This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Legislation to protect veterans' personal information passes House

Share this article:

The U.S. House of Representatives approved on Tuesday night language that expands the scope of a law that would protect veterans from identity theft by mandating all federal agencies alert the public when they suffer breaches of sensitive information.

The language, introduced by Rep. Tom Davis, R-Va., is part of larger legislation, the Veterans Identity and Credit Security Act of 2006. That law was drawn up in July as a response to the laptop theft of a U.S. Department of Veteran Affairs (VA) employee in May, in which the personal information of some 26.5 million veterans and active military personnel was breached.

The bill, drafted by the House Committee on Veterans' Affairs and now awaiting Senate approval after passing the House on Tuesday, offers remediation services - including credit monitoring and fraud resolution - to any veteran whose sensitive data is compromised by the VA. In addition, the law would create a VA undersecretary of information services.

"Congress has acted to protect our veterans," Rep. Steve Buyer, R-Ind., Veterans' Affairs Committee chairman, said in July. "This legislation works to correct the mismanagement that led to the data theft in May."

The contribution made by Davis, who heads up the House Committee on Government Reform, amends the Federal Information Security Management Act of 2002 by requiring federal agencies establish policies to follow if personal information is lost or stolen.

In his testimony Tuesday night on the House floor, Davis referred to the approximate two-week lapse between the time the VA laptop was stolen and the time the agency reported the breach.

"Secure information is the lifeblood of effective government policy and management, yet federal agencies continue to hemorrhage vital data," he said. "Recent losses of personal information compel us to ask: What is being done to protect the sensitive digital identities of millions of Americans, and how can we limit the damage when personal data does go astray?"

Davis' testimony came less than a week after the U.S. Department of Commerce announced in a statement that 1,138 agency laptops have either been lost or stolen since 2001. Of the computers, 249 contained personally identifiable information, although encryption software likely would have limited access to the systems.

The agency, which said it is not aware of any laptops being illegally accessed, conducted the review "in response to broad, government-wide congressional and public inquiries," according to a Thursday statement.

Click here to email Dan Kaplan.

Share this article:

Next Article in News

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Cyber security still a learning curve for most companies

Cyber security still a learning curve for most ...

Poor network visibility, outdated security tools, a skills shortage and a lack of control in the cloud are just some of the reasons companies are struggling with cyber-security, say two ...

WorldPay hacker sentenced to 11 years for role in £6 million scheme

WorldPay hacker sentenced to 11 years for role ...

An Estonian man, who helped hack payment processor RBS WorldPay in 2008, has now been sentenced to 11 years in prison for his involvement in the £5.9 (US$ 9.4 million) ...

'Sophisticated' Chinese hackers launched attacks against 43,000 computer systems

'Sophisticated' Chinese hackers launched attacks against 43,000 computer ...

A new report reveals that a Chinese cyber-espionage group is closely affiliated with government and carried out attacks against the likes of Fortune 500 companies and government agencies.