By Lauren Larson – July 22, 2015 (Updated July 23, 2015)
The Senate Appropriations Committee approved an amendment today to give victims of the Office of Personnel Management data breaches no less than 10 years of identity and credit-monitoring services and $5 million in liability protection for related damages.
The Senate Appropriations Committee approved an amendment today to give victims of the Office of Personnel Management data breaches no less than 10 years of identity and credit-monitoring services and $5 million in liability protection for related damages. But committee members rejected OPM’s request for an additional $37 million for technology upgrades in fiscal 2016.
Sen. Barbara Mikulski (D-Md.), vice chairwoman of the Appropriations Committee, offered both amendments. The liability protection amendment received limited debate, but ended up passing unanimously.
“What we want are the workers protected, the federal workers that have had their data breached and, then, also future federal workers who had their data breached,” said Sen. John Boozman (R-Ark.). “If you will work with us, I don’t know if one year is adequate, 10 years is adequate or 20 years is adequate. If you can give me good data that somebody or some expert says 10 years is the magic number versus nine or 11, that would be fine.”
Boozman said he’d like to have additional hearings on the cyber problems at OPM.
Sen. Patrick Leahy (D-Vt.) supported the amendment. He said OPM “screwed up,” but the workers should be protected.
Mikulski based the amendment on the RECOVER Act (Reducing the Effects of the Cyberattack on OPM Victims Emergency Response Act of 2015), which she introduced with Sens. Ben Cardin (D-Md.), Mark Warner (D-Va.) and Tim Kaine (D-Va.) on July 9.
Mikulski’s second amendment, to allocate the funding for IT and cybersecurity to OPM, failed to win enough support.
She said the $37 million would be designated as an emergency under the budget caps because of the extreme need to fix the problems.
Boozman said he was concerned about giving OPM more money. It had been warned about the cyber threats, but failed to act in a timely manner, he said.
“The more we learn about what happens at OPM, the more we learn that it’s not just the old systems that were breached, but the new systems also. More money will not solve the management problem either and, let’s be honest, this appears primarily to be a management problem,” he said. “I can’t support the amendment at the present time.”
“The inspector general has real concerns about what their approach has been. I don’t know what they are doing in the future and I don’t know what they want to spend this money for. I do know there is a lot of controversy on the plan they have proposed,” he said.
He said 2016 budget request included an additional $21 million for OPM to improve IT security. The subcommittee’s bill meets that request.
Mikulski said, while she did not disagree with Boozman, she believed that the IT infrastructure needed fixing immediately. She did not want to punish federal employees, she said.
The subcommittee voted the amendment down by a voice vote.