Under the legislation, VA would have phase out the use of Social Security numbers in its IT systems within five years.
The Veterans Affairs Department has come under fire repeatedly for failing to properly secure agency laptops crammed with veteran data, including Social Security numbers, mistakenly mailing forms to the wrong people and other mishandling of veterans’ personal information.
A new bipartisan solution? Stop using Social Security numbers at VA.
The Veterans' Identity Theft Protection Act, introduced last week by Sens. Tammy Baldwin, D-Wis., and Jerry Moran, R-Kan., would require VA to discontinue the use of Social Security numbers to identify veterans in all VA IT systems.
The bill calls for VA to phase out the use of Social Security numbers within two years for veterans submitting new claims and five years for veterans currently in VA’s systems.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
VA may continue to use Social Security numbers to identify a veteran only if the department needs it to transfer information to another agency’s system -- the Defense Department, for example -- that still uses Social Security numbers.
VA officials have long maintained that one of the agency’s biggest challenge when it comes to information security doesn’t have anything to do with software patches or tech tools but simply reducing human error that results in lost devices or mismailed forms.
The legislation was spurred by a local Wisconsin news report in March 2015 that revealed a list containing Social Security numbers of hundreds of veterans was mistakenly emailed to a “random citizen.”
“Our veterans should never be put at risk of identity theft with information that they have entrusted to the VA,” Baldwin said in a statement. “That is why I am bringing this bipartisan solution forward to make certain that the VA stops using Social Security numbers to identify our veterans.”
The legislation has been referred to the Senate Veterans Affairs Committee.