http://www.gcn.com/online/vol1_no1/42841-1.html By Mary Mosquera GCN Staff 12/26/06 President Bush signed into law a $3.2 billion bill that will improve veterans benefits, health care, the security of their sensitive data and, when it occurs, its response to a comprehensive breach. The Veterans Benefits, Health Care and Information Technology Act of 2006, S. 3421, directs the Veterans Affairs Department to notify veterans promptly in the case of a data breach and to provide fraud alerts, data breach analysis, reports to Congress, credit monitoring and identity theft insurance. The bill also supports an Information Security Education Assistance program, an incentive to give VA the ability to recruit personnel with the IT skills necessary to meet department requirements. The legislation is the result of the theft in May of a VA laptop that contained the personal information of millions of veterans. It was the governments largest data security breach. The bills provisions follow on VAs decision to completely centralize its IT environment, including enforcement of data security. Nearly a decade of committee oversight, including 16 hearings, is paying off with secretary Nicholsons commendable decision to centralize the management of VAs information technology and security systems, said Rep. Steve Buyer (R-Ind.), outgoing chairman of the House Veterans Affairs Committee, who introduced the original legislation to strengthen VA security. The VA bill also boosts funds for more clinicians treating veterans for post traumatic stress disorder as they return from the wars in Afghanistan and Iraq, construction of health care facilities and expansion of tele-health initiatives for rural veterans. It establishes an Office of Rural Health. In another IT security-related bill that the president signed Friday, the Undertaking Spam, Spyware and Fraud Enforcement with Enforcers beyond Borders Act of 2006 or the U.S. SAFE WEB Act of 2006, S. 1608, authorizes the Federal Trade Commission to assist and share information with foreign law enforcement agencies. It provides for procedures for confidentiality and delayed notification when requesting information about suspected perpetrators of fraud and protection to organizations for delivering information. _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Wed Dec 27 2006 - 23:08:12 PST