[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[S. 5109 Reported in Senate (RS)]
<DOC>
Calendar No. 744
118th CONGRESS
2d Session
S. 5109
[Report No. 118-324]
To amend section 3520A of title 44, United States Code, to extend the
Chief Data Officer Council's sunset and add new authorities for
improving Federal agency data governance, including to enable reliable
and secure adoption of emerging technologies and artificial
intelligence, and for other purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
September 19, 2024
Mr. Peters (for himself and Mr. Young) introduced the following bill;
which was read twice and referred to the Committee on Homeland Security
and Governmental Affairs
December 19 (legislative day, December 16), 2024
Reported by Mr. Peters, with an amendment
[Strike out all after the enacting clause and insert the part printed
in italic]
_______________________________________________________________________
A BILL
To amend section 3520A of title 44, United States Code, to extend the
Chief Data Officer Council's sunset and add new authorities for
improving Federal agency data governance, including to enable reliable
and secure adoption of emerging technologies and artificial
intelligence, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
<DELETED>SECTION 1. SHORT TITLE.</DELETED>
<DELETED> This Act may be cited as the ``Modernizing Data Practices
to Improve Government Act''.</DELETED>
<DELETED>SEC. 2. AMENDMENTS.</DELETED>
<DELETED> (a) In General.--Section 3520A of title 44, United States
Code, is amended--</DELETED>
<DELETED> (1) by striking subsections (d) and (e);</DELETED>
<DELETED> (2) by redesignating subsections (a) through (c)
as subsections (b) through (d), respectively;</DELETED>
<DELETED> (3) by inserting before subsection (b), as so
redesignated, the following:</DELETED>
<DELETED> ``(a) Definitions.--In this section:</DELETED>
<DELETED> ``(1) Artificial intelligence.--The term
`artificial intelligence'--</DELETED>
<DELETED> ``(A) has the meaning given that term in
section 5002 of the National Artificial Intelligence
Initiative Act of 2020 (15 U.S.C. 9401); and</DELETED>
<DELETED> ``(B) includes the artificial systems and
techniques described in paragraphs (1) through (5) of
section 238(g) of the John S. McCain National Defense
Authorization Act for Fiscal Year 2019 (Public Law 115-
232; 10 U.S.C. 4061 note prec.).</DELETED>
<DELETED> ``(2) Data governance.--The term `data
governance'--</DELETED>
<DELETED> ``(A) means the approach of an agency to
managing data during the lifecycle of the data, from
acquisition, to use, to disposal; and</DELETED>
<DELETED> ``(B) includes--</DELETED>
<DELETED> ``(i) all actions an agency must
take and the technology and processes an agency
must use to ensure data is secure, private,
accurate, available, and usable; and</DELETED>
<DELETED> ``(ii) authorities, roles,
responsibilities, organizational structures,
policies, procedures, standards, and resources
for the definition, stewardship, production,
security provenance, and use of data.</DELETED>
<DELETED> ``(3) Use case.--The term `use case' means a
description of the ways and circumstances in which a technology
is deployed to perform a specific function.'';</DELETED>
<DELETED> (4) in subsection (c), as so redesignated--
</DELETED>
<DELETED> (A) by redesignating paragraph (5) as
paragraph (6);</DELETED>
<DELETED> (B) in paragraph (4), by striking the
``and'' at the end; and</DELETED>
<DELETED> (C) by inserting after paragraph (4) the
following:</DELETED>
<DELETED> ``(5) identify opportunities and procedures to
improve data governance to--</DELETED>
<DELETED> ``(A) ensure the data of agencies are
transparent, accessible, and of sufficient quality for
the intended use of the data; and</DELETED>
<DELETED> ``(B) support agency heads and their
efforts to reliably and securely leverage emerging
technologies and artificial intelligence, to ensure
mission outcomes and improve operational efficiency
across agencies; and'';</DELETED>
<DELETED> (5) in subsection (d)(3), as so redesignated--
</DELETED>
<DELETED> (A) by striking ``The Administrator'' and
inserting the following:</DELETED>
<DELETED> ``(A) Administrator of the office of
electronic government.--The Administrator'';
and</DELETED>
<DELETED> (B) by inserting after subparagraph (A),
as so designated, the following:</DELETED>
<DELETED> ``(B) Appointed members.--The Director
shall appoint a representative from among Chief
Artificial Intelligence Officers to serve on the
Council.''; and</DELETED>
<DELETED> (6) by adding at the end the following:</DELETED>
<DELETED> ``(e) Data Governance Reports.--The Council shall submit
to the Director, the Committee on Homeland Security and Governmental
Affairs of the Senate, and the Committee on Oversight and
Accountability of the House of Representatives--</DELETED>
<DELETED> ``(1) a biennial report on the work of the
