Editor’s note: This story was updated at 1:00PM on Thursday, July 23, 2015 to reflect that the Senate Appropriations Committee approved greater protections for victims of the Office of Personnel Management data breaches.
The Senate Appropriations Committee approved an amendment today to give victims of the Office of Personnel Management data breaches no less than 10 years of identity and credit-monitoring services and $5 million in liability protection for related damages.
But committee members rejected OPM’s request for an additional $37 million for technology upgrades in fiscal 2016.
Sen. Barbara Mikulski (D-Md.), vice chairwoman of the Appropriations Committee, offered both amendments.
The liability protection amendment received limited debate, but ended up passing unanimously.
“What we want are the workers protected, the federal workers that have had their data breached and, then, also future federal workers who had their data breached,” said Sen. John Boozman (R-Ark.). “If you will work with us, I don’t know if one year is adequate, 10 years is adequate or 20 years is adequate. If you can give me good data that somebody or some expert says 10 years is the magic number versus nine or 11, that would be fine.”
“The more we learn about what happens at OPM, the more we learn that it’s not just the old systems that were breached, but the new systems also. More money will not solve the management problem either and, let’s be honest, this appears primarily to be a management problem,” he said. “I can’t support the amendment at the present time.”
Boozman said he wanted to hold another hearing to better understand what OPM is doing to shore its networks.
“The inspector general has real concerns about what their approach has been. I don’t know what they are doing in the future and I don’t know what they want to spend this money for. I do know there is a lot of controversy on the plan they have proposed,” he said.
He said President Barack Obama’s 2016 budget request included an additional $21 million for OPM to improve IT security. The subcommittee’s bill meets that request.
Mikulski said, while she did not disagree with Boozman, she believed that the IT infrastructure needed fixing immediately. She did not want to punish federal employees, she said.
The subcommittee voted the amendment down by a voice vote.