[ISN] Bush signs VA bill that protects data from misuse

From: InfoSec News (alerts@private)
Date: Wed Dec 27 2006 - 22:44:34 PST


By Mary Mosquera
GCN Staff

President Bush signed into law a $3.2 billion bill that will improve 
veterans benefits, health care, the security of their sensitive data 
and, when it occurs, its response to a comprehensive breach.

The Veterans Benefits, Health Care and Information Technology Act of 
2006, S. 3421, directs the Veterans Affairs Department to notify 
veterans promptly in the case of a data breach and to provide fraud 
alerts, data breach analysis, reports to Congress, credit monitoring and 
identity theft insurance. The bill also supports an Information Security 
Education Assistance program, an incentive to give VA the ability to 
recruit personnel with the IT skills necessary to meet department 

The legislation is the result of the theft in May of a VA laptop that 
contained the personal information of millions of veterans. It was the 
governments largest data security breach.

The bills provisions follow on VAs decision to completely centralize its 
IT environment, including enforcement of data security.

Nearly a decade of committee oversight, including 16 hearings, is paying 
off with secretary Nicholsons commendable decision to centralize the 
management of VAs information technology and security systems, said Rep. 
Steve Buyer (R-Ind.), outgoing chairman of the House Veterans Affairs 
Committee, who introduced the original legislation to strengthen VA 

The VA bill also boosts funds for more clinicians treating veterans for 
post traumatic stress disorder as they return from the wars in 
Afghanistan and Iraq, construction of health care facilities and 
expansion of tele-health initiatives for rural veterans. It establishes 
an Office of Rural Health.

In another IT security-related bill that the president signed Friday, 
the Undertaking Spam, Spyware and Fraud Enforcement with Enforcers 
beyond Borders Act of 2006 or the U.S. SAFE WEB Act of 2006, S. 1608, 
authorizes the Federal Trade Commission to assist and share information 
with foreign law enforcement agencies. It provides for procedures for 
confidentiality and delayed notification when requesting information 
about suspected perpetrators of fraud and protection to organizations 
for delivering information.

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Wed Dec 27 2006 - 23:08:12 PST