Council, including any updates to the recommendations provided
in the report required under paragraph (2) of this
subsection;</DELETED>
<DELETED> ``(2) not later than 1 year after the date of
enactment of this subsection, a report with recommendations and
best practices for agencies on developing datasets, data
governance policies, and infrastructure to enable adoption and
use of emerging technologies and artificial intelligence,
including for use in training, testing, and operation of
artificial intelligence within agencies that includes--
</DELETED>
<DELETED> ``(A) an assessment of key data governance
and sharing challenges preventing adoption of emerging
technologies and artificial intelligence across
agencies;</DELETED>
<DELETED> ``(B) an assessment of ways to strengthen
and clarify roles and responsibilities related to data
governance between senior agency leaders, including the
Chief Information Officer, the Chief Information
Security Officer, the Chief Financial Officer, the
Chief Privacy Officer, the Chief Artificial
Intelligence Officer, and the Chief Acquisition
Officer;</DELETED>
<DELETED> ``(C) recommendations for data governance
best practices, including--</DELETED>
<DELETED> ``(i) best practices to ensure
data used for testing, training, and operation
of artificial intelligence is reliable,
relevant to the task, representative of the
impacted individuals of the artificial
intelligence system, transparent, high quality,
and protects the privacy and personally
identifiable information of individuals;
and</DELETED>
<DELETED> ``(ii) defining key data
standards, including data quality;</DELETED>
<DELETED> ``(D) a prioritization of agency
artificial intelligence use cases that address a
critical need across the Federal Government, for which
new or shared datasets are needed to support
adoption;</DELETED>
<DELETED> ``(E) identification of existing data
available to 1 or more agencies that would benefit
other such agencies if the data were shared or made
available;</DELETED>
<DELETED> ``(F) recommendations for ways to address
increases in risks, including through training of
relevant agency employees, associated with--</DELETED>
<DELETED> ``(i) the potential for misuse of,
mismanagement of, and unauthorized access to
data and personally identifiable information of
individuals when an agency leverages data for
use in artificial intelligence, including
identification of software or hardware
solutions, technical processes, techniques, or
other technological means of mitigating privacy
risks arising from data processing;
or</DELETED>
<DELETED> ``(ii) increasing access to the
data of the agency for the purposes of
supporting a cross-Government
mission;</DELETED>
<DELETED> ``(G) recommendations for data ownership
and retention policies and procedures, including
policies and procedures to ensure that agency contracts
to procure artificial intelligence include any
necessary clauses to ensure that the Federal
Government--</DELETED>
<DELETED> ``(i) retains sufficient rights to
data, and any modifications to that
data;</DELETED>
<DELETED> ``(ii) avoids vendor lock-in and
retains the ability to facilitate or conduct
the continued design, development, testing, and
operation of artificial intelligence by the
Federal Government; and</DELETED>
<DELETED> ``(iii) can conduct pre-
procurement reviews of artificial intelligence
to assess potential error issues;</DELETED>
<DELETED> ``(H) criteria agencies should consider
when using data to train artificial intelligence used
by agencies, including recommendations for--</DELETED>
<DELETED> ``(i) ways to increase
transparency of training data for the public
and for agency employees using the relevant
artificial intelligence system
software;</DELETED>
<DELETED> ``(ii) processes and procedures to
analyze and test training data for potential
risks;</DELETED>
<DELETED> ``(iii) criteria for determining
how to preserve the interests of the Federal
Government; and</DELETED>
<DELETED> ``(iv) performance evaluation
metrics to ensure that an artificial
intelligence system performs as
intended;</DELETED>
<DELETED> ``(I) recommendations for ways to expand
public access to Federal data assets in a machine-
readable format while also taking into account security
considerations, including the risk that, while
information in an individual data asset may not pose a
security risk in isolation, such information could pose
a security risk when combined with other data
assets;</DELETED>
<DELETED> ``(J) recommendations for defining,
generating, using, and ensuring the privacy and
security of synthetic data in the Federal Government,
including--</DELETED>
<DELETED> ``(i) a formalized definition of
synthetic data generation for government use,
including specifying definitions for data which
is fully or partially synthetic;</DELETED>
<DELETED> ``(ii) guidance for agencies on
best practices around synthetic data generation
