[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[S. 5109 Introduced in Senate (IS)]
<DOC>
118th CONGRESS
2d Session
S. 5109
To amend section 3520A of title 44, United States Code, to extend the
Chief Data Officer Council's sunset and add new authorities for
improving Federal agency data governance, including to enable reliable
and secure adoption of emerging technologies and artificial
intelligence, and for other purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
September 19, 2024
Mr. Peters (for himself and Mr. Young) introduced the following bill;
which was read twice and referred to the Committee on Homeland Security
and Governmental Affairs
_______________________________________________________________________
A BILL
To amend section 3520A of title 44, United States Code, to extend the
Chief Data Officer Council's sunset and add new authorities for
improving Federal agency data governance, including to enable reliable
and secure adoption of emerging technologies and artificial
intelligence, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Modernizing Data Practices to
Improve Government Act''.
SEC. 2. AMENDMENTS.
(a) In General.--Section 3520A of title 44, United States Code, is
amended--
(1) by striking subsections (d) and (e);
(2) by redesignating subsections (a) through (c) as
subsections (b) through (d), respectively;
(3) by inserting before subsection (b), as so redesignated,
the following:
``(a) Definitions.--In this section:
``(1) Artificial intelligence.--The term `artificial
intelligence'--
``(A) has the meaning given that term in section
5002 of the National Artificial Intelligence Initiative
Act of 2020 (15 U.S.C. 9401); and
``(B) includes the artificial systems and
techniques described in paragraphs (1) through (5) of
section 238(g) of the John S. McCain National Defense
Authorization Act for Fiscal Year 2019 (Public Law 115-
232; 10 U.S.C. 4061 note prec.).
``(2) Data governance.--The term `data governance'--
``(A) means the approach of an agency to managing
data during the lifecycle of the data, from
acquisition, to use, to disposal; and
``(B) includes--
``(i) all actions an agency must take and
the technology and processes an agency must use
to ensure data is secure, private, accurate,
available, and usable; and
``(ii) authorities, roles,
responsibilities, organizational structures,
policies, procedures, standards, and resources
for the definition, stewardship, production,
security provenance, and use of data.
``(3) Use case.--The term `use case' means a description of
the ways and circumstances in which a technology is deployed to
perform a specific function.'';
(4) in subsection (c), as so redesignated--
(A) by redesignating paragraph (5) as paragraph
(6);
(B) in paragraph (4), by striking the ``and'' at
the end; and
(C) by inserting after paragraph (4) the following:
``(5) identify opportunities and procedures to improve data
governance to--
``(A) ensure the data of agencies are transparent,
accessible, and of sufficient quality for the intended
use of the data; and
``(B) support agency heads and their efforts to
reliably and securely leverage emerging technologies
and artificial intelligence, to ensure mission outcomes
and improve operational efficiency across agencies;
and'';
(5) in subsection (d)(3), as so redesignated--
(A) by striking ``The Administrator'' and inserting
the following:
``(A) Administrator of the office of electronic
government.--The Administrator''; and
(B) by inserting after subparagraph (A), as so
designated, the following:
``(B) Appointed members.--The Director shall
appoint a representative from among Chief Artificial
Intelligence Officers to serve on the Council.''; and
(6) by adding at the end the following:
``(e) Data Governance Reports.--The Council shall submit to the
Director, the Committee on Homeland Security and Governmental Affairs
of the Senate, and the Committee on Oversight and Accountability of the
House of Representatives--
``(1) a biennial report on the work of the Council,
including any updates to the recommendations provided in the
report required under paragraph (2) of this subsection;
``(2) not later than 1 year after the date of enactment of
this subsection, a report with recommendations and best
practices for agencies on developing datasets, data governance
policies, and infrastructure to enable adoption and use of
emerging technologies and artificial intelligence, including
for use in training, testing, and operation of artificial
intelligence within agencies that includes--
``(A) an assessment of key data governance and
sharing challenges preventing adoption of emerging
technologies and artificial intelligence across
agencies;
``(B) an assessment of ways to strengthen and
clarify roles and responsibilities related to data
governance between senior agency leaders, including the
Chief Information Officer, the Chief Information
Security Officer, the Chief Financial Officer, the
Chief Privacy Officer, the Chief Artificial
Intelligence Officer, and the Chief Acquisition
Officer;
``(C) recommendations for data governance best
practices, including--
``(i) best practices to ensure data used
for testing, training, and operation of
artificial intelligence is reliable, relevant
to the task, representative of the impacted
individuals of the artificial intelligence
system, transparent, high quality, and protects
the privacy and personally identifiable
information of individuals; and
``(ii) defining key data standards,
including data quality;
``(D) a prioritization of agency artificial
intelligence use cases that address a critical need
across the Federal Government, for which new or shared
datasets are needed to support adoption;
``(E) identification of existing data available to
1 or more agencies that would benefit other such
agencies if the data were shared or made available;
``(F) recommendations for ways to address increases
in risks, including through training of relevant agency
employees, associated with--
