Congress·In Progress·H.R. 1101

Congress targets tighter access to Treasury payment systems and requires quick reports on unauthorized entry

Taxpayer Data Protection Act

about 1 year ago·View on Congress.gov

⏸

Stalled

No legislative action in over 90 days.

Legislative Progress

House

Senate

President

Law

Key Points

Limits who can access or control Treasury payment and receipt systems, including the government’s main system for sending payments.
From policy text
“The Secretary may not allow any individual to use, exercise administrative control over, or otherwise access any Department of the Treasury public money receipt or payment system (including any payment system of the Bureau of the Fiscal Service (or any successor thereof)), or any data from any such system, unless--”
View in full text
Generally allows access only for Treasury staff or contractors who are eligible, rated fully successful or better, and have at least 1 year on the job or contract.
From policy text
“``(i) who is otherwise eligible to access such system or data; ``(ii) whose most recent performance rating was at the fully successful level or higher (or the equivalent thereof); and ``(iii) who, as of the date of such access, with respect to such an officer or employee has occupied a position in the civil service (as that term is defined in section 2101 of title 5), or with respect to such a contractor has been performing under a contract with the Department, for a period of at least one year”
View in full text
For others, requires the right security clearance, at least 1 year of civil service, privacy and cybersecurity training, and a signed ethics agreement.
From policy text
“``(iv) such individual's current continuous service in the civil service (as that term is defined in section 2101 of title 5) as of the date of such access is for a period of at least 1 year; ``(v) such individual has completed any required training or compliance procedures with respect to privacy laws and cybersecurity and national security regulations and best practices; and ``(vi) has signed a written ethics agreement with either the Department of the Treasury or the Office of Government Ethics.”
View in full text
Treats non-government people who get access like government employees for conflict-of-interest rules, aiming to prevent self-dealing.
From policy text
“Any individual who accesses any system or data described in paragraph (1) who is not otherwise an officer or employee of the executive branch of the United States Government shall be treated as an employee of the executive branch of the United States Government for purposes of section 208 of title 18.”
View in full text
Requires the Treasury Inspector General to investigate each unauthorized access and report to Congress within 30 days, including any payments that were stopped.
From policy text
“The Inspector General of the Department of the Treasury shall investigate, and submit a report to Congress on such investigation, each instance of unauthorized use or other access of any payment system described in paragraph (1). Any such report shall be submitted not later than 30 days after any such instance and shall include-- ``(A) a detailed description of the unauthorized use or access, including any actions the individual carried out;”
View in full text

Data PrivacyCybersecurityConsumer ProtectionEconomy

Impact Analysis

Personal Impact

How this policy affects specific groups of people

Mixed Impacts(1)

Federal Employee

Neutral

Positive Impacts(2)

Social Security

Helps

Veterans Benefits

Helps

Milestones

2 milestones4 actions

Feb 11, 2025

Sponsor introductory remarks on measure. (CR H625-626)

Feb 6, 2025House

Referred to the Committee on Financial Services, and in addition to the Committee on Ways and Means, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.

Feb 6, 2025

Introduced in House

Feb 6, 2025

Sponsor introductory remarks on measure. (CR H536)

What Happens Next

Projected impacts based on AI analysis

Soon after the bill becomes law

Treasury tightens who can access or control its public money payment and receipt systems

Fewer people should be able to view or change sensitive payment data, which can reduce misuse but may slow staffing for sensitive system work

During initial rollout after the bill becomes law

Treasury begins enforcing the “1 year” and performance-rating requirements for eligible Treasury staff/contractors

Newer workers may be blocked from sensitive access until they meet the time-in-role rule, potentially changing team assignments and response times

Beginning once the new reporting rule is in effect

Treasury Inspector General starts (or continues) investigating each unauthorized access and sending reports to Congress within 30 days

If a breach or improper access happens, there is a built-in clock for accountability and a written record of any stopped payments

Related News

8 articles

U.S. Congressman Sean Casten·12 months ago

Casten, Stevens File Discharge Petition to End Musk’s Access to Taxpayer Data

Announces a discharge petition to force House consideration of the Taxpayer Data Protection Act; summarizes the bill’s access limits, ethics/training/clearance requirements, and notice/reporting goals.

U.S. Congressman Sean Casten·about 1 year ago

Casten, Stevens Lead Landmark House Democrats’ Bill to Protect Taxpayer Data From Elon Musk

Press release introducing the Taxpayer Data Protection Act; describes restricting access to Treasury payment systems and applying ethics/conflict rules plus security and training requirements.

Congresswoman Haley Stevens·about 1 year ago

Rep. Haley Stevens, a Former Treasury Official, Leads Bill to Keep Elon Musk Away from Treasury’s Payment System and Americans’ Most Sensitive Personal Information

Press release emphasizing the bill’s restrictions on who can access Treasury payment systems and taxpayer data, framing it as preventing unauthorized access and conflicts of interest.