Report Breaks Down VA Security Lapse
Bad judgment. Poor communication. Office politics.
Those are key themes in a report by George J. Opfer , the inspector general at the Veterans Affairs Department, recounting what went wrong in the recent theft of sensitive personal data on 26.5 million veterans.
|
Syndicate/SubscribeOpfer's report, released this week, serves as a powerful reminder that common sense and clear policies can help avert damaging mistakes.
The VA case began on May 3, when the Maryland home of a technology specialist was burglarized. The employee's personal laptop computer and an external hard drive were stolen. The employee quickly reported the theft and indicated that the hard drive contained files on living military veterans.
Thirteen days later, VA Secretary Jim Nicholson was told of the theft. Six days after that, Congress and veterans learned that personal records might have been compromised -- setting off a huge uproar about identity theft and feeding fears that the government can't be trusted to do the right thing.
Fortunately, police recovered the laptop and hard drive last month, and the VA and FBI said tests show that the thieves did not access the data.
Here are snapshots from Opfer's account:
· The employee was not authorized to take VA data to his home.
The employee -- who is not named in the report -- told investigators that most of the data was for a "fascination project" that "he self-initiated and worked on at home during his own time."
He had started the project in response to criticism about the reliability of the 2001 National Survey of Veterans and was trying to identify 7,000 veterans who participated in the survey to compare the accuracy of their responses with information in VA files. He started his effort in 2003 but could not recall spending time on it in 2006.
The employee acknowledged that he took the data's security for granted and did not protect the files with encryption or with passwords.
