From: Democratic Leader Pelosi <Democratic_Leader_Pelosi@mail.house.gov>
To: Democratic Leader Pelosi <Democratic_Leader_Pelosi@mail.house.gov>
Sent: Tue, 13 Jun 2006 17:12:49 -0400
Subject: Democrats Fight to Safguard Veterans Sensitive Personal Informati on

Please see a comprehensive fact sheet below titled "Democrats Fight to Safeguard Veterans' Sensitive Personal Information" as well as details on the new bill by Reps. Salazar and Evans "the Comprehensive Veterans' Data Protection and Identity Theft Prevention Act of 2006 (H.R. 5588).

Democrats, led by Reps. Salazar and Evans, are introducing the Comprehensive Veterans' Data Protection and Identity Theft Prevention Act of 2006 (H.R. 5588).  This comprehensive measure does the following:
·       Free Credit Monitoring and Credit Reports -- Requires the VA to provide free credit monitoring services upon request for a period of one year, as well as a free credit report annually for two years in addition to any free reports currently required.
·       Free Credit Fraud Alerts for Veterans - Requires the VA to arrange a free fraud alert for any veterans affected for one year.  The alert tells creditors to follow certain procedures before they open new accounts in your name or make changes to your existing accounts.
·       Free Credit Freeze for Veterans -- Requires the VA to arrange a free security freeze for any veterans affected for one year, upon the request of the veteran.  A security freeze can help prevent identity theft by limiting the ability of creditors to access credit reports. Most businesses will not open credit accounts without first checking a consumer's credit history.
·       Requires the Department of Veterans Affairs to protect the sensitive information of veterans - Requires the VA to protect sensitive personal data from any data breach and requires the VA to prescribe policies and procedures to regulate its use of sensitive personal information within 90 days of enactment.
·       Prompt Notification for Veterans -- Requires the VA to promptly notify select government agencies as well as veterans whose sensitive personal information was compromised by a data breach.  The notice to veterans must include a description of the compromised data, a toll free number to contact the VA Ombudsman for Data Security (created by the Act); toll free numbers of the major credit reporting agencies; toll free number of the FTC; and information regarding the right to obtain, at no cost, a fraud alert, security freeze, and credit monitoring.
·       Ombudsman - Creates an Ombudsman for Data Security at the VA charged with assisting veterans who are the victims of a data breach and/or identity theft.
DEMOCRATS FIGHT TO SAFEGUARD
VETERANS' SENSITIVE PERSONAL INFORMATION
26 million veterans, their families, and nearly all of the active duty personnel are at risk of identity theft due to Bush Administration incompetence. 
·       On May 22, VA Secretary James Nicholson announced that sensitive personal information collected by the government for approximately 26.5 million veterans -- names, Social Security numbers and dates of birth as well as some disability ratings -- was stolen from the home of a VA official who had removed this data from the VA and taken it home.
·       Since then, the Bush Administration has also acknowledged that phone numbers and addresses of many veterans also may have been included, along with information on some family members.
·       On June 3, VA officials said the files might also include personal data on up to 50,000 Navy and National Guard personnel.  Then, several days later, Secretary Nicholson revealed that the stolen data also may have included the Social Security numbers and other personal information of nearly 2.2 million military personnel - 1.1 million active-duty service members (nearly 80 percent of the active duty force), 430,000 National Guard and 645,000 reservists.
Bush Administration has covered up its negligence.
·       Officials have said Nicholson first heard of the May 3 crime on May 16 and only informed the public on May 22, almost three weeks after the theft occurred.  It was two weeks before the Administration informed the FBI and 19 days before the Administration informed the veterans whose personal information was stolen.  Much damage to veterans may have been wreaked in that period of time.
·       During the hearings on Capitol Hill, the VA's inspector general, George Opfer, said the agency had been unable to formally notify the affected veterans because "we don't have 26 million envelopes."  [Los Angeles Times, 5/26/06]
·       Last week, it was revealed that a computer hacker stole sensitive information on 1,500 people working for the nuclear-weapons unit of the Energy Department, but neither the theft victims nor high officials were notified for nine months.  The theft, at a National Nuclear Security Administration center in Albuquerque, involved names, Social Security numbers, birth dates and information on where the people worked and their security clearances.  [New York Times, 6/9/06]

