In God We Trust, but the Government's Blowing It
Bob Sullivan's excellent work via his Red Tape Chronicles blog continues with this report on the theft of the PII of nearly 27 million U.S. military veterans discharged since 1975.
There are plenty of reports available on the story, so I won't go into the details beyond the basic: a Veterans Affairs employee downloaded the files to a laptop in order to do some work at home. The employee's home was burglarized and some stuff stolen, including the laptop and disks containing the veterans' information.
As a veteran, discharged from the U.S. Navy in 1987, this one hits home. There's a very good chance my information is on the stolen disk. But I'm not here to gripe about the fact that I now have to pay closer attention to my credit records.
Government institutions have a lousy record when it comes to protecting data. Taking state government out of the equation (including state colleges and universities), federal agencies had lost the records of more than 668,000 individuals since the Privacy Rights Clearinghouse started keeping track back in February of 2005. The list of federal breaches includes the Department of Justice (80k), U.S. Air Force (33k), U.S. Marine Corps (207k), Department of Agriculture (350k), and the Federal Deposit Insurance Corporation (6k). It doesn't include an April 28, 2006 breach at the Department of Defense in which an unknown number of personal records was compromised.
Add this week's 26.5 million veterans and the federal government accounts for at least one third of the 81+ million data records the PRC says have been compromised since ChoicePoint.
This doesn't mean that Congress has lost its moral authority to draft and enact federal data protection and notification law, but it does mean that the federal government needs to quickly and forcefully address its own shortcomings with regard to data protection.
As we know, consumers prefer to do business with companies they trust. Larry Ponemon's research has consistently confirmed that fact. Citizens should also be able to trust the governmental institutions that they must do business with each day. Furthermore, government has a responsibility to be accountable to the People and to work each day to earn and build that trusting relationship. In addition to the major issues of the day, it is "little" things like this news that erode confidence in government, and that's a dangerous proposition.
(As an aside, it's just a hunch, but it would not shock me at all to learn at some point down the road that this was a case of insider data theft made to look like a burglary.)
There are plenty of reports available on the story, so I won't go into the details beyond the basic: a Veterans Affairs employee downloaded the files to a laptop in order to do some work at home. The employee's home was burglarized and some stuff stolen, including the laptop and disks containing the veterans' information.
As a veteran, discharged from the U.S. Navy in 1987, this one hits home. There's a very good chance my information is on the stolen disk. But I'm not here to gripe about the fact that I now have to pay closer attention to my credit records.
Government institutions have a lousy record when it comes to protecting data. Taking state government out of the equation (including state colleges and universities), federal agencies had lost the records of more than 668,000 individuals since the Privacy Rights Clearinghouse started keeping track back in February of 2005. The list of federal breaches includes the Department of Justice (80k), U.S. Air Force (33k), U.S. Marine Corps (207k), Department of Agriculture (350k), and the Federal Deposit Insurance Corporation (6k). It doesn't include an April 28, 2006 breach at the Department of Defense in which an unknown number of personal records was compromised.
Add this week's 26.5 million veterans and the federal government accounts for at least one third of the 81+ million data records the PRC says have been compromised since ChoicePoint.
This doesn't mean that Congress has lost its moral authority to draft and enact federal data protection and notification law, but it does mean that the federal government needs to quickly and forcefully address its own shortcomings with regard to data protection.
As we know, consumers prefer to do business with companies they trust. Larry Ponemon's research has consistently confirmed that fact. Citizens should also be able to trust the governmental institutions that they must do business with each day. Furthermore, government has a responsibility to be accountable to the People and to work each day to earn and build that trusting relationship. In addition to the major issues of the day, it is "little" things like this news that erode confidence in government, and that's a dangerous proposition.
(As an aside, it's just a hunch, but it would not shock me at all to learn at some point down the road that this was a case of insider data theft made to look like a burglary.)
posted by Mike Spinney at 5:39 AM
1 Comments:
Mike,
I retired in '93 and am a computer geek. Can't believe nothing is going to happen to this guy. Although this was not classified information, it was private and sensitive. I've already written my Congressmen and Senators. Thanks for maintaining a great site with meaningful commentary.
A. H. "Bert" Meyer, RMCS,USN, (Ret)
Post a Comment
<< Home