


109 HR 5487 IH: To require the Secretary of Veterans Affairs to take

U.S. House of Representatives
2006-05-25
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.


	
		I
		109th CONGRESS
		2d Session
		H. R. 5487
		IN THE HOUSE OF REPRESENTATIVES
		
			May 25, 2006
			Ms. Hooley (for
			 herself, Mr. LaTourette,
			 Ms. Bean, Mr. Baker, Mr. Moore
			 of Kansas, Mr. Kanjorski,
			 Mr. Crowley,
			 Mrs. McCarthy,
			 Mr. Meeks of New York,
			 Mr. Hinojosa,
			 Ms. Moore of Wisconsin,
			 Mr. Clay, Mrs. Kelly, Ms.
			 Harman, Mr. Larson of
			 Connecticut, Mr. Rahall,
			 Mr. Delahunt,
			 Ms. Corrine Brown of Florida,
			 Mr. Kucinich,
			 Mr. Michaud,
			 Mr. Davis of Alabama,
			 Mr. Al Green of Texas,
			 Mr. Scott of Georgia,
			 Mr. Lynch,
			 Mr. Grijalva,
			 Ms. DeGette,
			 Ms. Bordallo,
			 Mr. Baca, Mr. Smith of Washington,
			 Mr. Clyburn,
			 Mr. Conyers,
			 Mr. Thompson of Mississippi,
			 Mr. Dicks,
			 Mr. Inslee,
			 Mr. Pomeroy,
			 Mr. Filner,
			 Mr. Ramstad,
			 Ms. Wasserman Schultz,
			 Mr. Walden of Oregon,
			 Mr. DeFazio,
			 Mr. Baird, and
			 Ms. Herseth) introduced the following
			 bill; which was referred to the Committee
			 on Veterans’ Affairs
		
		A BILL
		To require the Secretary of Veterans Affairs to take
		  certain actions to mitigate the effects of the breach of data security that
		  occurred, or is likely to have occurred, in May, 2006, at the Department of
		  Veterans Affairs, and for other purposes.
	
	
		1.Short titleThis Act may be cited as the
			 Veterans' ID Theft Protection Act of 2006.
		2.Actions required
			 with respect to Veterans Administration data breach
			(a)In
			 generalWith respect to the
			 breach of data security that occurred, or is likely to have occurred, in May,
			 2006, at the Department of Veterans Affairs, the Secretary of Veterans Affairs
			 shall take the following actions with respect to such breach in addition to any
			 other actions the Secretary may determine to be appropriate.
				(1)System
			 restoration requirementsThe
			 Secretary shall take prompt and reasonable measures to—
					(A)repair the breach
			 and restore the security and confidentiality of the sensitive financial
			 personal information involved to limit further unauthorized misuse of such
			 information; and
					(B)restore the
			 integrity of the Department’s data security safeguards and make appropriate
			 improvements to its data security policies and procedures.
					(2)Notice
			 requirements
					(A)In
			 generalThe Secretary shall
			 without unreasonable delay notify any person affected by the breach in the
			 manner provided in this paragraph, as well as—
						(i)each nationwide consumer reporting agency
			 described in section 603(p) of the Fair Credit Reporting Act with respect to
			 the breach itself and each person affected by the breach; and
						(ii)any
			 other appropriate critical third parties who will be required to undertake
			 further action with respect to such information to protect such persons from
			 resulting fraud or identity theft.
						(B)Content of
			 noticeAny notice required to
			 be provided under subparagraph (A) by the Secretary to any person affected by
			 the breach shall be provided in a standardized transmission or envelope clearly
			 marked as containing an important notice from the Department of Veterans
			 Affairs on stolen identity information, and shall include the following in a
			 clear and conspicuous manner:
						(i)An
			 appropriate heading or notice title.
						(ii)A
			 description of the nature and types of information and accounts as appropriate
			 that were, or are reasonably believed to have been, subject to the breach of
			 data security.
						(iii)If
			 known, the date, or the best reasonable approximation of the period of time, on
			 or within which sensitive personal information related to the consumer was, or
			 is reasonably believed to have been, subject to a breach.
						(iv)A
			 general description of the actions taken by the Secretary to restore the
			 security and confidentiality of the breached information.
						(v)A telephone number by which any person
			 affected by the breach may call the Department of Veterans Affairs, free of
			 charge, to obtain additional information about how to respond to the
			 breach.
						(vi)A copy of the summary of rights of consumer
			 victims of fraud or identity theft prepared by the Federal Trade Commission
			 under section 609(d) of the Fair Credit Reporting Act, as well as any
			 additional appropriate information on how the person affected by the breach
			 may—
							(I)obtain a copy of a
			 consumer report free of charge in accordance with section 612 of the Fair
			 Credit Reporting Act;
							(II)place a fraud
			 alert in any file relating to the person at a consumer reporting agency under
			 section 605A of such Act to discourage unauthorized use; and
							(III)contact the
			 Federal Trade Commission for more detailed information.
							(vii)A prominent statement that file monitoring
			 will be made available upon request in accordance with paragraph (3) to the
			 person affected by the breach free of charge for a period of not less than 6
			 months, together with a telephone number at the Department of Veterans Affair
			 for requesting such services. The statement may also include such additional
			 contact information as a mailing address, e-mail, or Internet website
			 address.
						(viii)The approximate
			 date the notice is being issued.
						(C)Responsibility
			 and costs
						(i)In
			 generalThe Secretary of
			 Veterans Affairs shall be—
							(I)responsible for
			 providing any notices and file monitoring required under this section with
			 respect to such breach; and
							(II)responsible for
			 the reasonable actual costs of any notices provided under this section.
							(ii)No charge to
			 persons affected by the breachThe cost for the notices and file
			 monitoring described in clause (i) may not be charged to the persons affected
			 by the breach.
						(3)Free file
			 monitoringThe Secretary of
			 Veterans Affairs, if requested by the person affected by the breach before the
			 end of the 90-day period beginning on the date of such notice, shall make
			 available to the person, free of charge and for at least a 6-month period a
			 service that monitors nationwide credit activity regarding a consumer from a
			 consumer reporting agency described in section 603(p) of the Fair Credit
			 Reporting Act.
				(b)Negotiating
			 authorityThe Secretary of
			 Veterans Affairs shall have broad authority to secure the best possible price
			 for credit monitoring services on behalf of taxpayers.
			(c)Authorization of
			 appropriationsThere are
			 authorized to be appropriated to the Secretary of Veterans Affairs the sum of
			 $100,000,000 to carry out the requirements of this section.
			