and use, including tools or techniques agencies
should take to--</DELETED>
<DELETED> ``(I) mitigate privacy and
security risks;</DELETED>
<DELETED> ``(II) ensure agencies
practice appropriate processes to
ensure the accuracy and quality of
synthetic data and the appropriateness
for the intended use of the synthetic
data by the agency;</DELETED>
<DELETED> ``(III) adopt the
appropriate techniques to validate
synthetic data, including data
profiling, data consistency, data
integrity, and data documentation;
and</DELETED>
<DELETED> ``(IV) communicate
opportunities, risks, and limitations
of synthetic data internally to
agencies and externally to the
public;</DELETED>
<DELETED> ``(iii) opportunities across the
Federal Government and within specific agencies
for embracing or avoiding the use of synthetic
data; and</DELETED>
<DELETED> ``(iv) opportunities for the
Federal Government to partner with public and
private sector entities in the development and
sharing of data, including synthetic data, to
help in the adoption of emerging technologies
and artificial intelligence; and</DELETED>
<DELETED> ``(K) for subparagraphs (A) through (J),
an indication of how agencies can incorporate the
respective recommendations and best practices into
existing agency processes and statutory
requirements.</DELETED>
<DELETED> ``(f) Data Governance Guidance.--The Director, upon
receipt of a report required under subsection (e), may issue guidance
to agencies with respect to the implementation of the recommendations
of the report.</DELETED>
<DELETED> ``(g) Data Management Report.--Not later than 270 days
after the date of enactment of this subsection, the Director, in
consultation with the Council, shall submit to Congress an annual
report with recommendations to clarify and enhance the roles of the
Chief Data Officers across the Federal Government relating to data
governance for artificial intelligence, including--</DELETED>
<DELETED> ``(1) an inventory of all Chief Data Officers of
agencies, including, with respect to each agency--</DELETED>
<DELETED> ``(A) any additional roles or titles the
Chief Data Officer holds at the agency;</DELETED>
<DELETED> ``(B) the organizational structure of the
agency, including any official to whom the Chief Data
Officer reports to within the agency; and</DELETED>
<DELETED> ``(C) the respective roles,
responsibilities, and statutory authorities relating to
data and artificial intelligence of the Chief Data
Officer at the agency;</DELETED>
<DELETED> ``(2) an identification of skills and resources
needed by Chief Data Officers and their staffs to support
artificial intelligence system adoption at agencies;
and</DELETED>
<DELETED> ``(3) recommendations for suggested collaboration
opportunities between the Council and other interagency
councils to improve data governance best practices across
government, including--</DELETED>
<DELETED> ``(A) the Chief Financial Officers
Council;</DELETED>
<DELETED> ``(B) the Chief Human Capital Officers
Council;</DELETED>
<DELETED> ``(C) the Chief Acquisition Officers
Council;</DELETED>
<DELETED> ``(D) the Federal Privacy
Council;</DELETED>
<DELETED> ``(E) the Chief Information Officers
Council; and</DELETED>
<DELETED> ``(F) other key groups of the Federal
Government.</DELETED>
<DELETED> ``(h) Evaluation.--Not later than 2 years after the date
of enactment of this subsection, and not less frequently than once
every 2 years thereafter, the Comptroller General shall submit to
Congress a report on--</DELETED>
<DELETED> ``(1) whether the duties of the Council improved
the use of evidence and program evaluation in the Federal
Government; and</DELETED>
<DELETED> ``(2) any barriers or challenges preventing the
Council from accomplishing the objectives under this section or
the amendments made by the Modernizing Data Practices to
Improve Government Act.''.</DELETED>
<DELETED> (b) Sunset.--Beginning on the date that is 7 years after
the date of enactment of this Act, the amendments made by this Act
shall have no force or effect.</DELETED>
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Modernizing Data Practices to
Improve Government Act''.
SEC. 2. AMENDMENTS.
Section 3520A of title 44, United States Code, is amended--
(1) by striking subsections (d) and (e);
(2) by redesignating subsections (a) through (c) as
subsections (b) through (d), respectively;
(3) by inserting before subsection (b), as so redesignated,
the following:
``(a) Definitions.--In this section:
``(1) Artificial intelligence.--The term `artificial
intelligence'--
``(A) has the meaning given that term in section
5002 of the National Artificial Intelligence Initiative
Act of 2020 (15 U.S.C. 9401); and
``(B) includes the artificial systems and
techniques described in paragraphs (1) through (5) of
section 238(g) of the John S. McCain National Defense
Authorization Act for Fiscal Year 2019 (Public Law 115-
232; 10 U.S.C. 4061 note prec.).
