Congress·In Committee·S. 1208

Sen. Wyden Introduces Bill to Modernize Federal Privacy Rules and Increase Penalties for Data Misuse

Privacy Act Modernization Act of 2025

12 months ago·View on Congress.gov·Read full text

Legislative Progress

Senate

House

President

Law

Key Points

The bill updates the Privacy Act's definitions to cover modern digital data, including information linked to personal devices. It broadens what counts as a 'record' to include any personally identifiable information processed by an agency, and expands protections to anyone physically present in the United States.
Agencies would be required to collect only what is 'reasonably necessary' for their work and must cite the specific legal authority for each purpose records are used. When disclosing records, agencies must share the minimum amount of information needed.
From policy text
“take reasonable efforts to ensure that a record that is disclosed contains the minimum amount of information necessary to accomplish the purpose of the disclosure”
View in full text
The bill makes it easier to sue the government for data mishandling, allowing recovery for nonpecuniary damages (like emotional distress) and adding punitive damages. Minimum damages of $1,000 are guaranteed for successful claims.
From policy text
“actual damages, including nonpecuniary damages, sustained by the individual or person as a result of the refusal or failure, but in no case shall an individual or person entitled to recovery receive less than the sum of $1,000”
View in full text
Criminal penalties are significantly increased. Selling or maliciously using government records becomes a felony punishable by up to 10 years in prison and a $250,000 fine, up from a misdemeanor with a $5,000 fine.
From policy text
“A person who commits an offense described in the previous sentence with the intent to sell, transfer, use, or disclose a record described in that sentence for commercial advantage, personal gain, or malicious harm shall be guilty of a felony and fined not more than $250,000, imprisoned for not more than 10 years, or both.”
View in full text
While most provisions take effect two years after enactment, the law applies immediately to DOGE and its staff, including special government employees, temporary consultants, and Schedule C appointees. This means new government reform teams must follow updated privacy rules from day one.
From policy text
“The amendments made by sections 2 and 3 shall take effect on the date of enactment of this Act with respect to each of the following: (1) Any use of a record by, any disclosure of a record by or to, any maintenance of a system of records by or for, any control of a system of records by”
View in full text
Government contractors and other agencies sharing data are now explicitly covered under the same privacy rules as the agencies themselves, closing a loophole in the original 1974 law.
From policy text
“or other agreement, including with another agency, for the operation by or on behalf of the agency of a system of records”
View in full text

Technology DigitalCivil RightsCriminal Justice

Impact Analysis

Personal Impact

Who is affectedScoreImpactCertaintyScopeDurationSentiment

Scores: 1 = low, 5 = highSentiment: -5 to +5 (net benefit)

Milestones

2 milestones2 actions

Mar 31, 2025Senate

Read twice and referred to the Committee on Homeland Security and Governmental Affairs.

Mar 31, 2025

Introduced in Senate

Related News

4 articles

WIRED·12 months ago

Democratic Senators Call for Privacy Act Reform in Response to DOGE Takeover

Senators Ron Wyden, Ed Markey, Jeff Merkley, and Chris Van Hollen introduced the Privacy Act Modernization Act of 2025. The bill is a direct response to the 'Department of Government Efficiency' (DOGE) gaining access to systems containing sensitive personal data of millions of Americans.

CL=

AI, Data & Analytics Network·7 months ago

7 trends shaping data privacy in 2025

The Privacy Act Modernization Act of 2025 is highlighted as a key regulatory trend in the U.S. aimed at modernizing government data collection. The bill seeks to give individuals stronger legal rights and enforce strict data minimization rules for federal agencies and their contractors.

ASPI's Cyber and Tech Digest·12 months ago

Democratic senators call for Privacy Act reform in response to DOGE takeover

Lawmakers introduced the Privacy Act Modernization Act of 2025 to address the seizure of computer systems containing sensitive personal information. The bill increases civil and criminal penalties for Privacy Act violations and narrows 'routine use' exceptions that allow data sharing.