48 CFR § 811.501-70 - 811.501-70 Policy—statutory requirement.

---
identifier: "/us/cfr/t48/s811.501-70"
source: "ecfr"
legal_status: "authoritative_unofficial"
title: "48 CFR § 811.501-70 - 811.501-70   Policy—statutory requirement."
title_number: 48
title_name: "Federal Acquisition Regulations System"
section_number: "811.501-70"
section_name: "811.501-70   Policy—statutory requirement."
chapter_number: 8
chapter_name: "DEPARTMENT OF VETERANS AFFAIRS"
subchapter_number: "B"
subchapter_name: "ACQUISITION PLANNING"
part_number: "811"
part_name: "DESCRIBING AGENCY NEEDS"
positive_law: false
currency: "2026-03-24"
last_updated: "2026-03-24"
format_version: "1.1.0"
generator: "[email protected]"
authority: "38 U.S.C. 5723-5724, 5725(a)-(c); 40 U.S.C. 121(c); 41 U.S.C. 1303, 1702; and 48 CFR 1.301 through 1.304."
regulatory_source: "73 FR 2717, Jan. 15, 2008, unless otherwise noted."
cfr_part: "811"
---


# 811.501-70 811.501-70   Policy—statutory requirement.

(a) Contracting officers are required to include a liquidated damages clause in contracts for the performance of any Department function which requires access to VA sensitive personal information (*see* the definition in 802.101), in accordance with 38 U.S.C. 5725(b). The liquidated damages are to be paid by the contractor to the Department of Veterans Affairs in the event of a data breach involving sensitive personal information maintained, processed, or utilized by contractors or any subcontractors.

(b) The purpose of the liquidated damages to be paid for by the contractor in the event of a data breach of personal sensitive information is for VA to provide credit protection services to affected individuals pursuant to 38 U.S.C. 5724(a)-(b).