


109 HR 5783 IH: To amend title 38, United States Code, to improve the

U.S. House of Representatives
2006-07-13
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.


	
		I
		109th CONGRESS
		2d Session
		H. R. 5783
		IN THE HOUSE OF REPRESENTATIVES
		
			July 13, 2006
			Mr. Bilbray
			 introduced the following bill; which was referred to the
			 Committee on Veterans’
			 Affairs
		
		A BILL
		To amend title 38, United States Code, to improve the
		  security of sensitive personal data processed or maintained by the Secretary of
		  Veterans Affairs.
	
	
		1.Short titleThis Act may be cited as the
			 Comprehensive Credit Services for Veterans Act of 2006.
		2.Security of
			 sensitive personal data processed or maintained by the Secretary of Veterans
			 Affairs
			(a)Data
			 securitySubchapter I of
			 chapter 57 of title 38, United States Code, is amended by adding at the end the
			 following new section:
				
					5706.Security of
				sensitive personal data
						(a)Comprehensive
				credit servicesIn the event of a data breach with respect to
				data processed or maintained by the Secretary, the Secretary shall provide
				comprehensive credit services to an individual whose sensitive personal data is
				potentially compromised as a result of the data breach upon the request of the
				individual. Comprehensive credit services under this subsection shall include
				each of the following:
							(1)Credit reporting and monitoring services
				for not less than 12 months beginning on the date on which the Secretary
				notifies the individual of the data breach.
							(2)Credit alerts and
				security freezes.
							(3)Identity theft insurance in a coverage
				amount that does exceed $30,000 in aggregate liability for the insured.
							(4)Fraud resolution
				services designed to assist the individual in recovering and rehabilitating the
				individual’s credit in the event of identity theft or fraud.
							(5)Any other service
				that the Secretary determines is appropriate.
							(b)Notification of
				data breachThe Secretary
				shall notify any individual whose sensitive personal data is compromised as a
				result of a data breach with respect to data processed or maintained by the
				Department. Upon assessment of the personal impact of the security breach, each
				individual whose personal information was compromised shall be notified as
				promptly as possible. Such notification shall include a description of the
				comprehensive credit services available under this section and instructions for
				requesting such services.
						(c)Authority to
				contract for servicesThe
				Secretary shall enter into such agreements and contracts as may be necessary to
				provide the comprehensive credit services under subsection (a).
						(d)DefinitionsFor
				the purposes of this section:
							(1)The term
				data breach means the loss, theft, or other unauthorized access
				to data containing sensitive personal data, in electronic or printed form, that
				results in the potential compromise of the confidentiality or integrity of the
				data.
							(2)The term
				sensitive personal data means the name, address, or telephone
				number of an individual, in combination with any of the following:
								(A)The Social
				Security number of the individual.
								(B)The date of birth
				of the individual.
								(C)Any information
				not available as part of the public record regarding the individual’s military
				service or health.
								(D)Any financial
				account or other financial information relating to the individual.
								(E)The driver’s
				license number of the individual.
								(e)Authorization of
				appropriationsThere are authorized to be appropriated such sums
				as may be necessary to carry out this
				section.
						.
			(b)Clerical
			 amendmentThe table of sections at the beginning of such chapter
			 is amended by inserting after the item relating to section 5705 the following
			 new item:
				
					
						5706. Security of sensitive personal
				data.
					
					.
			(c)Deadline for
			 regulationsNot later than 90 days after the date of the
			 enactment of this Act, the Secretary of Veterans Affairs shall publish
			 regulations to carry out section 5706 of title 38, United States Code, as added
			 by subsection (a).
			
