A massive security breach at the U.S. Department of VeteransAffairs (VA) this month may refocus Congress on stalled data breachlegislation, some backers of the legislation said.
The VA data theft, involving the unencrypted personal records of26.5 million military veterans and their spouses, lead to amanagement shakeup at the VA last week. Several members of Congressare calling on colleagues to move ahead with bills that wouldrequire breached companies to report losses to affectedcustomers.
More than 10 data breach bills have been introduced in Congresssince 2005, but none has made it through in the last year. Congressis scheduled to adjourn for the year in early October, and anybills not passed by then would have to be reintroduced in 2007.
The VA data theft happened May 3 after a break-in at a VAanalyst’s home. The analyst had taken home the database ofveterans’ names, dates of birth, Social Security numbers, and somehealth records to work on a project, according to the VA.
Data breaches like the VA’s highlight the need for data breachlegislation, Representative Cliff Stearns, a Florida Republican andsponsor of another data breach notification bill, said in astatement. Stearns said his bill, which also requires the U.S.Federal Trade Commission to create data-handling rules, “goes tothe heart of this problem of the critical need to protectconsumers’ personal information.”
Some observers see the VA data theft as a wake-up call forCongress, but that still doesn’t mean that any legislation willpass this year, especially with multiple bills to reconcile, saidAri Schwartz , deputy director at the Center for Democracy andTechnology (CDT).
“The politics are very complex and there is not that much timeleft,” he said.