Comprehensive Veterans' Data Protection and Identity Theft Prevention Act of 2006

Comprehensive Veterans' Data Protection and Identity Theft Prevention Act of 2006 - Places upon the Secretary of Veterans Affairs an affirmative obligation to protect from any data breach the sensitive personal information of veterans and any other individuals that the Department of Veterans Affairs possesses, creates, or maintains, as well as information or tools (including passwords and encryption keys) used to protect the integrity of such data.

Requires the Secretary to: (1) implement and maintain reasonable security policies and procedures to protect such information; and (2) prescribe policies and procedures regarding employee and third party access to, and use of, such information which the Department receives, maintains, or transmits.

Directs the Secretary, upon discovery of a data breach, to: (1) notify the United States Secret Service, the Department's Inspector General, the congressional veterans' committees, and the Federal Trade Commission (FTC); (2) notify each individual whose information was acquired or accessed by an unauthorized person; and (3) place a conspicuous notice on the Department's Internet website.

Requires the Secretary, upon request of an affected individual, to: (1) include a fraud alert in the file of the individual with each nationwide consumer reporting agency; (2) apply a security freeze to the file of such individual; and (3) provide free damage mitigation services, including credit monitoring and annual copies of consumer credit reports.

Establishes within the Department an Ombudsman for Data Security.