Bush signs VA bill that protects data from misuse

President Bush signed into law a $3.2 billion bill that will improve veterans' benefits, health care, the security of their sensitive data and, when it occurs, its response to a comprehensive breach.

The Veterans Benefits, Health Care and Information Technology Act of 2006, S. 3421, directs the Veterans Affairs Department to notify veterans promptly in the case of a data breach and to provide fraud alerts, data breach analysis, reports to Congress, credit monitoring and identity theft insurance. The bill also supports an Information Security Education Assistance program, an incentive to give VA the ability to recruit personnel with the IT skills necessary to meet department requirements.

The legislation is the result of the theft in May of a VA laptop that contained the personal information of millions of veterans. It was the government's largest data security breach.

The bill's provisions follow on VA's decision to completely centralize its IT environment, including enforcement of data security.

'Nearly a decade of committee oversight, including 16 hearings, is paying off with secretary Nicholson's commendable decision to centralize the management of VA's information technology and security systems,' said Rep. Steve Buyer (R-Ind.), outgoing chairman of the House Veterans Affairs Committee, who introduced the original legislation to strengthen VA security.

The VA bill also boosts funds for more clinicians treating veterans for post traumatic stress disorder as they return from the wars in Afghanistan and Iraq, construction of health care facilities and expansion of tele-health initiatives for rural veterans. It establishes an Office of Rural Health.

In another IT security-related bill that the president signed Friday, the Undertaking Spam, Spyware and Fraud Enforcement with Enforcers beyond Borders Act of 2006 or the U.S. SAFE WEB Act of 2006, S. 1608, authorizes the Federal Trade Commission to assist and share information with foreign law enforcement agencies. It provides for procedures for confidentiality and delayed notification when requesting information about suspected perpetrators of fraud and protection to organizations for delivering information.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected