Yesterday I received a letter from the the Secretary of Veterans Affairs, R. James Nicholson. It seems that my personal data (name, date of birth, and SSN) were on that employee's laptop. Of course, I'm just one of "up to 26.5 million" who had their data stolen. I've been watching the data theft story, however, it never crossed my mind that my personal information would've been on that laptop. And it raises the question: Why so many? Why so much data on a single stand alone laptop?
As an individual who has gone through the Department of Defense security clearance procedure, who works with personal data of thousands of our longest-serving veterans, and someone who is keenly interested and studied on Privacy Act and HIPPA laws, I cannot, for the life of me, figure out why so much personal data would be on a single piece of equipment, and not stored on a secured network which can only be accessed by means of VPN when someone is away from the office. Defense Department security guidelines, which have been adopted by many companies and especially government agencies are extraordinarily strict, well thought out (for the most part), and extremely secure.
I sincerely hope that the Department of Veterans Affairs undergoes a comprehensive security review, fully adopts ALL Department of Defense electronic security guidelines, and continues to have a policy of full and immediate disclosure to individuals affected by this massive breach of security. Having the data available for millions of veterans and active duty service members is an incredible hole in "homeland security" that must be immediately plugged. It is bad enough that the Republican led House, Senate, and Executive sho little respect for those that have served this nation, including in it's current conflicts, but then to barely react to this security breach is further evidence of their utter disregard for this nation's most important and dedicated individuals...those of us who have served and protected the Constitution and the people.
The one "positive" thing that has come about because of this is that I have personally evaluated my own practices in my current position, ensuring that I am strictly adhering (much to the dismay of some of the people contacting me for assistance) to the Privacy Act of 1974, HIPPA laws, and Department of Defense Information Security guidelines. It has also caused me to consider a more proactive role in ensuring privacy across the board where I am currently employed, and hopefully the company will be open to having individuals solely focused on privacy and reviewing all employee's actions.
Note: I do not work for the Department of Veterans Affairs or the Department of Defense. I am with a company that has a contract with the TRICARE Management Activity, and have undergone and received a favorable review by the investigative branch of the Department of Defense (DITSCO/DITSCAP).
Support our troops. Bush is on his own.