PRIA Logo
Take the PRIA Score
Title 38Veterans' BenefitsRelease 119-73

§5726 Reports and notice to Congress on data breaches

Title 38 › Part PART IV— - GENERAL ADMINISTRATIVE PROVISIONS › Chapter CHAPTER 57— - RECORDS AND INVESTIGATIONS › Subchapter SUBCHAPTER III— - INFORMATION SECURITY › § 5726

Last updated Apr 6, 2026|Official source

Summary

The Secretary must send a report to the Senate and House Veterans’ Affairs Committees within 30 days after each fiscal quarter about any data breach of sensitive personal information that happened in that quarter. Each report must say which VA administration and facility handled the data and what fixes or corrective steps are underway. If the Secretary finds a breach is significant, the Secretary must notify those Veterans’ Affairs Committees right away. If the breach involves the sensitive personal information of a member of the Army, Navy, Air Force, or Marine Corps, or a civilian officer or employee of the Department of Defense, the Secretary must also notify the Senate and House Armed Services Committees. Notice must come promptly after discovery and after taking steps to find the breach’s scope, stop further loss or unauthorized disclosure, and reasonably restore the data system.

Full Legal Text

Title 38, §5726

Veterans' Benefits — Source: USLM XML via OLRC

(a)(1)Not later than 30 days after the last day of a fiscal quarter, the Secretary shall submit to the Committees on Veterans’ Affairs of the Senate and House of Representatives a report on any data breach with respect to sensitive personal information processed or maintained by the Department that occurred during that quarter.
(2)Each report submitted under paragraph (1) shall identify, for each data breach covered by the report—
(A)the Administration and facility of the Department responsible for processing or maintaining the sensitive personal information involved in the data breach; and
(B)the status of any remedial or corrective action with respect to the data breach.
(b)(1)In the event of a data breach with respect to sensitive personal information processed or maintained by the Secretary that the Secretary determines is significant, the Secretary shall provide notice of such breach to the Committees on Veterans’ Affairs of the Senate and House of Representatives.
(2)In the event of a data breach with respect to sensitive personal information processed or maintained by the Secretary that is the sensitive personal information of a member of the Army, Navy, Air Force, or Marine Corps or a civilian officer or employee of the Department of Defense that the Secretary determines is significant under paragraph (1), the Secretary shall provide the notice required under paragraph (1) to the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives in addition to the Committees on Veterans’ Affairs of the Senate and House of Representatives.
(3)Notice under paragraphs (1) and (2) shall be provided promptly following the discovery of such a data breach and the implementation of any measures necessary to determine the scope of the breach, prevent any further breach or unauthorized disclosures, and reasonably restore the integrity of the data system.

Reference

Citations & Metadata

Citation

38 U.S.C. § 5726

Title 38Veterans' Benefits

Last Updated

Apr 6, 2026

Release point: 119-73