When New York City implemented its IDNYC municipal ID system, it was meant to give undocumented immigrants a way to access crucial services that require government identification. But as Donald Trump’s inauguration looms, a new lawsuit will test the wisdom of keeping sensitive data for the program.

A new lawsuit will test the wisdom of holding the data

Two Republican state assembly members have sued to stop the destruction of records on hundreds of thousands of cardholders, and a court has decided that the records must remain, pending a hearing later this month. Soon after, Trump will take office, as advocates worry whether he’ll target the information to identify undocumented immigrants.

There is no guarantee the lawsuit will succeed, or that Trump will be able to use the records — which contain information on many people besides immigrants — for deportation purposes. But what looked like a clever bureaucratic gambit is unexpectedly something very different, and to immigrants, possibly more dangerous.

When it designed the IDNYC program, New York retained information on cardholders, but with a caveat: at the end of this year, the city would have the power to change how it holds the data. In an act of partisan gamesmanship, the clause in the local law amounted to a kill switch — one that was put in place, as one Councilman almost presciently put it, “in case a Tea Party Republican comes into office.”

The clever gambit suddenly looks very different

The suit filed this week rests on New York’s state transparency law, known as the Freedom of Information Law, or FOIL. According to the suit, since there are no provisions in the law that allow for the destruction of government records, the city would be overstepping its bounds by destroying the IDNYC data, especially based on who is in office.

The dispute isn’t without precedent. In New Haven, Connecticut, a similar legal battle unfolded over the city’s municipal ID program. There, an anti-immigration group also sued the city under the state’s freedom of information law, with plans to turn the information over to ICE. In that case, the city beat back the lawsuit, but that won’t ensure the same outcome in New York.

“The city is violating state law,” Nicole Malliotakis, one of the Assembly members involved in the suit, told The Verge. “They are not doing what’s in the best interest of the citizens that they are representing.”

In many ways, the database debate parallels other stories of unintended consequences unfolding as the government prepares to transition from Obama to Trump. How will Trump use the surveillance apparatus created by Obama? What does this mean for the undocumented immigrants brought to the US as children, who are staying through an Obama executive order?

The database debate parallels stories unfolding across government

As the Center for Popular Democracy, which advocates for immigrants’ rights, pointed out in a report last year, there are two generally accepted ways to safeguard sensitive data: explicitly prevent its release in the legislation, or never provide the data in the first place. Cities have already proven that not retaining underlying personal information is viable — San Francisco operates a program without using underlying application documents, for one example.

Win or lose, if there’s any lesson for privacy advocates and local governments to carry from the unexpected battle over its data, it may be that even planned self-destruction is no impenetrable barrier against misuse. The best way to keep sensitive data private may still be to never hold the data at all.