Let's see. First, a notebook computer belonging to a Veterans Administration analyst containing sensitive data related to 26.5 million "VA" names (including 2.2 troops on active duty) gets pinched. Then, the the White House Office of Management and Budget (OMB) and the Government Accountability Office (GAO) begin to jointly look into the data security practices of the Veterans Administration (as well as other agencies). Then, Congress gets in on the act, conducting an inquiry that puts the VA's chief on the hot seat. The chief's response? Today's data security laws need more teeth:
"While we have a system in the government of doing background investigations (on those to) whom we will give access to classified information, we do not have a similar screen (for) those to whom we will give enormous amounts of (personal) data," VA Secretary R. James Nicholson told the U.S. House of Representatives Committee on Government Reform.
As if laws are going to solve the problem.
Then, the VA PC that was stolen was recovered. And eventually, the teens who stole it got arrested. Then, just a few days pass since that arrest and now another VA PC is stolen. This one containing sensitive data belonging to 38,000 people:
The U.S. Department of Veterans Affairs said Monday that a desktop computer with personal data on as many as 38,000 U.S. military veterans had disappeared from Unisys, a subcontractor....Unisys told the VA on Aug. 3 that the computer was missing from the company's offices in Reston, Va., the VA said. The VA and Unisys said the data may include names, addresses, Social Security numbers and dates of birth.
Inquiries by the OMB, the GAO, and Congress are great. But when is action going to take place. My question is and has been: what is being done about it right now? What's taking so long? What is it about the design of certain VA applications and business processes that requires large chunks of data to be stored on PCs, where's the action being taken to secure that data, and what's the plan to redesign everything so this doesn't happen again? Perhaps something is being done. I'm sure there is and we're just not hearing about it. But when I hear that the VA chief is asking for tougher laws, it sounds to me like he's looking for someone else to solve the VA's IT problems instead of the VA itself.
By the way, this is the same Veterans Administration that made headlines for a $170 million IT project failure.