consider broadening coverage protections to all public servants. Second, they should require state agencies and other processors of public servants’ personal data to honor takedown requests within 10 days. Third, private data sources and public records should enter the scope of protection under privacy laws. Lastly, private laws should incorporate a broad private right of action, allowing private lawsuits without government involvement, to ensure accountability.
“The widespread availability of personal information in public records — and its sale by data brokers— is exacerbating the rise in political violence,” Justin Sherman, interim vice president of the PSA Security Project and the report’s author, said in a news release. “Protecting First Amendment principles and the physical safety of public servants, their families, and their colleagues are not mutually exclusive. No American should have to choose between serving their community and keeping their family safe. Closing the gaps in state privacy laws is essential to protecting the people who serve their communities and their country.”
