VA Posts Data Breach Reports Online

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://www.informationweek.com/news/government/security/showArticle.jhtml?articleID=226700240

Monthly updates show the different ways data has leaked out of the
agency, including lost or stolen hardware and misdirected emails.
By Elizabeth Montalbano
InformationWeek
August 13, 2010 03:56 PM

Once again showing that it's serious about transparency, the
Department of Veterans Affairs (VA) has begun posting reports about
data breaches on its website.
The monthly reports, which the agency compiles for Congress, list
different ways the VA has lost data, such as through lost hardware or
misdirected emails.

More Government Insights
WhitepapersHow to Boost Web App Performance Up To 10xLaying the IT
Security Foundation: Corralling Conficker and Other Threats in an
Evolved Environment
Videos

At Web 2.0 Expo (March 2009), SmartyCard's Aaron Burcell gets in the
hotseat with TechWebTV's David Berlind to ReviewCam his company's
online service that looks to incent tween learning through high-tech
rewards. Does the idea send the right message?
For example, a report (PDF) from July 5 to Aug. 1 shows the agency
lost two PCs, 13 BlackBerry devices and six laptops. It also reported
103 of so-called "mis-mailed" incidents, and 90 "mis-handling"
incidents. All of the lost laptops were encrypted, according to the
report.

April that involved the loss of two unencrypted laptops that contained
personal information about more than 600 veterans.

Another infamous data breach in 2006 involved the theft from a VA
employee's home of a laptop that contained data on more than 26
million veterans. That incident spurred a Congressional review, as
well as cost the agency $20 million to settle a class-action suit.

The VA is taking its data breaches seriously enough that VA CIO Roger
Baker has begun monthly calls with members of the press to discuss
them.

Since taking his position, Baker has made a concerted effort to
improve IT operations at the VA, with data security being a major
priority.

The posting of the reports also shows how far the agency has come in
terms of transparency and accountability for its IT operations, which
historically have been criticized for serious inefficiency.

Baker has put into effect an accountability program that flags IT
projects behind schedule, over budget, or both. That program, which
was recently expanded to all of the VA's IT projects, saved the agency
$54 million in its fiscal-year 2010 budget.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php