VETERANS IDENTITY AND CREDIT SECURITY ACT OF 2006 -- (House of Representatives - September 26, 2006)
BREAK IN TRANSCRIPT
Mr. FILNER. Mr. Speaker, I yield myself such time as I may consume.
As Chairman Buyer stated, a near catastrophe occurred in early May of this year when a lap-top containing 26 million names and data, Social Security data and some medical data, was stolen from a VA employee's home. Now, this theft of data was not just human error, it was not just an accident, it was not just bad luck. As Mr. Buyer had been pointing out for many years, this was a systemic problem, a problem of incredibly bad management of cyberinformation at the VA, a lack of cybersecurity, a lack of centralization of responsibility for cybersecurity, and it could have resulted in identity theft for millions of our Nation's veterans.
We were lucky. Apparently, the lap-top was recovered before the names were stolen. Although I don't have 100 percent confidence in that judgment, that is what we think right now. But the Committee on Veterans' Affairs, under the leadership of Chairman Buyer, saw this as a wake-up call, a time to change failed policies, a time to change directions. Under the leadership of Chairman Buyer, the Committee on Veterans' Affairs took this wake-up call as an opportunity to change the way things were going, to change a backward culture, and to bring the VA into the 21st century.
Now, Mr. Buyer had been saying such things about the need for cybersecurity and the need for centralization for many years. I have to say, Mr. Buyer, that I admire your persistence and your lack of discouragement when people did not pay attention. We should have. But we are now, and we thank you for doing all that work at a time when people did not pay much attention.
I think you have, you have set up a model here in the bill that other Departments in the government should be looking at. You have set up a model where we can in fact say to the people who our government is serving, we are protecting your identity, we are protecting your data, we are making sure that if there is any breach of that, we will take these steps to make sure you don't have any losses, either material or psychological. And that was a real problem in the VA which you recognized.
When this data was stolen, there was incredible fear throughout the country, because the VA did not have the steps ready to take to assure the veterans that they would not suffer any material or other loss. So, Mr. Buyer, I thank you for working not only in a bipartisan manner, but bicameral and bicommittee. You brought everybody into the process.
The committee held hours and hours of hearings. We checked out all the expertise in the country. Our chairman, Mr. Buyer, brought expertise from all around the Nation. I think we took the role of oversight that is appropriate for every committee in this Congress, that is, we had a problem with the executive branch, we went to work to make sure that we had the knowledge, we had the information, we had the attention of the executive branch; and this bill is a result of that effort.
I think Mr. Buyer described what was in the bill. I just want to point out that it establishes data breach notification requirements, it makes substantive changes to how the VA addresses information technology, and it clarifies how the VA is to comply with the Federal Information Security Management Act of 2002.
Most importantly, it provides veterans with the tools that they can use immediately to protect themselves in the case of future data breaches. If a veteran's data is compromised, they can immediately request that a fraud alert be placed on their credit files for a period of 1 year, as well as a credit security freeze.
It also mandates that the VA undertake an independent analysis of any data breach, and if it is determined that a reasonable risk of misuse exists, then the VA will provide a range of remediation services, including making available data breach analysis, credit reports, credit monitoring services, and identity theft insurance.
Finally, and again, Mr. Buyer, your creativity here was very important, knowing that an agency like the VA, which does not have the background or information or expertise, you said let's create a scholarship fund so we can train people in this area and that the VA can fund and then draw on that new expertise to improve its services in the cybersecurity area.
So, again, I think this is a model for other agencies to look at, the way you looked at a problem and not only tried to solve it, but moved us forward with a real creative program of scholarship and loan forgiveness that I think will help students in our Nation and, of course, help our Federal Government.
The VA Secretary, Mr. Nicholson, has stated that the goal now is to make the VA the gold standard in data security. I hope he takes advantage of this bill to allow him to reach that goal.
I thank Chairman Buyer for the way he undertook the oversight, the bipartisan way we approached this bill, the drawing on all the Members for their ideas and their expertise, and I urge us all to support this bill.
Mr. Speaker, I reserve the balance of my time.