Bipartisan bill secures personal information, bolsters VA?s IT ?backbone?
 

Washington, D.C. ? Bipartisan legislation to improve information security at the Department of Veterans Affairs (VA) received broad approval in testimony today from former VA chief information officers, veterans? advocates and legislators who had previously submitted their own proposals. The legislation requires prompt, veteran-friendly responses to data breaches that include free credit monitoring and insurance and ultimately strengthens VA?s information management backbone.

The Committee's newest member, Rep. Brian Bilbray (R-Calif), assumes the gavel from Chairman Buyer for the testimony of VA Deputy Secretary Gordon Mansfield during the hearing on legislation responding to the loss of personal data belonging to veterans, servicemembers and family members, July 18

?On May 25, we began a series of hearings to learn why the VA data breach occurred, what we can do to prevent its recurrence and how we can help any veteran harmed by data theft,? said Veterans? Affairs Committee Chairman Steve Buyer (R-Ind.) after a hearing that examined legislation drafted by the committee in cooperation with the House Committee on Government Reform. ?This bipartisan bill enables VA to help ensure veterans the peace of mind that their personal data is secure.?

The bill, slated to be marked-up Thursday, defines responsibilities within VA for the regular reporting of the department?s adherence to federal information security standards. It requires prompt reports of all future breaches to both federal authorities and to veterans whose information may be compromised. Affected veterans would be notified by VA and at their request would be provided guidance on available services ranging from credit reporting, freezes and alerts, to insurance against financial loss associated with theft. Veterans would be offered free credit counseling on the merits and any liabilities of the options available to them.

Louis Irvin, acting deputy executive director, Paralyzed Veterans of America (left), and Larry Madison, deputy legislative director The Retired Enlisted Association testifying on components of the proposed legislation that would require the Department of Veterans Affairs to notify veterans whose personal data is potentially compromised, and offer them credit monitoring free of charge.

?A breach involving a single veteran?s information is a serious incident and we will treat it that way,? said Buyer. ?We will go quickly to the veteran with full disclosure and with solutions in the event of a breach. The burden will be on the government to offer veterans effective and prompt remedies.?

The bill?s language complements a directive issued by VA Secretary R. James Nicholson on June 28, that gave the department?s chief information officer (CIO) centralized authority over all departmental information management. The bill would elevate the CIO to the position of under secretary for information services, the same level as the under secretaries who run VA?s health, benefits and memorial affairs administrations.

The elevation would strengthen the CIO?s ability to ensure adherence to federal policy. The under secretary would be aided by deputy under secretaries for security, operations and management, and policy and planning. Testimony during the committee?s June hearings revealed critical weaknesses in each of these areas, caused as much by a dysfunctional culture as by organizational flaws.

?Information security is a challenge that requires our continued stewardship as we work with VA to centralize its information management system,? said Buyer, referring to persistent internal and external opposition that has obstructed reform and left veterans vulnerable to fraud.

Language in the bill reflects recommendations drawn from proposals made by members of Congress since the May 3 data theft. Proposals included requirements that VA notify veterans of data loss and provide free credit monitoring. Responding to another proposal, the draft bill directs VA to determine the feasibility of using personal identification numbers instead of Social Security numbers to identify veterans using its system. Buyer, agreeing with much in these proposals, also called for credit insurance as well as monitoring.

?I appreciate the aggressive and bipartisan manner in which the committee has worked on this important issue,? said the committee?s acting ranking member, Bob Filner (D-Calif.). ?I am confident that we can produce a bill that will reflect our commitment to protecting veterans? sensitive information, provide essential services in the event of a data breach and address the cavalier manner in which the May 3rd breach and others have been handled by the VA.?

?The bipartisan work within our committee and with Chairman Davis of the Committee on Government Reform and Ranking Member Waxman has paid off in a strong bill that protects veterans,? Buyer said, referring to Thomas M. Davis (R-Va.) and Henry A. Waxman (D-Calif.). ?I look forward to bringing this to a vote in the House and seeing the Senate act quickly so that we can move this legislation to the President.?

(go back to VA Watchdog dot Org Home Page)
 

Now we have VA Watchdog Stuff

Cups, Hats, Shirts and more

Click here to order and support the site