H.R.5835 - Veterans Identity and Credit Security Act of 2006109th Congress (2005-2006)
Summary: H.R.5835 — 109th Congress (2005-2006)
Passed House amended (09/26/2006)
Veterans Identity and Credit Security Act of 2006 - (Sec. 2) Requires: (1) the Director of the Office of Management and Budget (OMB) to establish policies and standards for federal agencies to follow in the event of a breach of data security involving the disclosure of sensitive personal information (SPI) for which harm to an individual could reasonably be expected to result; (2) the head of each federal agency to delegate to that agency's Chief Information Officer the authority to develop and maintain an inventory of all employee personal computers, laptops, or other hardware containing SPI; (3) each federal agency to establish procedures for notifying individuals whose SPI is compromised; and (4) each agency's Chief Human Capital Officer to prescribe policies and procedures for exit interviews of employees, including an accounting of federal property that was assigned to the employee.
(Sec. 3) Establishes in the Department of Veterans Affairs (VA): (1) an Under Secretary for Information Services, who shall also serve as the VA's Chief Information Officer; and (2) three Deputy Under Secretaries.
(Sec. 4) Outlines responsibilities of the VA's Chief Information Officer with respect to personal information security management. Requires an annual report from the Secretary of Veterans Affairs to specified congressional committees on VA compliance with federal information security requirements. Directs the VA's Chief Information Officer to report: (1) at least monthly to the Secretary any deficiency with such compliance; and (2) immediately any significant compliance deficiency or any data breach. Requires the Secretary, upon notification of a data breach, to notify the OMB Director, the VA Inspector General, and, if appropriate, the Federal Trade Commission (FTC) and U.S. Secret Service.
Directs the Secretary, at the time of each annual budget submission, to report to Congress on amounts requested by the VA for implementation and remediation of, and compliance with, federal personal information security requirements. Requires the Secretary to: (1) report quarterly to the veterans' committees on any SPI data breach during the previous quarter; and (2) notify such committees of significant data breaches.
Directs the Secretary to ensure that, in the event of a data breach, a non-VA entity conducts an independent risk analysis of potential misuse of SPI in the data breach. Requires the Secretary, if a potential for misuse is determined, to provide to affected individuals credit protection services, fraud alerts, and credit security freezes through credit reporting agencies.
Requires the Secretary to promptly notify all individuals whose SPI is involved in a data breach. Provides confidentiality requirements for VA contractors who perform any function that requires access to SPI.
(Sec. 5) Requires a report from the Secretary to Congress on the feasibility of using personal identification numbers instead of Social Security numbers for identifying individuals whose SPI is processed or maintained by the VA.
(Sec. 6) Requires, within 180 days after the enactment of this Act, the: (1) President to nominate an individual to serve as the Under Secretary for Information Services; and (2) the Secretary to appoint each of the Deputy Under Secretaries. Requires monthly reports from the Secretary to Congress until such appointments are made.
(Sec. 7) Directs the Secretary, in order to ensure appropriate information security skills for VA employees, to carry out programs to provide financial support for the education of such personnel at institutions of higher education.
Directs the Secretary to establish a scholarship program under which the Secretary provides assistance to up to five individuals (one of whom may be a VA employee) pursuing a doctoral degree in computer science or computer engineering. Limits assistance to $50,000 per year and $200,000 over a five-year period for each individual. Requires, in return for the scholarship assistance, a period of obligated of service to be determined by the Secretary, but no less than two times the total period of pursuit of the degree for which the scholarship was awarded. Makes such service period in addition to any period of active duty or civil service for which the individual is already obligated. Requires pro rata scholarship repayment for any unserved period of obligated service.
Directs the Secretary to establish a debt reduction program under which the Secretary makes payments on loans taken by up to five individuals (one of whom may be a VA employee) who have completed a doctoral degree in computer science or electrical or computer engineering during the five-year period preceding the date on which the individual is hired. Limits payments to $16,500 per year and $82,500 over a five-year period for each individual.
Provides a first and second priority, in the provision of both the scholarship and debt reduction assistance, to: (1) veterans with service-connected disabilities; and (2) other veterans. Requires any veteran receiving assistance to have been discharged from the Armed Forces under honorable conditions. Terminates assistance authority on July 31, 2017. Requires a report from the CG to Congress on the scholarship and debt reduction programs.