The Bush Veterans Affairs Department has a history of failure and is run by a Bush crony - Secretary Jim Nicholson, former chairman of the Republican National Committee
·       In every year since 2001, the Inspector General had pointed to the VA's information security as a "material weakness" that created a substantial risk, with little result from VA officials already grappling with budget shortfall and other accounting woes. [AP, 5/26/06]
·       In the summer of 2005, the Bush Administration acknowledged a $2.7 billion shortfall in veterans health care funding.  The VA failed to budget for 77,000 new veterans entering the VA medical system, even after they has sent hundreds of thousands of Americans to war.  [Testimony of Secretary of Veterans Affairs before Senate Veterans Affairs Committee, 6/28/05]
Democrats have been fighting to protect the privacy of veterans, who protected our freedom.
·       On May 23, Democrats introduced a bill (H.R. 5455) to provide one year of free credit monitoring to affected individuals, and provide one free credit report each year for two years after the end of credit monitoring, in addition to the free credit report available annually under current law. 
·       On May 23, Rep. Lane Evans (D-IL), Ranking Democratic Member of the House Veterans' Affairs Committee, requested that the Inspector General (IG) of the Department of Veterans Affairs (VA) conduct an expedited investigation into the recent theft.
·       On June 6, Rep. Evans called on the Government Accountability Office (GAO) to launch an investigation into the Department of Veterans Affairs' (VA) efforts, or lack thereof, to protect veterans' sensitive information and strengthen its information security practices.
·       On June 7, nearly 150 House Democratic Members sent a letter calling on the President to provide emergency funding to aid the service members impacted by data theft.
Democrats, led by Reps. Salazar and Evans, are introducing the Comprehensive Veterans' Data Protection and Identity Theft Prevention Act of 2006 (H.R. 5588).  This comprehensive measure does the following:
·       Free Credit Monitoring and Credit Reports -- Requires the VA to provide free credit monitoring services upon request for a period of one year, as well as a free credit report annually for two years in addition to any free reports currently required.
·       Free Credit Fraud Alerts for Veterans - Requires the VA to arrange a free fraud alert for any veterans affected for one year.  The alert tells creditors to follow certain procedures before they open new accounts in your name or make changes to your existing accounts.
·       Free Credit Freeze for Veterans -- Requires the VA to arrange a free security freeze for any veterans affected for one year, upon the request of the veteran.  A security freeze can help prevent identity theft by limiting the ability of creditors to access credit reports. Most businesses will not open credit accounts without first checking a consumer's credit history.
·       Requires the Department of Veterans Affairs to protect the sensitive information of veterans - Requires the VA to protect sensitive personal data from any data breach and requires the VA to prescribe policies and procedures to regulate its use of sensitive personal information within 90 days of enactment.
·       Prompt Notification for Veterans -- Requires the VA to promptly notify select government agencies as well as veterans whose sensitive personal information was compromised by a data breach.  The notice to veterans must include a description of the compromised data, a toll free number to contact the VA Ombudsman for Data Security (created by the Act); toll free numbers of the major credit reporting agencies; toll free number of the FTC; and information regarding the right to obtain, at no cost, a fraud alert, security freeze, and credit monitoring.
·       Ombudsman - Creates an Ombudsman for Data Security at the VA charged with assisting veterans who are the victims of a data breach and/or identity theft.
 Office of the House Democratic Leader Nancy Pelosi, June 13, 2006
www.HouseDemocrats.gov / www.DemocraticLeader.house.gov

Tom Manatos
Advisor to the Leader
House Democratic Leader Nancy Pelosi
(202) 225-0100
tom.manatos@mail.house.gov