[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[S. 1943 Introduced in Senate (IS)]

<DOC>






119th CONGRESS
  1st Session
                                S. 1943

 To require performance and security audits of the computer systems of 
      the Social Security Administration, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                              June 4, 2025

Mr. Whitehouse (for himself, Mr. Wyden, and Ms. Warren) introduced the 
 following bill; which was read twice and referred to the Committee on 
                                Finance

_______________________________________________________________________

                                 A BILL


 
 To require performance and security audits of the computer systems of 
      the Social Security Administration, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Protecting Seniors' Data Act of 
2025''.

SEC. 2. COMPTROLLER GENERAL STUDY.

    (a) In General.--Not later than 60 days after the date of enactment 
of this Act, the Comptroller General of the United States shall 
commence a comprehensive audit of the Social Security Administration 
computer systems and networks accessed by the United States DOGE 
Service, the U.S. DOGE Service Temporary Organization, or any employees 
or volunteers affiliated with those agencies, or, if applicable, 
associated agency DOGE teams, to identify security vulnerabilities or 
bugs in software installed, created, or modified by such individuals or 
entities, and whether such individuals or entities violated Federal 
privacy laws, including section 552a of title 5, United States Code 
(commonly referred to as the ``Privacy Act of 1974''), section 6103 of 
the Internal Revenue Code, subchapter II of chapter 35 of title 44, 
United States Code (commonly referred to as the ``Federal Information 
Security Management Act''), or section 1106 of the Social Security Act 
(42 U.S.C. 1306).
    (b) Audit Report.--Not later than 1 year after the date of 
enactment of this Act, the Comptroller General shall submit to the 
Committee on Finance of the Senate, the Committee on Ways and Means of 
the House of Representatives, and the Commissioner of the Social 
Security Administration a report or reports describing the results of 
the comprehensive systems audits performed under subsection (a), 
including recommendations for legislation and administrative action as 
the Comptroller General determines appropriate.
    (c) Agency Action.--Not later than 90 days after receipt of an 
audit report by the Commissioner of the Social Security Administration 
under subsection (b), the Commissioner shall--
            (1) fix any vulnerabilities or bugs identified in the 
        report; and
            (2) submit to the Committee on Finance of the Senate and 
        the Committee on Ways and Means of the House of Representatives 
        a report on the status of those vulnerabilities or bugs.
                                 <all>