S.2144 creates a protective regime that shields “covered information” about Members of Congress, congressional staff, former Members, and their immediate family members from public posting and commercial resale. The bill defines covered information to include home addresses, personal contact details, financial identifiers, vehicle identifiers, non‑anonymized geolocation, and certain information about children and school schedules.
It directs government agencies and most private websites and data brokers to remove or refrain from transferring that information after an at‑risk individual requests protection.
The law matters because it combines criminal‑adjacent civil prohibitions on data brokers with affirmative notice-and-removal duties for government agencies and commercial actors, plus a streamlined delegation pathway through congressional legislative officers. Compliance, enforcement, and the carve-outs for press reporting and FEC/filing data create practical tensions for platforms, publishers, and agencies responsible for removal and data governance policies.
At a Glance
What It Does
The bill defines a broad universe of “covered information” about Members, staff, former Members, and immediate family and requires government agencies and most private actors to mark, remove, or refrain from transferring that data on request. It also makes it unlawful for data brokers to knowingly sell or license covered information of at‑risk individuals.
Who It Affects
Applies to executive, legislative, and judicial branch agencies holding searchable public records; commercial data brokers; websites and online platforms that publish personal data; and the Sergeants at Arms/secretarial offices in Congress, which are charged with coordinating requests and providing lists.
Why It Matters
This bill changes the default for a politically exposed class of individuals from transparent public data to a protected status, imposing cross‑sector takedown and non‑transfer obligations and exposing noncompliant actors to civil litigation—shifting operational, compliance, and editorial calculations for publishers, platforms, and data brokers.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
S.2144 establishes a legal mechanism for Members of Congress, designated congressional employees, former Members, and their immediate family and household members to prevent certain personal information from being publicly displayed or sold. The statute lists concrete categories—residential addresses, personal phone numbers and email addresses, financial account numbers, driver’s license and Social Security numbers, vehicle identifiers, precise (non‑anonymized) geolocation, and details about a child’s school or routine—that qualify as “covered information.” The aim is operational protection: once an at‑risk individual provides written notice, the covered information should stop appearing in public‑facing government records and commercial websites and should not be traded by data brokers.
For government agencies, the bill requires agencies to accept written notices that mark covered information as private and to remove that information from publicly posted content within 72 hours of receiving a request. The bill preserves narrow exceptions: agencies may still disclose records on the basis of a court order, a signed release, or to entities governed by the Gramm‑Leach‑Bliley privacy regime or a confidentiality agreement.
The legislative branches get a coordinating role: the Sergeant at Arms/secretarial offices can file requests on behalf of Members and provide consolidated lists to external entities, and a provided list counts as satisfying individual notice requirements.On the private side, the bill draws a hard line at data brokers and most commercial publishers: it makes it unlawful for a data broker to knowingly sell, license, trade for consideration, or purchase covered information about an at‑risk individual. Other persons or businesses that publish covered information must remove it within 72 hours after receiving a written request from the at‑risk individual (or a delegate) and must not transfer that information thereafter, subject to carve‑outs for news reporting, information voluntarily published by the at‑risk individual after enactment, or lawful federal sources.
Finally, the bill provides a private right of action: an at‑risk individual whose covered information is publicly disclosed in violation of the statute can sue for injunctive or declaratory relief.
The Five Things You Need to Know
The bill requires government agencies to remove covered information from publicly available content within 72 hours of receiving a written request from an at‑risk individual.
S.2144 makes it unlawful for a data broker to knowingly sell, license, trade, or purchase covered information of an at‑risk individual.
Covered information explicitly includes precise, non‑anonymized geolocation data and identifiers tied to children under 18 or their schools and routes.
The Sergeants at Arms and the House administrative officers can submit consolidated lists of protected individuals to agencies and third parties; a provided list is deemed to satisfy individual notice requirements.
An at‑risk individual may sue for injunctive or declaratory relief if their covered information is publicly disclosed in violation of the statute; the bill does not create criminal penalties or statutory damages.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Who is protected and what counts as covered information
This subsection casts a wide protective net: it defines at‑risk individuals to include current Members, designated congressional employees, former Members, and immediate family or other household members. It then lists specific categories of protected data—from home addresses and personal contact details to financial identifiers, vehicle identifiers, and precise geolocation—so compliance is a matter of matching data fields to statutory categories rather than relying on open‑ended standards. The definition also narrows some exclusions: filings required by the Federal Election Commission or candidate‑qualification paperwork are not treated as covered information.
Notice-and‑72‑hour takedown for public government content
Agencies must accept written notices from at‑risk individuals (or their designees) and mark the related covered information as private. Once an agency receives a valid request, it has 72 hours to remove covered information from publicly posted content. The clause includes three core exceptions: disclosures pursuant to a signed release or court order, disclosures to entities subject to Gramm‑Leach‑Bliley privacy obligations, and disclosures made under a confidentiality agreement. Practically, agencies will need intake workflows, redaction tools, and an audit trail showing compliance within the 72‑hour window.