``(i) the potential for misuse of,
mismanagement of, and unauthorized access to
data and personally identifiable information of
individuals when an agency leverages data for
use in artificial intelligence, including
identification of software or hardware
solutions, technical processes, techniques, or
other technological means of mitigating privacy
risks arising from data processing; or
``(ii) increasing access to the data of the
agency for the purposes of supporting a cross-
Government mission;
``(G) recommendations for data ownership and
retention policies and procedures, including policies
and procedures to ensure that agency contracts to
procure artificial intelligence include any necessary
clauses to ensure that the Federal Government--
``(i) retains sufficient rights to data,
and any modifications to that data;
``(ii) avoids vendor lock-in and retains
the ability to facilitate or conduct the
continued design, development, testing, and
operation of artificial intelligence by the
Federal Government; and
``(iii) can conduct pre-procurement reviews
of artificial intelligence to assess potential
error issues;
``(H) criteria agencies should consider when using
data to train artificial intelligence used by agencies,
including recommendations for--
``(i) ways to increase transparency of
training data for the public and for agency
employees using the relevant artificial
intelligence system software;
``(ii) processes and procedures to analyze
and test training data for potential risks;
``(iii) criteria for determining how to
preserve the interests of the Federal
Government; and
``(iv) performance evaluation metrics to
ensure that an artificial intelligence system
performs as intended;
``(I) recommendations for ways to expand public
access to Federal data assets in a machine-readable
format while also taking into account security
considerations, including the risk that, while
information in an individual data asset may not pose a
security risk in isolation, such information could pose
a security risk when combined with other data assets;
``(J) recommendations for defining, generating,
using, and ensuring the privacy and security of
synthetic data in the Federal Government, including--
``(i) a formalized definition of synthetic
data generation for government use, including
specifying definitions for data which is fully
or partially synthetic;
``(ii) guidance for agencies on best
practices around synthetic data generation and
use, including tools or techniques agencies
should take to--
``(I) mitigate privacy and security
risks;
``(II) ensure agencies practice
appropriate processes to ensure the
accuracy and quality of synthetic data
and the appropriateness for the
intended use of the synthetic data by
the agency;
``(III) adopt the appropriate
techniques to validate synthetic data,
including data profiling, data
consistency, data integrity, and data
documentation; and
``(IV) communicate opportunities,
risks, and limitations of synthetic
data internally to agencies and
externally to the public;
``(iii) opportunities across the Federal
Government and within specific agencies for
embracing or avoiding the use of synthetic
data; and
``(iv) opportunities for the Federal
Government to partner with public and private
sector entities in the development and sharing
of data, including synthetic data, to help in
the adoption of emerging technologies and
artificial intelligence; and
``(K) for subparagraphs (A) through (J), an
indication of how agencies can incorporate the
respective recommendations and best practices into
existing agency processes and statutory requirements.
``(f) Data Governance Guidance.--The Director, upon receipt of a
report required under subsection (e), may issue guidance to agencies
with respect to the implementation of the recommendations of the
report.
``(g) Data Management Report.--Not later than 270 days after the
date of enactment of this subsection, the Director, in consultation
with the Council, shall submit to Congress an annual report with
recommendations to clarify and enhance the roles of the Chief Data
Officers across the Federal Government relating to data governance for
artificial intelligence, including--
``(1) an inventory of all Chief Data Officers of agencies,
including, with respect to each agency--
``(A) any additional roles or titles the Chief Data
Officer holds at the agency;
``(B) the organizational structure of the agency,
including any official to whom the Chief Data Officer
reports to within the agency; and
``(C) the respective roles, responsibilities, and
statutory authorities relating to data and artificial
intelligence of the Chief Data Officer at the agency;
``(2) an identification of skills and resources needed by
Chief Data Officers and their staffs to support artificial
intelligence system adoption at agencies; and
``(3) recommendations for suggested collaboration
opportunities between the Council and other interagency
councils to improve data governance best practices across
government, including--
``(A) the Chief Financial Officers Council;
``(B) the Chief Human Capital Officers Council;
``(C) the Chief Acquisition Officers Council;
``(D) the Federal Privacy Council;
``(E) the Chief Information Officers Council; and
``(F) other key groups of the Federal Government.
``(h) Evaluation.--Not later than 2 years after the date of
enactment of this subsection, and not less frequently than once every 2
years thereafter, the Comptroller General shall submit to Congress a
report on--
``(1) whether the duties of the Council improved the use of
evidence and program evaluation in the Federal Government; and
``(2) any barriers or challenges preventing the Council
from accomplishing the objectives under this section or the
amendments made by the Modernizing Data Practices to Improve
Government Act.''.
(b) Sunset.--Beginning on the date that is 7 years after the date
of enactment of this Act, the amendments made by this Act shall have no
force or effect.
<all>