12/22/11 This week, Congressman Joe Donnelly introduced The Veterans Data Breach Timely Notification Act, H.R. 3730, which would require the Department of Veterans Affairs (VA) to notify veterans of a data breach of sensitive personal information within five business days, or, with an extension, ten business days. The VA could use the extension in situations where they need additional time to identify affected individuals or to prevent a further breach or unauthorized disclosure. Currently, the VA’s internal policy allows them thirty days to notify those affected by a data breach.
“In the unfortunate event of a breach of sensitive information, veterans and their families should be notified in a timely manner,” said Donnelly. “The current thirty day window for the VA to inform those affected by a breach is not fast enough. My bill would change that window to five days to better serve our veterans, who have served us.”
The Veterans Data Breach Timely Notification Act would:
- Require the VA to notify individuals affected by a data breach and Congress within five business days from the date of the incident.
- Require contractors that maintain or process information containing sensitive personal information on behalf of the VA to notify individuals affected by a data breach and Congress within five business days from the date of the incident.
- Allow the five business day notification deadline to be extended to ten business days if the VA requires additional time to identify affected individuals or prevent a further breach or unauthorized disclosure.
The Veterans Data Breach Timely Notification Act was sent to the House Committee on Veterans’ Affairs for its consideration.
