- Contact the Committee

STATEMENT
of the
MILITARY OFFICERS ASSOCIATION OF AMERICA
on
“THE VETERANS’ IDENTITY
AND CREDIT PROTECTION ACT OF 2006” (draft legislation)
before the
HOUSE VETERANS’ AFFAIRS COMMITTEE
July 18, 2006
Presented by
Colonel Robert F. Norton, USA (Ret.)
Deputy Director, Government Relations

Mr. CHAIRMAN AND DISTINGUISHED MEMBERS OF THE COMMITTEE, on
behalf of the 360,000 members of the Military Officers Association of America (MOAA), I am honored to have this opportunity to present the Association’s views on the “Veterans’ Identity and Credit Protection Act of 2006” (draft legislation).

MOAA does not receive any grants or contracts from the federal government.

OVERVIEW

MOAA believes the draft “Veterans Identify and Credit Protection Act of 2006” offers positive steps that will serve the interests of our nation’s veterans as well as those of the government. We applaud the Committee members for working in a bi-partisan manner to fashion a bill that serves the interests of our nation’s veterans.

MOAA supports the establishment of the position of Undersecretary for Information Services in the Department of Veterans Affairs, for two main reasons:

First, it will focus individual responsibility for centralizing and enforcing data security requirements. Second, we hope that establishing this organizational priority will also help advance the objective for the VA and the Department of Defense (DoD) to develop real and timely solutions to long-standing problems of data-sharing between those two departments.

SPECIFIC COMMENTS and RECOMMENDATIONS

Seamless Transition and Servicemember / Veteran Data Security

Entry into military service triggers the collection of personal information on our military men and women that is transmitted at various points of time to the VA. We know from the recent theft of a VA laptop that data on tens of thousands of records of currently serving military personnel were at risk. The establishment of an Under Secretary for Information Security / Chief Information Officer position should include overall responsibility within the VA for the coordination of personnel information reporting between the DoD and the VA.

Despite many years of prodding, consultation, and reports, VA and DoD information management systems still don’t really talk to each other. The Report of the President’s Task Force on Health Care Collaboration between the DoD and VA (2003) recommended as a priority the development of a single separation physical and bi-directional medical records between the two departments. There have been some improvements that allow viewing between the two departments of certain elements of each others’ data, but we’re little closer to having a bi-directional electronic medical record or an electronic DD-214 than we were twenty years ago. These “seamless transition” goals must be accomplished in a secure way to protect our veterans’ personal information.

The legislation does not address the responsibilities of the new CIO position in regard to coordination of information sharing and reporting between the DoD and the VA. And, clearly, the confidence of the DoD in the VA’s information security capability has been damaged.

Presently, the DoD – VA Joint Executive Council includes a Health Executive Council (HEC) and a Benefits Executive Council (BEC) to oversee policy coordination and collaboration between the Departments. MOAA recommends the Committee consider incorporating language in the bill that defines the role of the new Under Secretary of Information Security position in the DoD – VA Executive Council.

Provision of Credit Protection Services and Fraud Resolution Services (Section 5725)

MOAA appreciates the inclusion of specific language in Section 5725, Subsections (g), (h), (i) and (j) that would provide credit reporting and fraud resolution services at the request of a veteran in the event of a data breach “at no cost to the individual.”

Education and outreach to veterans and survivors will be extremely important to the successful implementation of Section 5725 of the draft bill.

MOAA recommends that the bill language include a requirement for the VA to develop and promulgate through its Veterans Integrated Service Networks (VISNs) and print / electronic media an explanation of the services that would be provided in the event of a data breach as set forth in the bill.

We also support the provision that would authorize the VA to enter into pre-positioned contracts to protect the interests of current and future veterans who may be subject to financial or other risk through breaches of their personal information.

MOAA would, however, recommend a word change in Section 5725(e) to ensure that veterans would not be charged for receiving services under agreements between the VA and credit reporting agencies: “Any such agreement shall [vice ‘may’] include provisions for the Secretary to pay the expenses of such a credit reporting agency for the provision of such services.”

Social Security Account Number (SSAN) Access. MOAA supports the Committee’s objective to curtail routine use of and access to veterans’ SSANs. We believe all government agencies that use the SSAN as a record identifier should begin now to develop alternative identifiers that pose less risk of identity theft. We understand that such an effort may well pose significant challenges. But, if other large bureaucracies such as the state of Virginia can develop alternate identification numbers for state residents to place on their drivers’ licenses, federal agencies should strive to offer at least the same level of protection.

Coordination and Integration of the CIO Position within the VA. In MOAA’s view it will be extremely important for the Secretary of Veterans’ Affairs to ensure that the new CIO position is fully integrated with the VA Health, Benefits, and Memorial Affairs Administrations. The CIO role in some major corporations is to support line operations. However, in today’s management environment, the security of data must be a paramount concern of government and private organizations alike. Veterans must have confidence in the ability of the VA to protect their personal information. Building a culture that demands security over personal information will be a key measure of merit for the new CIO.

Conclusion

The Military Officers Association of America greatly appreciates the opportunity to present its views on the Veterans’ Identity and Credit Protection Act of 2006.