Veteran DATA Act
- Bill Number
- H.R. 7280
- Origin Chamber
- House
- Congress
- 119th Congress, Session 2
- Policy Area
- Armed Forces and National Security
- Status
- Introduced
- Latest Action
- 2026-04-15: Forwarded by Subcommittee to Full Committee by Voice Vote.
- Last Updated
- 2026-06-24T08:10:25Z
AI-Generated Summary
Summary of H.R. 7280: Veteran Data Accountability for Third-party Actors Act (Veteran DATA Act)
Purpose
This bill aims to protect the privacy of veterans' personal information by prohibiting the Department of Veterans Affairs (VA) from entering contracts that allow contractors to sell or profit from sensitive data. It seeks to prevent the misuse of veterans' health and personal details handled by third parties, ensuring such information remains confidential and is not commercialized.
Key Provisions
- Prohibition on Selling Sensitive Information: Amends Section 5725 of Title 38, United States Code (which deals with the confidentiality of certain VA medical records), by adding a new subsection (d). This bans the VA Secretary from signing any contract that allows a contractor to sell or disclose for payment any sensitive personal information maintained by the VA.
- Contract Protections and Guidance: Within one year of enactment, the VA Secretary must:
- Update or add clauses to all "covered contracts" (those involving the handling of protected information, whether new or existing and unexpired) to prohibit contractors, subcontractors, affiliates, or other non-VA entities from monetizing (profiting from), selling, or misusing "covered information."
- Issue a directive or policy to guide VA employees and contractors on spotting and preventing the monetization, sale, or misuse of this information to ensure contract compliance.
- Reporting Requirement: Within one year of enactment, the VA must submit a report to the House and Senate Committees on Veterans' Affairs, including:
- The exact contract clause added.
- The guidance document.
- A summary of other steps taken to meet these requirements.
- Definitions:
- Covered information: Includes protected health information (details about medical conditions and treatments) and personally identifiable information (details that can identify an individual, even if anonymized or de-identified). This covers data protected under laws like the Privacy Act (5 U.S.C. § 552a), VA confidentiality rules (38 U.S.C. §§ 5701, 7332), HIPAA regulations (45 C.F.R. Parts 160, 161, 164), and other relevant laws as determined by the VA Secretary.
Significant Changes to Existing Law
- Introduces a direct ban on contracts enabling the sale of sensitive VA data, expanding beyond current confidentiality rules in Section 5725, which previously focused on medical records but did not explicitly address third-party sales or broader personal data.
- Mandates proactive contract modifications and employee guidance, shifting from reactive enforcement to preventive measures across all relevant VA agreements.
- Broadens the scope of protected data to include anonymized information and ties it to multiple federal privacy frameworks, creating a more comprehensive shield than isolated VA-specific protections.
Potential Impacts
- On Government Agencies: The VA will face increased administrative burdens, such as reviewing and updating contracts, developing guidance, and reporting to Congress, potentially raising compliance costs but strengthening data security practices.
- On Citizens: Veterans and their families benefit from enhanced privacy safeguards, reducing risks of data breaches, identity theft, or unauthorized commercial use of their health and personal details.
- On International Relations: No direct impacts, as the bill focuses on domestic VA operations and U.S.-based contractors.
Main Stakeholders Affected
- Veterans and VA Beneficiaries: Primary beneficiaries, as their sensitive health and personal data is protected from sale or misuse.
- Department of Veterans Affairs: Must implement changes, including contract oversight and policy development, affecting its operations and procurement processes.
- Contractors and Third Parties: Companies handling VA data (e.g., IT firms, healthcare providers, or subcontractors) face restrictions on data use, potentially limiting business models that rely on data sales while requiring stricter compliance.
Notable Legal, Constitutional, or Political Implications
- Legal: Reinforces existing federal privacy laws (e.g., HIPAA and the Privacy Act) by integrating them into VA contracting, potentially setting a precedent for other agencies to curb data commercialization. It emphasizes enforcement through contract clauses rather than new penalties, though non-compliance could lead to breach-of-contract disputes.
- Constitutional: Aligns with privacy expectations under the Fourth Amendment (protection against unreasonable searches) and due process, without raising significant First Amendment concerns, as it targets commercial sales rather than speech.
- Political: Supports bipartisan priorities on veteran welfare and data privacy amid growing concerns over data breaches and corporate exploitation. It could influence broader debates on federal data protection, encouraging similar reforms in other sectors, but may face pushback from industries reliant on data monetization.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Rep. Budzinski, Nikki [D-IL-13]
Cosponsors (2)
Rep. Barrett, Tom [R-MI-7], Rep. Vindman, Eugene Simon [D-VA-7]
Recent Actions
- 2026-04-15: Forwarded by Subcommittee to Full Committee by Voice Vote.
- 2026-04-15: Subcommittee Consideration and Mark-up Session Held
- 2026-03-25: Subcommittee Hearings Held
- 2026-03-24: Referred to the Subcommittee on Oversight and Investigations.
- 2026-01-30: Referred to the House Committee on Veterans' Affairs.
- 2026-01-30: Introduced in House
- 2026-01-30: Introduced in House
Bill Versions
- Veteran Data Accountability for Third-party Actors Act — issued 2026-01-30 — PDF (4 pages)