[Congressional Record (Bound Edition), Volume 152 (2006), Part 8]
[Extensions of Remarks]
[Page 10867]
[From the U.S. Government Publishing Office, www.gpo.gov]




INTRODUCTION OF ``NOTIFICATION OF RISK TO PERSONAL DATA ACT'' H.R. 5582

                                 ______
                                 

                            HON. TOM LANTOS

                             of california

                    in the house of representatives

                         Monday, June 12, 2006

  Mr. LANTOS. Mr. Speaker, I rise to inform my colleagues that I am 
introducing legislation to protect the privacy rights of Americans. 
This bill will require Federal agencies that possess electronic data 
containing personal information to disclose any unauthorized 
acquisition of such information. Under this legislation, the same 
requirement will be made of ``people''--corporations, institutions and 
individuals--who engage in interstate commerce.
  The point is simple: People should be notified when information about 
them that is personal and potentially sensitive is stolen from a 
corporation or a government agency. We cannot rely on these entities to 
report such a theft on their own, since they might try to cover up the 
data loss to avoid adverse publicity.
  The most salient example of the need for such protection is the 
recent shameful episode in which it took the Veterans Administration 
three weeks to announce that personal information including names, 
birth dates, and social security numbers of millions of veterans had 
been stolen from the home of a VA employee. Keeping the problem under 
wraps for three weeks is not the way to protect our veterans from the 
potential theft of their identities. Many veterans have called my 
office expressing concern about their financial safety, and I am 
appalled the VA has not done more to protect them.
  The stolen information included the name, social security number, and 
date of birth for approximately 19.6 million veterans. Disability 
ratings for some veterans were also included in these files. On June 6, 
2006, the VA announced that the stolen files might also have included 
data on 1.1 million active duty members of the military, 430,000 
members of the National Guard, and 645,000 members of the Reserves.
  On June 8, 2006, the House Committee on Government Reform, on which I 
serve, conducted a hearing entitled, ``Once More into the Data Breach: 
The Security of Personal Information at Federal Agencies.''
  During the hearing, U.S. Comptroller General David Walker testified 
that legislation is needed requiring agencies to notify those whose 
privacy is violated. The Comptroller General said, ``Public disclosure 
of major data breaches is a key step to make sure personal data is 
safeguarded.''
  Congress should act on this issue, and it is time for us to give 
Americans the notice they need to protect themselves from identity 
thieves. My colleague, Senator Dianne Feinstein, first introduced the 
Senate version of the bill I am introducing today. I commend her 
excellent work in this area, and I am hopeful that moving this bill in 
the House will expedite needed action.

                          ____________________