Vets Admin: Retrieve one stolen PC, another gets swiped(this time, just 38K names lost)

Vets Admin: Retrieve one stolen PC, another gets swiped(this time, just 38K names lost)

Summary: Here's my question: when does someone actually lose their job in this case of ineptitude? Let's see.

SHARE:
TOPICS: Big Data
3
Here's my question: when does someone actually lose their job in this case of ineptitude?

Let's see. First, a notebook computer belonging to a Veterans Administration analyst containing sensitive data related to 26.5 million "VA" names (including 2.2 troops on active duty) gets pinched. Then, the the White House Office of Management and Budget (OMB) and the Government Accountability Office (GAO) begin to jointly look into the data security practices of the Veterans Administration (as well as other agencies).  Then, Congress gets in on the act, conducting an inquiry that puts the VA's chief on the hot seat.  The chief's response? Today's data security laws need more teeth:

"While we have a system in the government of doing background investigations (on those to) whom we will give access to classified information, we do not have a similar screen (for) those to whom we will give enormous amounts of (personal) data," VA Secretary R. James Nicholson told the U.S. House of Representatives Committee on Government Reform.

As if laws are going to solve the problem. 

Then, the VA PC that was stolen was recovered.  And eventually, the teens who stole it got arrested.   Then, just a few days pass since that arrest and now another VA PC is stolen.  This one containing sensitive data belonging to 38,000 people:

The U.S. Department of Veterans Affairs said Monday that a desktop computer with personal data on as many as 38,000 U.S. military veterans had disappeared from Unisys, a subcontractor....Unisys told the VA on Aug. 3 that the computer was missing from the company's offices in Reston, Va., the VA said. The VA and Unisys said the data may include names, addresses, Social Security numbers and dates of birth.

Inquiries by the OMB, the GAO, and Congress are great. But when is action going to take place. My question is and has been: what is being done about it right now? What's taking so long? What is it about the design of certain VA applications and business processes that requires large chunks of data to be stored on PCs, where's the action being taken to secure that data, and what's the plan to redesign everything so this doesn't happen again? Perhaps something is being done. I'm sure there is and we're just not hearing about it.  But when I hear that the VA chief is asking for tougher laws, it sounds to me like he's looking for someone else to solve the VA's IT problems instead of the VA itself.

By the way, this is the same Veterans Administration that made headlines for a $170 million IT project failure.

Topic: Big Data

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Not in Government

    Until the Government holds its employees accountable through fines and jail-time, this will not be corrected any time soon.

    There is no incentive for Government to do a better job. If they are fined, it's simply the taxpayers that foot the bill. It they do a good job, their stock price won't increase, profitability won't improve, and people won't get rich.

    It's inherently a flawed method of running a 'business', since there's no benefit to doing a good job, no punishment for doing a bad job, and no competition to take over.

    Doug
    http://www.douglaskarr.com
    PS: My info was in the first data that was lost.
    Douglas Karr
  • Why not?

    Why isn't a collection of indentifying information being treated as classified information by the federal government? Disclosure of that information will cause significant harm to the country.

    Especially Veterans medical records should be secured with at least the controlls afforded Confidential information. And those charged with the security of such records should be taking appropriate care with it. We don't need new laws and regulations, we just need to properly classify these records.
    jimbo_z
  • Are you kidding me!?!?!

    Absolutely rediculous....

    I am sick of using the "when will they ever learn..." phrases to describe what's been going on with the VA lately, but this is absolutely inexcusable. There is no reason why the data on that desktop was not encrypted, I mean, did they learn a darn thing after nearly costing millions of vets their credit? I just can't believe that Nicholson would allow this to happen yet again.
    http://www.techknowbizzle.com/2006/07/times-getting-even-tougher-for-vets.html

    I can't imagine how vets must be feeling seeing as their VA office constantly has let them down over the past few months. For goodness sake guys, how do you think the rest of the world looks at our veterans and military system these days. If this instance doesn't teach you a lession to encrypt and not be dumb with data then I do not know what will...
    http://www.essentialsecurity.com/Documents/article16.htm
    Nathank@...