[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[H.R. 1877 Introduced in House (IH)]
<DOC>
119th CONGRESS
1st Session
H. R. 1877
To amend title XI of the Social Security Act to establish that
political appointees and special governments may not access beneficiary
data systems, to establish civil penalties for certain violations
relating to disclosure or access of beneficiary information, and for
other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
March 5, 2025
Mr. Larson of Connecticut (for himself, Mr. Neal, Ms. Velazquez, Mr.
Bishop, Mr. Moulton, Mr. Deluzio, Mr. Nadler, Ms. Tlaib, Mr. Davis of
Illinois, Ms. Jacobs, Mr. Grijalva, Mr. Thompson of Mississippi, Mr.
Jackson of Illinois, Ms. Titus, Mr. Cohen, Mr. Krishnamoorthi, Ms.
Budzinski, Mr. Quigley, Mr. Horsford, Ms. Chu, Ms. Sewell, Mr. Boyle of
Pennsylvania, Mr. Schneider, Mr. Ivey, Mrs. Cherfilus-McCormick, Mrs.
McIver, Mrs. Hayes, Ms. DeLauro, Mr. Takano, Ms. Elfreth, Ms. Ansari,
Mr. Panetta, Mr. Suozzi, Mr. Khanna, Mr. Lynch, Ms. Moore of Wisconsin,
Ms. McCollum, Mrs. Watson Coleman, Mr. Tonko, Mrs. Dingell, Mr.
Thompson of California, Mr. Stanton, Ms. Barragan, Ms. Sanchez, Ms.
Norton, Mr. Johnson of Georgia, Mr. Gottheimer, Mr. Auchincloss, Mr.
Carson, Mr. Sorensen, Ms. Schakowsky, Mr. Landsman, Ms. DelBene, Mr.
Huffman, Mr. Pocan, Mr. Amo, Ms. Kelly of Illinois, Ms. Underwood, Ms.
Kaptur, Mr. Riley of New York, Ms. Brownley, Mr. Morelle, Ms. Matsui,
Ms. Brown, Mr. McGarvey, Ms. Pettersen, Mr. Mfume, Mr. Swalwell, Ms.
Plaskett, Ms. Randall, and Ms. Dean of Pennsylvania) introduced the
following bill; which was referred to the Committee on Ways and Means
_______________________________________________________________________
A BILL
To amend title XI of the Social Security Act to establish that
political appointees and special governments may not access beneficiary
data systems, to establish civil penalties for certain violations
relating to disclosure or access of beneficiary information, and for
other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Protecting Americans' Social
Security Data Act''.
SEC. 2. ACCESS BY POLITICAL APPOINTEES AND SPECIAL GOVERNMENT
EMPLOYEES.
Section 1106 of the Social Security Act (42 U.S.C. 1306) is amended
by adding after subsection (g) the following:
``(h) Access by Political Appointees and Special Government
Employees.--
``(1) In general.--Notwithstanding any other subsection of
this section, an individual who is a political appointee (as
that term is defined in section 4(a) of the Edward `Ted'
Kaufman and Michael Leavitt Presidential Transitions
Improvements Act of 2015 (5 U.S.C. 3101 note)) or a special
government employee (as that term is defined in section 202(a)
of title 18, United States Code) may not access a beneficiary
data system.
``(2) Beneficiary data system defined.--In this section,
the term `beneficiary data system' means a system that is
maintained by the Social Security Administration for the
purposes of administering this Act that--
``(A) issues or records social security account
numbers;
``(B) is used to determine eligibility for benefits
under this Act;
``(C) to pay benefits under this Act; or
``(D) otherwise contains personally identifiable
information about individuals receiving or applying for
a benefit under this Act, including--
``(i) the Master Files of Social Security
Number Holders and SSN Applications (Numident);
``(ii) the Master Beneficiary Record;
``(iii) the Supplemental Security Income
Record and Special Veterans Benefits;
``(iv) the National Disability
Determination Services File;
``(v) the Earnings Recording and Self-
Employment Income System; and
``(vi) any other system accessible through
the Enterprise Data Warehouse.''.
SEC. 3. CIVIL DAMAGES FOR UNAUTHORIZED ACCESS OR DISCLOSURE OF CERTAIN
INFORMATION.
Section 1106 of the Social Security Act (42 U.S.C. 1301) is further
amended by adding after subsection (h), as added by section 2, the
following:
``(i) Civil Penalties.--
``(1) In general.--
``(A) Disclosure or access by employee of united
states.--If any officer or employee of the United
States negligently discloses or accesses any
information that pertains to an individual in violation
of any provision of subsection (a) or (h), such
individual may bring a civil action for damages against
the United States in a district court of the United
States.
