Lawmakers aim to prevent sale of veterans’ data for AI, scams

As technology evolves, there is broad concern that vendors could use veterans’ personal information to power AI models and monetize the resulting product.

By Billy Mitchell

March 26, 2026

Listen to this article

0:00

This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.

A view of the Veterans Affairs building in Washington, D.C., on May 19, 2014. (Photo by KAREN BLEIER/AFP via Getty Images)

House lawmakers want to shut the door on the possibility of contractors using veterans’ data from the Department of Veterans Affairs for illicit uses, such as generating scams or training AI models beyond the agency’s purview.

The Veteran Data Accountability for Third-party Actors Act (H.R. 7280), introduced in the House in January, would stop the VA from entering into contracts that allow for the sale of veterans’ sensitive data and compel the department’s secretary to institute a new clause in all contracts that explicitly prohibits that information “from being monetized, sold, or otherwise misused” by vendors and other third parties.

While the bill’s authors are particularly worried about how unscrupulous organizations might look to use personally identifiable information and personal health information to prey upon vulnerable veterans with targeted scams or steal their identities, they also want to limit how organizations building emerging AI models might use that data to build products, ultimately violating veterans’ privacy.

Speaking during a Wednesday legislative hearing held by the House Veterans’ Affairs Subcommittee on Oversight and Investigations, the bill’s top sponsor, Rep. Nikki Budzinski, said the widespread pervasiveness of AI has introduced “a whole other set of concerns as vendors are given access to VA’s data.”

“What safeguards are in place? We know that even de-identified data is not safe,” said Budzinski, a Democrat from Illinois and ranking member of the House Veterans’ Affairs Subcommittee on Tech Modernization. “AI has proven that, given enough information, the technology is more than capable of re-identifying individuals.”

From there, unchecked contractors could go on to use that data to sell it “or the product of their work” outside the VA, she explained. Or they could use it to build and sell products “created using veterans’ data back to VA at a premium.”

Cole Lyle, director of the Veterans Affairs and Rehabilitation Division for the American Legion, testified in support of the bill at Wednesday’s hearing.

“Veterans across the country are rightfully concerned about how their data is used. … There have been instances of identity theft fraud in the veteran community as a result of data leaks in the public sector and the private sector when it relates to veteran healthcare data,” Lyle said. “And I think one of the main concerns as technology so rapidly advances is that government protections are not keeping pace with that technological advancement.”

Jeff Neil, associate executive director of the VA’s Technology Acquisition Center and another panelist to testify in the hearing, was also in support of the bill, but pointed to existing statutes in the Federal Acquisition Regulation that limit contractors from such use of federal data. “The concerns with the use of data, and the inappropriate use of data, is pretty comprehensively addressed in existing law and regulation,” Neil said.

But from the point of view of Lyle and lawmakers driving the adoption of the legislation, they’ve heard that before and don’t believe it’s enough.

“So you know, the VA has said that a lot of these protections are currently in place in contracts,” Lyle said. “I have not seen the specifics of those contracts, so I think this is an important step to ensure that those protections, in fact, exist.”

In addition to instituting the new clause in all VA contracts that contain sensitive personal information within a year, the bill would call on the secretary to develop policies and train VA employees on how to spot when vendors are monetizing that data and to provide a report to Congress detailing progress on the legislation’s requirements.

“We owe it to our veterans to do everything in our power to ensure that their data is locked down and that when it is used, that it is in service to veterans,” Budzinski said.

Rep. Tom Barrett, R-Mich., the chair of the Subcommittee on Tech Modernization, signed on as a co-sponsor of the VA DATA Act.

The VA DATA Act still faces a long road through the House and then the Senate before it could be signed into law. It comes as Budzinski is also pursuing other legislation to get the VA’s electronic health record modernization program back on track.