Privacy Act Modernization Act of 2025

Key Points

• The bill updates the Privacy Act's definitions to cover modern digital data, including information linked to personal devices. It broadens what counts as a 'record' to include any personally identifiable information processed by an agency, and expands protections to anyone physically present in the United States.
• Agencies would be required to collect only what is 'reasonably necessary' for their work and must cite the specific legal authority for each purpose records are used. When disclosing records, agencies must share the minimum amount of information needed.
• The bill makes it easier to sue the government for data mishandling, allowing recovery for nonpecuniary damages (like emotional distress) and adding punitive damages. Minimum damages of $1,000 are guaranteed for successful claims.
• Criminal penalties are significantly increased. Selling or maliciously using government records becomes a felony punishable by up to 10 years in prison and a $250,000 fine, up from a misdemeanor with a $5,000 fine.
• While most provisions take effect two years after enactment, the law applies immediately to DOGE and its staff, including special government employees, temporary consultants, and Schedule C appointees. This means new government reform teams must follow updated privacy rules from day one.
• Government contractors and other agencies sharing data are now explicitly covered under the same privacy rules as the agencies themselves, closing a loophole in the original 1974 law.

Votes

No votes have been recorded for this legislation yet.

Related Bills

No related bills have been identified yet.