Sponsors (2)
The bill strengthens protections and oversight to keep veterans' sensitive VA data out of commercial markets, but it raises compliance costs, may limit vendor options, and creates some legal ambiguity that could slow contracting and partnerships.
Veterans' sensitive personal and health data (e.g., health and benefits information) will be barred from being sold or commercially exploited by VA contractors.
Reduces risk of data breaches and unwanted commercial targeting by restricting contractor transfers of VA-held sensitive data and requiring measures to detect misuse.
Improves VA oversight and transparency by requiring guidance, monitoring procedures, and a congressional report on the contract clause to help enforce data protections.
May narrow the pool of eligible vendors and exclude business models that rely on data-sharing, reducing competition and potentially slowing or limiting services available to veterans.
Imposes compliance and administrative costs on the VA and its contractors to update contracts, implement monitoring, and produce required reports, which could raise short-term taxpayer spending.
Broad or unclear definitions (including coverage of 'anonymized' data and delegation to the Secretary to identify laws) create legal uncertainty that could discourage partnerships, research, or data-sharing projects.
Based on analysis of 3 sections of legislative text.
Introduced January 30, 2026 by Nikki Budzinski · Last progress January 30, 2026
Prohibits the Department of Veterans Affairs from entering into contracts that allow contractors to sell or otherwise transfer veterans' sensitive personal information for money. Requires the VA to add a standard anti‑monetization clause to contracts that handle protected health information or personally identifiable information, issue guidance to identify and stop misuse, and report the clause, guidance, and compliance actions to congressional veterans committees within one year of enactment. Applies to VA contractors, subcontractors, affiliates, and other non‑VA entities that receive covered information; it creates a statutory ban on monetizing VA‑held sensitive data and a one‑year deadline for VA to implement contract language and internal policy to enforce that ban.