Sunday, June 11, 2006

Another update on stolen VA information

As reported here, "Personal data on about 2.2 million active-duty military, Guard and Reserve personnel -- not just 50,000 as initially believed -- were among those stolen from a Veterans Affairs employee last month, the government said Tuesday.", which brings the total number of people affected - military veterans, active duty personnel, Guard and Reserve personnel - to close to 40 million. This is totally inexcusable, to say the least.

And what is the government doing about this? "... Rep. Lane Evans, D-Ill., the top Democrat on the House Veterans' Affairs Committee ... called on the Government Accountability Office, Congress' investigative arm, to launch an investigation and get a full accounting." of the information about the loss of data coming out in dribs and drabs. Yes, let's launch an investigation into why the VA didn't immediately come clean about this data theft! By all means, lets! (end sarcasm)

But at the same time, are we going to address the central issue here - the loss of data - or are we going to hide that loss behind a bunch of fluff and bluster over why the VA didn't immediately come clean about the theft?

Two lawsuits have been filed against the VA over this, with the latest lawsuit, filed Tuesday demanding "that the VA fully disclose which military personnel are affected by the data theft and seeks $1,000 in damages for each person -- up to $26.5 billion total. The veterans are also seeking a court order barring VA employees from using sensitive data until independent experts determine proper safeguards." (Hey, I could use $1,000.00 right about now, but I would forego that if I knew that I wasn't personally affected by the VA's apparent disdain for data security.) The complaint further states that the "VA arrogantly compounded its disregard for veterans' privacy rights by recklessly failing to make even the most rudimentary effort to safeguard this trove of the personally identifiable information from unauthorized disclosure[.]""

Businesses routinely initiate safeguard protocols for their data, whether it's customer information, employee information, what have you. Is it too much to ask government agencies to do the same?


I think not.

No comments: