Veterans' Affairs Data Breach Legislation
The House Veterans Affairs Committee, responding to the May 2006 theft of a laptop containing information on over 26 million veterans and active duty personnel, has approved legislation improving and reorganizing cybersecurity activities in the Department of Veterans’ Affairs. This follows a series of hearings the committee has held over the last 2 months – USACM Chair Eugene Spafford (Spaf) testified at one of these hearings.
The legislation (PDF) provides for credit remediation and related services for veterans whose information was compromised as a result of the data theft. It also establishes an undersecretary of information services, who would have the responsibilities of the chief information officer (CIO). Three new deputy undersecretaries for security, operations and management, and policy and planning would report to the new undersecretary. Finally, recognizing the need for trained computer security professionals (as Spaf emphasized during his testimony), the bill creates up to five scholarships (amended from three) per year for students pursuing doctoral degrees in information security, computer engineering or electrical engineering. These students would work at the VA two years for every year of scholarship support.
As more and more data breaches make the news, we can expect that additional data breach legislation will be considered. For instance, Rep. Davis (R-VA), chair of the House Government Reform Committee, introducted legislation this week requiring federal agencies to notify the public about data breaches involving sensitive information. The chair of the Veterans’ Affairs Committee is a co-sponsor of the bill.