Sponsors (3)
The bill increases oversight to find and fix SSA security and privacy problems—improving protection of beneficiary data and transparency—at the cost of additional federal spending, potential short-term service disruptions, and possible reputational impacts from public findings.
Social Security beneficiaries and taxpayers: A GAO audit will identify and help fix security vulnerabilities in SSA systems, reducing the risk of identity theft, fraud, and improper benefit access.
Taxpayers and beneficiaries: The audit will assess compliance with federal privacy laws (e.g., Privacy Act, IRC 6103), prompting corrective actions that strengthen protection of personal data.
All Americans (taxpayers): GAO reporting and required congressional notification increase transparency and accountability over who has access to SSA systems and how access is controlled.
Seniors, beneficiaries, and people who rely on timely benefits: Rapid remediation (within 90 days) could require system changes that temporarily disrupt SSA services or delay benefit processing.
Taxpayers: Conducting a comprehensive GAO audit and implementing remediation will require agency staff time and resources, increasing federal costs.
Federal employees, contractors, and volunteers with identified access issues: Public audit findings could expose individuals or programs to reputational harm before final legal determinations are made.
Based on analysis of 2 sections of legislative text.
Directs GAO to audit SSA systems accessed by the U.S. DOGE Service and affiliates for vulnerabilities and privacy-law violations, and requires SSA to remediate issues and report status.
Directs the Government Accountability Office to start, within 60 days of enactment, a comprehensive audit of Social Security Administration computer systems and networks that were accessed by the U.S. DOGE Service, the U.S. DOGE Service Temporary Organization, their employees or volunteers, or related agency DOGE teams. The GAO must identify security vulnerabilities or software bugs introduced or modified by those actors and determine whether federal privacy and security laws were violated, then report findings and recommendations within one year. The SSA Commissioner must remediate identified vulnerabilities within 90 days of receiving the GAO report and submit a status report to Congress and GAO.
Introduced June 4, 2025 by Sheldon Whitehouse · Last progress June 4, 2025