VA may need to create claims process: Buyer
- By Mary Mosquera
- Jun 08, 2006
If veterans' personal information is misused as a result of the recent massive data theft, the Veterans Affairs Department may need to put in place a claims adjudication process, a senior lawmaker said today.
"The government has breached a fiduciary responsibility. We were the custodians of the information that was lost and we now need to mitigate this loss, protect veterans and right the wrongs of the VA IT system," said House Veterans Affairs Committee Chairman Steve Buyer (R-Ind.). VA has to prepare to mitigate any damage to veterans if their information is sold, he added.
'That means I might have to create a claims adjudication process, similar to what the military does,' Buyer told reporters today after a closed roundtable discussion with industry, VA and Government Accountability Office IT representatives about VA's data security.
VA would have to gain authority for a claims process from Buyer's committee, which also would help shepherd the request for appropriations for it.
Major industry organizations'including Citigroup, Visa, the American Bankers Association and EMC Corp.'advised about how to handle security braches and mitigate the damage, 'and equally important, what is the architecture of your IT,' Buyer said.
All of the companies centralize their IT architecture, Buyer said. They have lines of authority, and the CIO has responsibility over personnel, hardware and software development. They talked about the importance of policies for the internal controls, which allow access but prevent information from being exportable.
VA has begun reorganizing its IT structure around a modified centralized model, called a federated model. The department CIO has budget and management authority over personnel and hardware, but not software development. That remains with VA's benefit, health care and burial administrations.
'The problems over the years in VA have been on the software development side,' he said.
His committee will hold four hearings this month on the VA data theft and security:
- June 14, with the VA IG and GAO to review previous cyber security recommendations
- June 22, with academic and industry experts to speak on operational aspects f IT security and the VA general counsel invited to testify on legal implications
- June 28, to consider the role of VA's CIO and the department's Office of Information and Technology
- June 29, VA Secretary Jim Nicholson to testify.