09/21/12 Wednesday, Congressman Joe Donnelly’s bill, The Veterans Data Breach Timely Notification Act, H.R. 3730, passed the House of Representatives as part of H.R. 5948, The Veterans Fiduciary Reform Act. Donnelly’s bill had earlier passed the House Committee on Veterans’ Affairs as an amendment to H.R. 5948 in July.
“We should do everything in our power to prevent data breaches from occurring. In the unfortunate event that a breach happens, our veterans and their families should be notified as soon as practically possible if their sensitive information has been compromised,” said Donnelly. “Current law gives the VA a full thirty days to notify veterans if their personal information may have been compromised, but that is too long. My legislation would ensure veterans are alerted within ten business days. I’m pleased that others support this common-sense change, including the American Legion and VetsFirst.”
Donnelly’s legislation would require the Department of Veterans’ Affairs (VA) to notify veterans of a data breach of sensitive personal information within ten business days, or, with an extension, fifteen business days. The VA could use the extension in situations where they need additional time to identify affected individuals or to prevent a further breach or unauthorized disclosure. Currently, the VA’s internal policy allows them thirty days to notify those affected by a data breach.
More specifically, the Veterans Data Breach Timely Notification Act would:
- Require the VA to notify individuals affected by a data breach and Congress within ten business days from the date of the incident.
- Require contractors that maintain or process information containing sensitive personal information on behalf of the VA to notify individuals affected by a data breach and Congress within ten business days from the date of the incident.
- Allow the ten business day notification deadline to be extended to fifteen business days if the VA requires additional time to identify affected individuals or prevent a further breach or unauthorized disclosure.
The Veterans Fiduciary Reform Act is now pending before the Senate.