WASHINGTON, D.C. – U.S. Senator Tammy Baldwin, a member of the Senate Homeland Security and Governmental Affairs Committee (HSGAC) and the Military Construction and Veterans Affairs Appropriations Subcommittee, and Senator Richard Blumenthal of Connecticut, Ranking Member of the Senate Committee on Veterans’ Affairs, have called for a formal investigation by the Department of Veterans Affairs (VA) Office of Inspector General (OIG) into whether adequate safeguards are in place within the VA to protect veterans’ personal information.
This request was prompted by an April 2015 incident in which a State employee at the Wisconsin Department of Veterans Affairs (WDVA) sent veterans’ personally identifiable information (PII) to an unintended and unauthorized recipient over the Department of Veterans Affairs’ email system. Shortly thereafter, Senator Baldwin’s office reached out to the VA OIG to explore whether there was cause for them to review the incident in Wisconsin. At that time, the VA OIG stated there was no nexus for them to review an incident that appeared to wholly involve a state entity.
However, in their letter, Senators Baldwin and Blumenthal argue there is indeed a federal nexus given that the WDVA—when transmitting veterans’ information—utilizes VA systems, including software and email servers, which include tools to protect veterans’ PII from unintended disclosure. Despite these safeguards the accidental disclosure in Wisconsin still occurred.
“While this particular incident occurred in Wisconsin, we believe the issue is one of national importance and request that you conduct a system-wide review of the Department’s practice,” the Senators wrote.
Senators Baldwin and Blumenthal also sent a letter to VA Secretary Robert McDonald requesting information from the Secretary on the process by which VA shares information with non-Agency personnel for purposes of assisting veterans with their claims for service-connection of disabilities. In that letter the Senators request information on how PII is safeguarded on the VA’s e-mail system from inappropriate or accidental disclosure from the VA to a third-party, such as a state department of veterans affairs, or from the third-party to another individual.