Legislation to protect veterans' personal information passes House

Share this article:

The U.S. House of Representatives approved on Tuesday night language that expands the scope of a law that would protect veterans from identity theft by mandating all federal agencies alert the public when they suffer breaches of sensitive information.

The language, introduced by Rep. Tom Davis, R-Va., is part of larger legislation, the Veterans Identity and Credit Security Act of 2006. That law was drawn up in July as a response to the laptop theft of a U.S. Department of Veteran Affairs (VA) employee in May, in which the personal information of some 26.5 million veterans and active military personnel was breached.

The bill, drafted by the House Committee on Veterans' Affairs and now awaiting Senate approval after passing the House on Tuesday, offers remediation services - including credit monitoring and fraud resolution - to any veteran whose sensitive data is compromised by the VA. In addition, the law would create a VA undersecretary of information services.

"Congress has acted to protect our veterans," Rep. Steve Buyer, R-Ind., Veterans' Affairs Committee chairman, said in July. "This legislation works to correct the mismanagement that led to the data theft in May."

The contribution made by Davis, who heads up the House Committee on Government Reform, amends the Federal Information Security Management Act of 2002 by requiring federal agencies establish policies to follow if personal information is lost or stolen.

In his testimony Tuesday night on the House floor, Davis referred to the approximate two-week lapse between the time the VA laptop was stolen and the time the agency reported the breach.

"Secure information is the lifeblood of effective government policy and management, yet federal agencies continue to hemorrhage vital data," he said. "Recent losses of personal information compel us to ask: What is being done to protect the sensitive digital identities of millions of Americans, and how can we limit the damage when personal data does go astray?"

Davis' testimony came less than a week after the U.S. Department of Commerce announced in a statement that 1,138 agency laptops have either been lost or stolen since 2001. Of the computers, 249 contained personally identifiable information, although encryption software likely would have limited access to the systems.

The agency, which said it is not aware of any laptops being illegally accessed, conducted the review "in response to broad, government-wide congressional and public inquiries," according to a Thursday statement.

Click here to email Dan Kaplan.

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.