This bill prohibits the sale of sensitive veteran data by the Department of Veterans Affairs and mandates new contract requirements to prevent third-party actors from monetizing or misusing veteran information.
Nicole (Nikki) Budzinski
Representative
IL-13
The Veteran Data Accountability for Third-party Actors (Veteran DATA) Act prohibits the Department of Veterans Affairs (VA) from contracting for the sale of sensitive veteran information. This legislation mandates that all VA contracts involving veteran data must include clauses preventing contractors from selling or misusing that information. Furthermore, the VA Secretary must issue guidance and report to Congress on the implementation of these new data protection requirements within one year.
Veteran DATA Act Bans Sale of Personal Info: VA Contractors Prohibited From Monetizing Veteran Data
The Veteran Data Accountability for Third-party Actors Act, or Veteran DATA Act, moves to slam the door on third-party companies profiting from the personal details of those who served. Under this bill, the Secretary of Veterans Affairs is strictly prohibited from signing any contract that allows a contractor to sell sensitive veteran information. It’s a direct response to the modern data economy, ensuring that when a veteran shares their history with the VA, that data doesn't end up on a digital auction block. The bill covers everything from health records to basic contact info, and it applies not just to new deals, but to existing contracts that haven't expired yet.
Locking the Digital Vault
To make this stick, the bill requires the VA to overhaul its paperwork within one year. Every single contract involving veteran data must now include a specific clause that legally bars contractors, subcontractors, and their affiliates from monetizing or misusing that information. Think of it as a mandatory 'no-resale' agreement for your most private details. Whether it’s a massive tech firm managing cloud storage or a local clinic providing specialized care, the rules are the same: the data belongs to the veteran and the VA, not the contractor’s bottom line. This covers 'Covered Information,' which the bill defines broadly to include HIPAA-protected health records and any personally identifiable information, even if it has been anonymized (Section 3).
Enforcing the Fine Print
Because a contract is only as good as its enforcement, the legislation mandates that the VA Secretary issue a formal directive to guide employees on how to actually spot data misuse. It’s one thing to have a rule; it’s another to train the staff overseeing these contracts to recognize when a company might be overstepping. Within 12 months, the VA has to hand over a full report to Congress, including a copy of the new contract clauses and a summary of how they are policing these third-party actors. For a veteran navigating the system, this means one less worry about their private medical history being packaged and sold to marketers or data brokers.