``(2) Data governance.--The term `data governance'--
``(A) means the approach of an agency to managing
data during the lifecycle of the data; and
``(B) includes--
``(i) agency responsibilities and
requirements to ensure data is secure, private,
accurate, available, and usable; and
``(ii) authorities, roles,
responsibilities, organizational structures,
policies, procedures, standards, and resources
for the definition, stewardship, production,
security provenance, dissemination, and use of
data.'';
(4) in subsection (c), as so redesignated--
(A) by redesignating paragraph (5) as paragraph
(6);
(B) in paragraph (4), by striking the ``and'' at
the end; and
(C) by inserting after paragraph (4) the following:
``(5) identify opportunities and procedures to improve data
governance to--
``(A) ensure that publicly available data of
agencies are transparent, accessible, and of sufficient
quality for the intended use of the data; and
``(B) support agency heads and their efforts to
reliably and securely leverage emerging technologies
and artificial intelligence, including to ensure
mission outcomes and improve operational efficiency
across agencies; and'';
(5) in subsection (d)(4), as so redesignated, by striking
``and Evaluation Officers'' through ``member of the Council''
and inserting ``, a representative from all Chief Artificial
Intelligence Officers, and a representative for all Chief
Privacy Officers, and such representatives shall serve as non-
voting ex officio members of the Council''; and
(6) by adding at the end the following:
``(e) Council Staff.--The Council may enter into an interagency
agreement with the Administrator of General Services for shared
services for the purpose of staffing the Council.
``(f) Data Governance Reports.--The Council shall submit to the
Director, the Committee on Homeland Security and Governmental Affairs
of the Senate, and the Committee on Oversight and Accountability of the
House of Representatives--
``(1) a biennial report on the work of the Council,
including any updates to the recommendations provided in the
report required under paragraph (2) of this subsection and an
explanation of the work to ensure progress on each of the
objectives in subsection (c);
``(2) not later than 1 year after the date of enactment of
this subsection, a report with recommendations and best
practices for agencies (taking into account that the
recommendations may not apply to all agencies or to all
agencies equally, based on the unique missions and capabilities
of each agency) for developing datasets, data governance
policies, and infrastructure, including to enable adoption and
use of emerging technologies and artificial intelligence, such
as for use in training, testing, and operation of artificial
intelligence within agencies, which shall include--
``(A) an assessment of key data governance and
sharing challenges, including those that prevent
adoption of emerging technologies and artificial
intelligence across agencies;
``(B) an assessment, as applicable, of ways to
strengthen and clarify the roles and responsibilities
relating to data governance of agency officials, in
addition to the Chief Data Officer;
``(C) recommendations for data governance best
practices, including--
``(i) best practices to ensure data used is
reliable, fit for purpose, transparent, high
quality, protects privacy and personally
identifiable information, and protects
confidentiality of individuals and other
sensitive information, including data used for
testing, training, and operation of artificial
intelligence; and
``(ii) defining key data standards,
including data quality;
``(D) a prioritization of existing and future
agency artificial intelligence use cases that address a
critical need across the Federal Government, for which
new or shared datasets are needed to support adoption;
``(E) identification of existing data available to
1 or more agencies that would benefit other such
agencies if the data were shared or made available;
``(F) recommendations for ways Chief Data Officers
should work with relevant agency officials to assist in
addressing increases in risks associated with--
``(i) the potential for misuse of,
mismanagement of, and unauthorized access to
data and personally identifiable information of
individuals when an agency leverages data for
use in artificial intelligence, including
identification of software or hardware
solutions, technical processes, techniques, or
other technological means of mitigating privacy
risks arising from data processing; and
``(ii) increasing access to the data of the
agency for the purposes of supporting a cross-
Government mission;
``(G) recommendations for data ownership and
retention policies and procedures, including how Chief
Data Officers can support Chief Procurement Officers
and relevant officials in ensuring that agency
contracts to procure emerging technology or artificial
intelligence include any necessary clauses to ensure
that the Federal Government--
``(i) retains sufficient rights to data,
and any modifications to that data;
``(ii) avoids vendor lock-in and retains
the ability to facilitate or conduct the
continued design, development, testing, and
operation of data by the Federal Government;
``(iii) can conduct pre-procurement reviews
of artificial intelligence to assess potential
error issues; and