``(B) Disclosure or access by a person who is not
an employee of united states.--If any person who is not
an officer or employee of the United States negligently
discloses or accesses any information that pertains to
an individual in violation of any provision of
subsection (a) or (h), such individual may bring a
civil action for damages against such person in a
district court of the United States.
``(2) Exceptions.--No liability shall arise under this
section with respect to any disclosure or access--
``(A) which results from a good faith, but
erroneous, interpretation of subsection (a) or (h); or
``(B) which is requested by the individual.
``(3) Damages.--In any action brought under paragraph (1),
upon a finding of liability on the part of the defendant, the
defendant shall be liable to the plaintiff in an amount equal
to the sum of--
``(A) the greater of--
``(i) $5,000 for each act of unauthorized
access or disclosure with respect to which such
defendant is found liable; or
``(ii) the sum of--
``(I) the actual damages sustained
by the plaintiff as a result of such
unauthorized access or disclosure, plus
``(II) in the case of a willful
access or disclosure or an access or
disclosure which is the result of gross
negligence, punitive damages, plus
``(B) the costs of the action, plus
``(C) reasonable attorneys fees, except that if the
defendant is the United States, reasonable attorneys
fees may be awarded only if the plaintiff is the
prevailing party.
``(4) Period for bringing action.--Notwithstanding any
other provision of law, an action to enforce any liability
created under this section may be brought, without regard to
the amount in controversy, at any time within 2 years after the
date of discovery by the plaintiff of the unauthorized
disclosure or access.
``(5) Notification of unlawful disclosure or access.--If
any person is criminally charged by indictment or information
with disclosing or accessing any information that pertains to
an individual in violation of subsection (a) or (h), the
Commissioner of Social Security shall notify such individual as
soon as practicable of such disclosure or access. The
Commissioner shall also notify such individual if a Federal or
State agency (upon notice to the Commissioner by such Federal
or State agency) proposes an administrative determination as to
disciplinary or adverse action against an employee arising from
the employee's unauthorized disclosure or access of the
individual's information. The notice described in this
subsection shall include the date of the unauthorized
disclosure or access and the rights of the individual under
such administrative determination.''.
SEC. 4. INVESTIGATIONS.
Section 1106 of the Social Security Act (42 U.S.C. 1301) is further
amended by adding after subsection (i), as added by section 3, the
following:
``(j) Investigation and Report.--
``(1) Investigation.--The Inspector General of the Social
Security Administration shall investigate each disclosure in
violation of subsection (a) and each access of a beneficiary
data system in violation of subsection (h).
``(2) Treatment of disclosure or access.--For the purposes
of this subsection, the Inspector General may, if the Inspector
General determines appropriate, treat a series of violations of
subsection (a) or (h) as a single violation.
``(3) Report.--Not later than 30 days after the Inspector
General becomes aware of a violation of subsection (a) or (h),
the Inspector General shall submit to Congress a report on such
violation, which shall include--
``(A) a detailed description of the violation;
``(B) a risk assessment of any threat to the
privacy of any individual whose information was
disclosed or accessed, national security,
cybersecurity, or the integrity of the applicable
beneficiary data system as a result of the violation;
and
``(C) a detailed description of any stopped payment
during the unauthorized use or access.''.
SEC. 5. PRIVACY REGULATIONS.
Notwithstanding this Act and the amendments made by this Act, part
401 of title 20 of the Code of Federal Regulations, as in effect on
January 19, 2025, shall have the force and effect of law.
SEC. 6. GAO STUDY AND INTERIM REPORTS.
(a) In General.--Not later than 1 year after the date of enactment
of this Act, the Comptroller of the United States shall submit to the
Committee on Finance of the Senate and the Committee on Ways and Means
of the House of Representatives a report including the following
information:
(1) The results of a study on the effects of the changes
made to section 1106 of the Social Security Act by this Act,
and by any subsequent Acts.
(2) A summary of any investigations conducted under section
1106(i).
(3) Any convictions under section 1106(a).
(4) Any civil actions brought under section 1106(j),
including the results of such civil action.
(b) Interim Reports.--Not later than 1 month after the date of
enactment of this Act, and monthly thereafter until such time as the
report required under subsection (a) is submitted, the Comptroller of
the United States shall submit to the Committee on Ways and Means of
the House of Representatives and the Committee on Finance of the Senate
an interim report on the information required under subsection (a),
including the status of the study described in paragraph (1) of such
subsection.
SEC. 7. EFFECTIVE DATE.
The amendments made by sections 2, 3, and 4 of this Act shall apply
to violations of section 1106 of the Social Security Act occurring on
or after the date of enactment of this Act.
<all>