Posted on 05/25/2006 9:19:02 PM PDT by SandRat
WASHINGTON, May 25, 2006 – The Department of Veterans Affairs has begun a thorough examination of policies and procedures after the loss of 26.5 million veterans' personal information, the VA's leader told the House Armed Services Committee today. "I've formed a task force ... to examine comprehensively all of our information security programs and policies to bring about a change in the way we do business," R. James Nicholson said.
His testimony today followed the May 22 announcement that a Veterans Affairs employee had taken electronic data home with him, though he was unauthorized to do so. The information was stolen when his house was burglarized May 3, though Nicholson was not made aware of the loss until May 16.
The employee has been placed on administrative leave pending the outcome of a full-scale investigation, Nicholson said.
To prevent a recurrence, Nicholson told the committee he has initiated an immediate review all current positions requiring access to sensitive data. Those who need that access will be required to undergo updated law enforcement and background checks.
Employees also must complete cybersecurity awareness training and general privacy awareness courses by June 30. Nicholson said they will then be required to sign an annual statement indicating they are aware of the Privacy Act and the proper use of government property.
"I promise you that we will do everything in our power to structure a policy and a regulatory regimen that make clear what is proper use of data by our employees," he said. "We will train employees in these policies and enforce them."
Nicholson has directed the department's information and technology office to revise the security guidelines for single-user remote access developed by the office of cyber and information security. The document, to be completed by June 30, will set the standards for access, use and information security, he said.
The department also has taken extensive steps to notify and protect the affected veterans, he said. They will be notified by individual letter, Nicholson said during the May 22 announcement.
The data stolen from the employees' home contained the names and birth dates of 26.5 million veterans and some spouses, as well as Social Security numbers for 19.6 million veterans, he told the committee today. Also, some data lost could include numerical disability ratings and the diagnostic codes identifying disabilities being compensated.
"It is important to note that the data did not include any of the VA's electronic health records," Nicholson said. "Neither did it contain explicit financial information, although knowing a disability rating could enable one to compute what the implied terms of compensation payments are."
The VA also is working with the three major credit bureaus, and all three -- Equifax, Experian and TransUnion -- have simplified the process for veterans requesting a fraud alert.
Concerned veterans also can get more information by calling 800-333-4636 from 8 a.m. to 9 p.m. EDT, Monday through Saturday to reach the manned call center. They can also visit the www.firstgov.gov.
The Federal Trade Commission is encouraging veterans to report suspected incidents of identity theft via the commission's identity-theft hotline at 877-438-4338. Banks also have received an advisory from the Office of the Comptroller of the Currency.
"It explains what happened and asks the banks to exercise extra diligence in processing veterans' payments," Nicholson said. "The advisory also reminds the banks of their legal obligations to verify the identities of persons seeking to open new accounts."
The secretary added that VA would be working very closely with the president's Identity Theft Task Force on this issue.
"VA's mission to serve and honor our nation's veterans is one we take seriously, and the 235,000 dedicated VA employees are deeply saddened by any concern or anxiety this incident is causing our veterans and their families," he said. "We're working hard to keep this most unfortunate circumstance from causing them undue pain and anxiety."
a hemmm!!!!
Those 3 identifiers are all that's needed for identity theft. Anyone one of these people are wide open for exploitation. My father, who is a Viet Nam vet is undoubtedly on this list.
What a joke, the govt. worker will get a slap on the wrist...if that.
Hell, he'll probably receive a promotion.
Well it appears they had policies and procedures to not take this information home. If people don't follow the rules, it doesn't matter how much training you do.
Why do so many people and organizations believe that if you have a written policy that no one will break it. We have laws that are broken all the time.
I wanna see some heads roll!
horse...barn...
You and me both.
My husband and I are both most likely on that list. This is just incredible. We have had three breeches of security with our identity through jobs and a bank in the past 6 months.
Ouch! That stinks.
Bookmarking.
Damn stupid fool %$#*&&^@! government agents!!!
HOW could this happen today, and why would a person take this information home, unless they were intending to tamper with it to begin with?I think this investigation will probably focus on the theft and not why this employee took the data home to begin with.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.