Sponsors (3)
The bill boosts agency oversight and HQ login security and gives employees clearer notice when telework is revoked, but does so by collecting and publishing detailed telework and personnel data that raise privacy risks, increase surveillance, and impose administrative costs that could reduce telework flexibility.
Federal agencies and HR offices will get a consistent, multi-year, standardized dataset on telework usage and telework revocations that improves oversight, policy decisions, and the ability to spot agency-wide performance or disciplinary trends.
Employees who lose telework privileges will receive written notice explaining the reasons and prior disciplinary steps, improving transparency and due process for affected workers.
Requiring PIV/CAC authentication for headquarters logins strengthens login security and reduces the risk of unauthorized access to agency systems at headquarters.
Collecting and retaining detailed telework, network metrics, and revocation records increases the risk that sensitive personnel and usage data will be breached, re-identified, or misused.
Teleworking employees may face increased surveillance and monitoring of their computer activity and work patterns, which can chill remote work and harm morale.
Agencies and managers will incur administrative and implementation costs to collect, store, analyze, and publish the required data and reports within short deadlines, creating burdens for agencies and costs for taxpayers.
Based on analysis of 3 sections of legislative text.
Requires agencies to record, retain, and publish aggregated teleworker and HQ login and network-traffic metrics, require PIV/CAC HQ logins, and formalize telework-revocation documentation.
Introduced January 7, 2025 by Joni Ernst · Last progress January 7, 2025
Requires executive branch agencies to collect, retain, and publish specified login and network-traffic metrics for employees who telework and for headquarters (HQ) users, and to adopt stronger login controls at HQ. It also tightens human capital reporting on telework management and requires managers who revoke an employee’s telework privileges for employee-specific reasons to document and submit detailed written justification to the human capital office and to the employee. Implements phased deadlines: some policies and manager-review rules within 180 days, detailed per-teleworker data retention and collection within one year (kept at least three years), and a 60-day deadline for creating the revocation-documentation policy. Agencies must publish aggregated, privacy-protected comparisons of teleworker and HQ login behavior in budget justification materials annually.