Title 38 — Veterans' BenefitsRelease 119-73not60

§5726 Reports and Notice to Congress on Data Breaches

Title 38 › Part IV— GENERAL ADMINISTRATIVE PROVISIONS › Chapter 57— RECORDS AND INVESTIGATIONS › Subchapter III— INFORMATION SECURITY › § 5726

Last updated Apr 5, 2026|Official source

Summary

Within 30 days after a fiscal quarter ends, the Secretary must send the Senate and House Veterans’ Affairs Committees a report about any data breach of sensitive personal information that happened that quarter. Each report must say which VA administration and facility handled the data and describe the status of any fixes or corrective actions. If the Secretary decides a breach is significant, they must promptly notify those Veterans’ Affairs committees. If the breach involves a member of the Army, Navy, Air Force, or Marine Corps, or a Department of Defense civilian, the Secretary must also notify the Senate and House Armed Services Committees. Notices must be sent promptly after discovery and after taking steps to determine the breach’s scope, stop further disclosures, and reasonably restore the data system.

Full Legal Text

Title 38, §5726

Veterans' Benefits — Source: USLM XML via OLRC

(a)(1)Not later than 30 days after the last day of a fiscal quarter, the Secretary shall submit to the Committees on Veterans’ Affairs of the Senate and House of Representatives a report on any data breach with respect to sensitive personal information processed or maintained by the Department that occurred during that quarter.

(2)Each report submitted under paragraph (1) shall identify, for each data breach covered by the report—

(A)the Administration and facility of the Department responsible for processing or maintaining the sensitive personal information involved in the data breach; and

(B)the status of any remedial or corrective action with respect to the data breach.

(b)(1)In the event of a data breach with respect to sensitive personal information processed or maintained by the Secretary that the Secretary determines is significant, the Secretary shall provide notice of such breach to the Committees on Veterans’ Affairs of the Senate and House of Representatives.

(2)In the event of a data breach with respect to sensitive personal information processed or maintained by the Secretary that is the sensitive personal information of a member of the Army, Navy, Air Force, or Marine Corps or a civilian officer or employee of the Department of Defense that the Secretary determines is significant under paragraph (1), the Secretary shall provide the notice required under paragraph (1) to the Committee on Armed Services of the Senate and the Committee on Armed Services of the House of Representatives in addition to the Committees on Veterans’ Affairs of the Senate and House of Representatives.

(3)Notice under paragraphs (1) and (2) shall be provided promptly following the discovery of such a data breach and the implementation of any measures necessary to determine the scope of the breach, prevent any further breach or unauthorized disclosures, and reasonably restore the integrity of the data system.

Reference

Citations & Metadata

Citation

38 U.S.C. § 5726

Title 38 — Veterans' Benefits

Last Updated

Apr 5, 2026

Release point: 119-73not60