The VA and data breaches
Enrique sends us a link to an article in FCW that discusses how the Department of Veterans’ Affairs deals with the breach of your Personally Identifiable Information (PII). Apparently, it happens more often than we realize;
Each week, at least some of the Data Breach Core Team’s 30 members gather to pore over suspected data breaches reported through the agency’s Privacy Security Event Tracking System, determining whether an incident is an actual breach. The DBCT assigns a risk categorization – low, medium or high – to each potential breach and determines whether VA should offer credit monitoring to veterans in each case.
So, if your PII is lost somehow on a Friday, sometime during the next week, this panel will meet and decide whether they should protect you or not. The first data breach that was significant enough for the VA to tell us about, well, they didn’t even tell the Secretary until three weeks after it happened. SO the VA isn’t really johnny-on-the-spot when it comes to protecting your information.
I’ve said before that I subscribe to Lifelock (it’s about $100/year) because so many government agencies are playing fast and loose with my PII, I can’t stop them from losing it, so, just like life insurance, I have Lifelock so I can sleep at night knowing that if Paul Wickre decides to publish my social security number again, it won’t do anyone any good to have it.
And that way, I don’t have to wait for some panel of 30 bureaucrats to decide whether my PII is worth protecting through their good graces.
Category: Veterans' Affairs Department
Doesn’t APL have that First Source contract with the VA? No worries.
Yeah when it comes to data a 96+ hour response time is as useless as Eric Shinseki running the VA…oh wait….
For years the VA has subcontracted various quasi governmental agancies and other nongovernmental organizations to perform studies of veterans. One of these is the Institute Of Medicine (IOM) who has further subcontracted to several European entities. So personal veteran files are spread all over the the world. Just yesterday received a invitation by snail mail to move my insurance over to Progressive. What’s alarming about that is that it was addressed to my unique name suffix only the VA uses. Sure makes me wonder how a large donor to the current administration could gain access to the addresses of veterans.
I sent you something on this some time ago. I work for VA in the IT field and I must say there are dangers here with the current setup of VA office of information and technology.
DoD regulations require me to report a PII violation that takes place in my unit to the federal privacy office within a couple hours. Another follow up report which must include the names of those affected to include saying I informed them of the breach must be made within 24 hours.