Bush signs VA bill that guards sensitive data

President Bush signed into law a $3.2 billion bill that will improve veterans' benefits, health care, the security of their sensitive data and, when it occurs, its response to a comprehensive breach.

The Veterans Benefits, Health Care and Information Technology Act of 2006, S. 3421, directs the Veterans Affairs Department to notify veterans promptly in the case of a data breach and to provide fraud alerts, data breach analysis, reports to Congress, credit monitoring and identity theft insurance. The bill also supports an Information Security Education Assistance program, an incentive to give VA the ability to recruit personnel with the IT skills necessary to meet department requirements.

The legislation is the result of the theft in May of a VA laptop that contained the personal information of millions of veterans. It was the government's largest data security breach.

The bill's provisions follow on VA's decision to completely centralize its IT environment, including enforcement of data security.

"Nearly a decade of committee oversight, including 16 hearings, is paying off with secretary Nicholson's commendable decision to centralize the management of VA's information technology and security systems," said Rep. Steve Buyer (R-Ind.), outgoing chairman of the House Veterans Affairs Committee, who introduced the original legislation to strengthen VA security.

The VA bill also boosts funds for more clinicians treating veterans for post traumatic stress disorder as they return from the wars in Afghanistan and Iraq, construction of health care facilities and expansion of tele-health initiatives for rural veterans. It establishes an Office of Rural Health.

In another IT security-related bill that the president signed Friday, the Undertaking Spam, Spyware and Fraud Enforcement with Enforcers beyond Borders Act of 2006 or the U.S. SAFE WEB Act of 2006, S. 1608, authorizes the Federal Trade Commission to assist and share information with foreign law enforcement agencies. It provides for procedures for confidentiality and delayed notification when requesting information about suspected perpetrators of fraud and protection to organizations for delivering information.

Mary Mosquera is a staff writer for Washington Technology's affiliate publication, Government Computer News.