LegisTrack
Back to all bills
S 1943119th CongressIntroduced

Protecting Seniors' Data Act of 2025

Introduced: Jun 4, 2025
Technology & Innovation
View on Congress.gov
Standard Summary
Comprehensive overview in 1-2 paragraphs

The Protecting Seniors' Data Act of 2025 would require the Comptroller General (GAO) to conduct a comprehensive audit of the Social Security Administration’s computer systems and networks accessed by the United States DOGE Service and related personnel or teams. The audit would look for security vulnerabilities or bugs in software installed, created, or modified by those individuals or entities and determine whether privacy laws were violated, including the Privacy Act, Internal Revenue Code section 6103, the Federal Information Security Management Act (FISMA), or section 1106 of the Social Security Act. Within one year of enactment, the GAO would deliver findings and recommendations for legislation or administrative action to Congress and the SSA Commissioner. After receiving the audit, the SSA Commissioner would have 90 days to fix identified vulnerabilities or bugs and report back on the status to key congressional committees. In short, the bill creates a federal oversight and remediation process aimed at improving security and privacy protections for SSA computer systems and the data of seniors, by mandating an independent audit, reporting, and prompt corrective action.

Key Points

  • 1The Act establishes a short title and purpose: it may be cited as the “Protecting Seniors' Data Act of 2025” and requires a GAO-led audit of SSA IT systems and networks accessed by the DOGE Service and related personnel or teams.
  • 2Scope of the audit: it must identify security vulnerabilities or bugs in software installed, created, or modified by those personnel/entities and assess whether privacy laws (Privacy Act, IRS Code 6103, FISMA, SSA Act 1106) were violated.
  • 3Timeline for GAO work: the GAO must commence the audit within 60 days of enactment and report results within 1 year to the Senate Finance Committee, House Ways and Means Committee, and the SSA Commissioner, including recommendations for action.
  • 4SSA remedial action: within 90 days of receiving the audit report, the SSA Commissioner must fix identified vulnerabilities/bugs and provide a status update to the specified congressional committees.
  • 5Oversight and purpose: the bill creates a formal, accountability-focused process intended to strengthen data security and privacy protections for seniors’ SSA data, with potential implications for future legislation and administrative actions.

Impact Areas

Primary group/area affected: Seniors and users of Social Security data, whose personal information held by SSA would be safeguarded through enhanced IT security oversight and remediation.Secondary group/area affected: SSA personnel, the DOGE Service affiliates, contractors, volunteers, and associated teams whose software or access could be reviewed and remediated under the audit.Additional impacts: increased congressional oversight of SSA IT security, potential changes in administrative practices or policy, and possible subsequent legislation to codify enhanced privacy and security requirements or funding needs for remediation efforts.
Generated by gpt-5-nano on Oct 3, 2025