Sponsors (2)
The bill strengthens veterans' privacy by banning commercial monetization of VA-held sensitive data and improving oversight, but it may raise contractor compliance costs and procurement prices, create legal ambiguities that delay services, and could fall short without adequate VA enforcement resources.
Veterans and VA patients: prohibits contractors from selling or commercially monetizing veterans' sensitive personal and health data, reducing risk of identity theft, privacy harms, and unauthorized disclosures.
Veterans and all Americans using VA services: strengthens oversight and accountability by requiring contractor guidance to detect/prevent misuse and by reporting compliance to Congress, which should lower the likelihood of unauthorized data sharing and increase trust in VA data handling.
Veterans: limits pathways for sensitive VA data to be transferred to third parties for payment, which can reduce potential downstream costs and harms from data breaches.
Government contractors, taxpayers, and veterans: banning data monetization and adding compliance obligations may reduce contractors' revenue opportunities and raise their costs, which could increase VA contracting prices, reduce competition, and shift costs to taxpayers or limit providers.
Veterans, contractors, and health providers: ambiguities or narrow/unclear terms (e.g., 'monetization', treatment of anonymized data) could create legal uncertainty that leads to disputes, contract renegotiations, or delays that temporarily disrupt VA services.
Veterans: if the VA lacks sufficient enforcement resources, the contractual prohibitions may be ineffective in practice, leaving veterans' data at risk despite the new rules on paper.
Based on analysis of 3 sections of legislative text.
Bars VA contracts from allowing contractors to sell or monetize veterans' PHI or PII, requires a no‑monetization clause, guidance, and a report within one year.
Introduced January 30, 2026 by Nikki Budzinski · Last progress January 30, 2026
Prohibits the Department of Veterans Affairs from entering contracts that allow contractors to sell or otherwise disclose for payment veterans' sensitive personal information. It creates an absolute contractual ban on monetizing VA-held protected health information (PHI) and personally identifiable information (PII), including certain anonymized data. Requires the VA to add a specific no‑monetization clause to covered contracts, issue policy guidance for employees and contractors to identify misuse, and deliver a report to the House and Senate Veterans’ Affairs Committees containing the contract clause, guidance, and compliance summary — all within one year of enactment.