Re: OT? GAO: Data breach Notification; Lessons Learned

["richard titus" <phystarus19 () earthlink net>]

The current push to allow Federal employees to work from home or from remote locations clearly needs to be reexamined 
for its data security implications.
richard
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
----- Original Message ----- 
From: Al Mac 
To: Data Loss Incidents
Sent: 5/5/2007 11:22:15 PM 
Subject: [Dataloss] OT? GAO: Data breach Notification; Lessons Learned


I predict, that in the future, some of these lessons may be learned again.

Privacy:  Lessons Learned about Data Breach Notification.  GAO-07-657, April 30.

Much of this concerns internal prompt notification, like to law enforcement and within organizational hierarchy, 
getting correct names & addresses of who to notify and other  legal complications.

The GAO report includes a summary of data breach incidents at 6 gov agencies (Depts of Agriculture, Defense, Education, 
Health+Human services, Transportation and Veteran's Administration) ... any here we did not already know about?
* 2006 Jan Farm Services FOIA contractor oops on 80,000 tobacco producers
* 2006 Mar Navy Marine Corps thumb drive lost 207,570 individuals
* 2006 May VA employee home burglarized affecting 26.5 million 
* 2006 June National Student Loan CD lost in transit on 13,756 individuals
* 2006 June HHS contractor employee laptop stolen 49,572 Medicare beneficiaries
* 2006 Dec DoT laptop stolen from car parked in FL 133,000 commercial drivers & FAA pilot licensees
http://www.gao.gov/cgi-bin/getrpt?GAO-07-657
Highlights - http://www.gao.gov/highlights/d07657high.pdf

GAO conclusions specifically on VA data breaches.
http://www.gao.gov/highlights/d07532thigh.pdf

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 207 million compromised records in 649 incidents over 7 years.