Veterans Administration Now Known As Ministry For Data Leaks
from the leak-rinse-repeat dept
In the middle of last year, a laptop and hard drive containing personal information on 26.5 million US veterans were stolen from an employee's home. While the equipment was recovered, and the government claimed the data had not been accessed, the theft highlighted the lax security procedures of the VA -- and another theft a few months later reinforced it. Now, try not to be surprised, but it's happened again, as portable hard drive containing personal information on 48,000 vets has gone missing from an Alabama facility. Despite the VA saying it was beefing up data security after the first theft by taking measures including putting encryption software on all its laptops and desktop PCs, apparently as many as 20,000 records on this latest hard drive weren't encrypted. While encryption is by no means a cure-all, it's pretty ridiculous that even after the previous high-profile events, the VA still can't be bothered to even take this first step with all its data. There's a total lack of accountability and responsibility here: while there's been talk of mandating stiffer penalties for individuals who are negligent with personal data, that's nothing more than smoke and mirrors. It hides the real problem, which is an environment that, from the top down, accepts and excuses this sort of behavior. Until that changes, expect more data leaks.