VA Updates Privacy Rules for Veteran Surveys
Published Date: 1/15/2026
Notice
Summary
The VA is updating how it collects and stores survey info about Veterans, their families, and beneficiaries to keep data safer and more organized. These changes affect anyone involved in VA surveys and include new cloud storage details and updated privacy rules. You’ve got 30 days from January 15, 2026, to share your thoughts before the updates go live—no cost changes announced.
Analyzed Economic Effects
4 provisions identified: 2 benefits, 2 costs, 0 mixed.
VA stores survey data in AWS GovCloud
VA will store electronic records for the "Veterans Signals" survey on Medallia FedRAMP High hosted in Amazon Web Services (AWS) GovCloud. The cloud hosting sits primarily in US-Gov-West-1 with duplication in US-Gov-West-2 and electronic records are also stored on VA servers at the Austin Information Technology Center.
Surveys include sensitive health and ID data
The system will include names, addresses, Social Security numbers, dates of birth, military service numbers, health status information, VA benefits data, and may include DoD and Medicare records and data purchased from data brokers. Records are retrievable by personal identifiers such as name, Social Security number, date of birth, and DoD identification numbers.
Records may be shared under routine uses
VA's routine uses permit disclosures of records to contractors, Federal agencies for research and computer matches, law enforcement, NARA, DOJ in legal proceedings, and other entities for breach response. The notice also states that certain individually identifiable health information governed by 45 CFR parts 160 and 164 and 38 U.S.C. 7332 cannot be disclosed under a routine use unless statutory and regulatory authority permit disclosure.
Encryption and access controls required
VA requires encryption to NIST-verified FIPS 140-2 standard or higher for storage and transmission, restricted access via VA Single Sign On, and limited authorized VA employee access to the VSignals application. Contractors and subcontractors must maintain the same security protections and use Data Use Agreements, BAAs, and non-disclosure instruments when given data.
Your PRIA Score
Personalized for You
How does this regulation affect your finances?
Sign up for a PRIA Policy Scan to see your personalized alignment score for this federal register document and every other regulation we track. We analyze your financial profile against policy provisions to show you exactly what matters to your wallet.
Key Dates
Department and Agencies
Take It Personal
Get Your Personalized Policy View
Start a Free Government Policy Watch to see how policy affects your household, then upgrade to PRIA Full Coverage for year-round monitoring.
Already have an account? Sign in