``(iv) maximizes the use of and access to
open data, open source software, and public
access research to improve transparency,
knowledge sharing, and interoperability;
``(H) criteria agencies should consider when using
data to train artificial intelligence used by agencies,
including recommendations for--
``(i) ways to increase transparency of
training data for the public and for agency
employees using the relevant artificial
intelligence system software; and
``(ii) processes and procedures to analyze
and test training data for potential risks;
``(I) recommendations for ways to expand public
access to Federal data assets in a machine-readable
format while also taking into account the criteria
listed under section 3511(a)(2)(E);
``(J) recommendations for defining, generating,
using, and ensuring the privacy and security of
synthetic data in the Federal Government, including--
``(i) a formalized definition of synthetic
data generation for government use, including
specifying definitions for data which is fully
or partially synthetic;
``(ii) best practices relating to synthetic
data generation and use, including tools or
techniques agencies should take to--
``(I) mitigate privacy and security
risks;
``(II) ensure the accuracy and
quality of synthetic data and the
appropriateness for the intended use of
the synthetic data by the agency;
``(III) adopt the appropriate
techniques to validate synthetic data,
including data profiling, data
consistency, data integrity, and data
documentation; and
``(IV) communicate opportunities,
risks, and limitations of synthetic
data internally to relevant Federal
employees and externally to the public;
``(iii) opportunities across the Federal
Government and within specific agencies for
using synthetic data;
``(iv) circumstances when agencies should
not use synthetic data; and
``(v) opportunities for the Federal
Government to partner with public and private
sector entities in the development and sharing
of data, including synthetic data, including to
help in the adoption of emerging technologies
and artificial intelligence, while also taking
into account the criteria under section
3511(a)(2)(E); and
``(K) for subparagraphs (A) through (J), an
indication of how agencies can incorporate the
respective recommendations and best practices into
existing agency processes and statutory requirements.
``(g) Data Governance Guidance.--The Director, upon receipt of a
report required under subsection (f), may issue guidance to agencies
with respect to the implementation of the recommendations of the
report.
``(h) Data Management Report.--Not later than 270 days after the
date of enactment of this subsection, the Director, in consultation
with the Council, shall--
``(1) submit to Congress and make available on a public
website a report with recommendations to clarify and enhance
the roles of the Chief Data Officers across the Federal
Government relating to data governance, including for
artificial intelligence and including recommendations for
suggested collaboration opportunities between the Council,
other interagency councils, and additional Federal Government
entities the Council determines relevant; and
``(2) make available on a public website, not less
frequently than annually--
``(A) a list of all Chief Data Officers of
agencies, including, with respect to each Chief Data
Officer--
``(i) any additional roles or titles the
Chief Data Officer holds at the agency; and
``(ii) the respective roles,
responsibilities, and statutory authorities of
the Chief Data Officer at the agency relating
to data and artificial intelligence; and
``(B) an identification of skills and resources
needed by Chief Data Officers and their staffs,
including to support artificial intelligence system
adoption at agencies.
``(i) Evaluation.--Not later than 2 years after the date of
enactment of this subsection, and not less frequently than once every 2
years thereafter, the Comptroller General shall submit to Congress a
report on--
``(1) whether the duties of the Council improved the use of
evidence and data in the Federal Government; and
``(2) any barriers or challenges preventing the Council
from accomplishing the objectives under this section or the
amendments made by the Modernizing Data Practices to Improve
Government Act.
``(j) Rule of Construction.--Nothing in this section shall be
construed to require an agency to implement any recommendation
developed pursuant to subsection (f) or (h).
``(k) Sunset.--Beginning on the date that is 7 years after the date
of enactment of this subsection, this section shall have no force or
effect.''.
SEC. 3. NO ADDITIONAL FUNDS.
No additional funds are authorized to be appropriated for the
purpose of carrying out this Act.
Calendar No. 744
118th CONGRESS
2d Session
S. 5109
[Report No. 118-324]
_______________________________________________________________________
A BILL
To amend section 3520A of title 44, United States Code, to extend the
Chief Data Officer Council's sunset and add new authorities for
improving Federal agency data governance, including to enable reliable
and secure adoption of emerging technologies and artificial
intelligence, and for other purposes.
_______________________________________________________________________
December 19 (legislative day, December 16), 2024
Reported with an amendment