- Contact the Committee

Testimony of Rep. Shelley Moore Capito
Veterans Identity Protection Legislation
July 18, 2006

Chairman Buyer, Ranking Member Evans, and Members of the Committee:

I want to thank you for holding this important hearing today and for giving me the opportunity to testify on the important issue of protecting the personal data of our nation’s veterans. My state of West Virginia has long had one of the highest per capita rates of military service, making veterans issues and the protection of personal data an issue with direct implications for tens of thousands of our state’s residents.

The loss of the personal data of over 26 million veterans and service personnel last month has highlighted the need for legislation to protect the credit of those who have bravely served our nation.

Identity theft can have extremely negative consequences for those impacted. Because the government handles large amounts of personal data, it is vital that we have policies to protect information from theft and help victims cope.

Later this week we will celebrate the 75th anniversary of the Department of Veterans Affairs. As the department carries out its mission of caring for our veterans, we must ensure the Department is adequately protecting veterans from identity theft.

First, I commend the Department for offering free credit reports to those veterans whose personal information was exposed. It is important that government take responsibility for its mistakes.

The legislation I introduced would establish an Office of Veterans Identity Protection within the Department to prevent the loss of personal data, and to work with credit reporting agencies, law enforcement agencies, and veterans to mitigate the impact if data is lost.

I commend the committee’s draft bill for its creation of a new Under Secretary for Information Services who would serve as a “Chief Information Officer” for the Department. Advances in technology open up exciting possibilities for using information, but the complexities involved in technology often make it that much easier for those who want to access data for illegal purposes. It is important that the Department of Veterans Affairs, and other government agencies, have a proper management structure in place to protect personal information.

It is important and appropriate that a mandate to properly report information losses to law enforcement entities, the Federal Trade Commission, this Congress, and the public be included in any legislation we pass. In the recent security breach, the VA initially attempted to resolve the situation internally. Clearly, the best chance we have to prevent lost or stolen data from being used by criminals is to get law enforcement involved as quickly as possible so they can begin recovery efforts.

Veterans themselves should be notified as quickly as possible so that they can immediately begin to monitor their bank accounts and credit activity. Congressional committees should be notified so that proper oversight can be exercised and if necessary, legislation to provide additional protection or help prevent future data losses can be considered promptly.

We must also remember that in the recent security breach, the personal data of up to 1.1 million active duty military personnel, 430,000 National Guard members, and 645,000 Reserve personnel were also compromised. My legislation would require that the Department of Veterans Affairs work closely with the Department of Defense to ensure that these active duty personnel have access to credit reporting services.

Our nation’s military forces, particularly those deployed in combat operations in Iraq, Afghanistan, and elsewhere around the globe already bear a heavy burden as they bravely defend our nation. The last thing they need to worry about is whether someone is illegally accessing their credit.

I believe strongly that anyone removing personal data without authorization should be punished. My bill contains a provision that would allow for criminal penalties for anyone who removes personal data without proper authorization. We can and should establish a structure within the Department to protect personal data, but these policies will not do much good if they are ignored. My bill would make it a felony, punishable by fines or up to two years in prison for removing personal data without proper authorization. I believe stiff penalties are important as a deterrent to violating data security procedures.

I agree with provisions of the Committee’s discussion draft that would prohibit the release of personal data by any Department contractor and require contracts to include penalties for data breaches that would pay for credit protection services. It is crucial that any contractor with access to personal data be a strong partner in protecting the identities of veterans.

Mr. Chairman, I want to thank you for your willingness to tackle this important issue to our nation’s veterans and look forward to working with you and other members of the committee to pass legislation to provide these vital identity protections.