The U.S. House of Representatives approved on Tuesday night language that expands the scope of a law that would protect veterans from identity theft by mandating all federal agencies alert the public when they suffer breaches of sensitive information.
The language, introduced by Rep. Tom Davis, R-Va., is part of larger legislation, the Veterans Identity and Credit Security Act of 2006. That law was drawn up in July as a response to the laptop theft of a U.S. Department of Veteran Affairs (VA) employee in May, in which the personal information of some 26.5 million veterans and active military personnel was breached.
The bill, drafted by the House Committee on Veterans' Affairs and now awaiting Senate approval after passing the House on Tuesday, offers remediation services - including credit monitoring and fraud resolution - to any veteran whose sensitive data is compromised by the VA. In addition, the law would create a VA undersecretary of information services.
"Congress has acted to protect our veterans," Rep. Steve Buyer, R-Ind., Veterans' Affairs Committee chairman, said in July. "This legislation works to correct the mismanagement that led to the data theft in May."
The contribution made by Davis, who heads up the House Committee on Government Reform, amends the Federal Information Security Management Act of 2002 by requiring federal agencies establish policies to follow if personal information is lost or stolen.
In his testimony Tuesday night on the House floor, Davis referred to the approximate two-week lapse between the time the VA laptop was stolen and the time the agency reported the breach.
"Secure information is the lifeblood of effective government policy and management, yet federal agencies continue to hemorrhage vital data," he said. "Recent losses of personal information compel us to ask: What is being done to protect the sensitive digital identities of millions of Americans, and how can we limit the damage when personal data does go astray?"
Davis' testimony came less than a week after the U.S. Department of Commerce announced in a statement that 1,138 agency laptops have either been lost or stolen since 2001. Of the computers, 249 contained personally identifiable information, although encryption software likely would have limited access to the systems.
The agency, which said it is not aware of any laptops being illegally accessed, conducted the review "in response to broad, government-wide congressional and public inquiries," according to a Thursday statement.
Click here to email Dan Kaplan.