This subpart implements provisions of 38 U.S.C. 5724 and 5727, which are set forth in Title IX of the Veterans Benefits, Health Care, and Information Technology Act of 2006. It only concerns actions to address a data breach regarding sensitive personal information that is processed or maintained by VA. This subpart does not supersede the requirements imposed by other laws, such as the Privacy Act of 1974, the Administrative Simplification provisions of the Health Insurance Portability and Accountability Act of 1996, the Fair Credit Reporting Act, and implementing regulations of such Acts.

(Authority: 38 U.S.C. 501, 5724, 5727)