Delegation to agents and consolidated lists via legislative officers
The bill allows at‑risk individuals to act through agents and authorizes the applicable legislative officers—the Senate Sergeant at Arms and Secretary of the Senate jointly, and the House Sergeant at Arms and Chief Administrative Officer jointly—to submit requests on behalf of Members or designated employees. Critically, those offices may instead issue a consolidated list of protected individuals to agencies, data brokers, or businesses; a provided list is deemed to fulfill individualized notice requirements. That design aims to reduce administrative friction for many Members but centralizes responsibility in legislative administrative offices and creates a single‑point distribution that external entities must honor.
Ban on selling covered information and private takedown/anti‑transfer duties
The statute makes it unlawful for entities that meet the bill’s definition of a data broker to knowingly sell, license, trade for consideration, or purchase covered information about an at‑risk individual. Non‑broker persons or businesses that publish covered information must remove it from internet display within 72 hours after a written request and must not transfer the information thereafter. The section enumerates carve‑outs for bona fide news reporting, information the at‑risk individual publishes voluntarily after enactment, and covered information lawfully obtained from federal sources. Firms will need to determine whether they qualify as a data broker and to build intake, blocking, and non‑transfer processes with these exceptions in mind.
Private right of action for injunctive and declaratory relief
An at‑risk individual may file suit seeking injunctive or declaratory relief if their covered information is made public in violation of the statute. The bill does not create a federal damages remedy, criminal penalties, or a specified administrative enforcement mechanism; enforcement rests primarily on litigation initiated by the protected individuals. That structure makes injunctive relief and speed of court response central to the statute’s effectiveness.
Press, public‑interest reporting, and government sharing carve‑outs
The bill explicitly preserves the ability of the press to investigate and report on alleged unlawful activity or matters of public concern and preserves disclosures required under federal law. It also allows information sharing by data brokers to government authorities. These rules of construction operate as built‑in limits on takedown claims and will be focal points when courts assess the statute against First Amendment challenges or when firms evaluate whether a particular piece of content falls within a news or public‑interest exception.
Preserves remaining protections if a provision is struck down
A standard severability clause states that if any part of the section is found unconstitutional, the other provisions remain in force. For implementers and litigants, this clause signals Congressional intent for the law to operate even if courts trim particular definitions or exceptions.
This bill is one of many.
Codify tracks hundreds of bills on Privacy across all five countries.
Explore Privacy in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Members of Congress and designated congressional staff — obtain statutory control to mark home addresses, personal contact data, and travel schedules as private, reducing exposure and commercial circulation of sensitive details.
- Immediate family members and household occupants — receive the same protections by family/household inclusion, which covers spouses, children under 18, parents, and others living in the same household, limiting doxxing risk tied to family routines.
- Former Members of Congress — are explicitly included, so post‑service residential and contact protections extend beyond tenure in office, reducing long‑term risk from commercial data trades.
Who Bears the Cost
- Commercial data brokers and aggregators — face an outright prohibition on knowingly selling, licensing, or purchasing covered information for at‑risk individuals, requiring business model changes, compliance screening, and possible revenue loss.
- Websites and online publishers — must build intake, takedown, and non‑transfer workflows to remove covered information within 72 hours, manage appeals or exception determinations for newsworthy content, and track compliance across subsidiaries.
- Government agencies and legislative administrative offices — must operationalize written notice intake, mark records as private, and effectuate public‑facing removals within 72 hours, creating staffing, IT, and recordkeeping obligations that may require budget and procedural changes.
Key Issues
The Core Tension
The bill attempts to reconcile two legitimate objectives—protecting the personal safety and privacy of current and former Members, staff, and their families, and preserving press freedom and public access to government information—but the mechanisms (broad takedown duties, a short removal timeline, and a data‑broker sale ban) shift the balance toward privacy in ways that create operational burdens and ambiguous carve‑outs; the central question is how far safety‑focused protections should limit disclosure in the service of public accountability and free expression.
The bill raises several practical and legal implementation questions. Operationally, identifying covered information across sprawling public records and third‑party sites is nontrivial: agencies and publishers must decide whether to search for matches automatically or rely on individual notice, how to handle historical archives and cached copies, and how to scope ‘‘publicly available content’’ especially when content is syndicated.
The 72‑hour removal clock is a tight service‑level agreement for institutions that lack automated redaction tools, and it creates tension when publication involves third‑party platforms located abroad or when the publisher invokes a news or public‑interest exception that will likely require editorial or legal review before removal.
Legally, the bill’s carve‑outs (notably for news reporting and FEC filings) create ambiguity: actors could route controversial disclosures through candidate filings or claim public‑interest reporting to avoid takedown obligations, and courts will need to draw bright lines between protected safety interests and First Amendment protections. The data broker definition includes many common exclusions—financial institutions, consumer reporting agencies, HIPAA‑covered entities, and certain directory services—leaving room for adjacent businesses to perform broker‑like activity while arguing they fall outside the statute.
Finally, enforcement hinges on private injunctive actions rather than federal administrative enforcement or statutory damages, which may delay remedies and impose litigation burdens on protected individuals.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.