Stolen VA Laptop Recovered

lancejjj writes "Remember how the VA was pinning the theft of 26.5 million veterans' personal records on a hard working-but-renegade employee whose laptop was stolen? Surprise! It turns out that the employee had written permission to bring the sensitive data home. Fortunately, the laptop has been recovered. It is still unclear how the laptop was recovered, or if any of the veterans' personal data was leaked."

The US just needs data privacy laws

[bunions]

Seriously. Attention any/all US federal legislators reading this: just mimic the EU on this one. It's a no-brainer and will win you the all-important geek vote.

Why real data?

[JayDot]

One of the articles quoted the permission granting documents, saying that the analyst needed real SSNs for his work. I don't understand why that would be the case. Couldn't they have generated a fake list, verified that no two numbers were alike, and assigned a bunch of random names? It seems like the whole issue could have been eliminated from the start by doing this. Also, it's just shameful the way a bunch of middle-management types are trying to shaft the analyst when he's had written permission for ~4 years.

Re:If he keeps his job

[JayDot]

Why? He had at least three written memos given express permission for him to do what he did. The problem here wasn't with the worker, it's with the policies and directors that signed the memos.

Re:If he keeps his job

[955301]

Oh no, the best thing they could do is let him keep the job. He's the least likely person in the US to do this again. It would be different if he stole it himself.

Re:Data Wasn't Accessed

[bcat24]

Or using a system that doesn't even touch the last accessed date in the first place.

Re:Nothing taken

[treeves]

I for one am relieved that the data was not accessed, since I am a veteran who received a letter saying that I might be subject to identity theft as a result of this incident.
They gave us all a years worth of ID theft tracking service at a cost to the gov't of $(several millions?).
If a class action law suit against the VA for this debacle is successful it will cost them a lot more than that.

I am more than a little annoyed that they gave the guy permission to take the data home, and now they are firing him for having done so.
In spite of my feelings, I hope such a lawsuit fails, since it will only hurt those who rely on the VA's funding for their health care, etc.
The people who allowed this to happen certainly aren't going to give themselves a cut in pay!

Another whacked summary

[HardCase]

The employee had permission to access social security numbers. The employee had permission to take a laptop home. The employee had permission to use database software at home.

The VA still contends that the employee did not have permission to put the social security numbers on the computer and take it home.

Look at the timeline. He gets permission to access SSNs in February. He gets permission to take a laptop home in September. Sometime during the year he got permission to use a database program at home. It still sounds to me like he took a little personal initiative to take the SSN database home.

Still, the whole affair was handled pretty damn poorly, particularly the delay in reporting it, among other things.

-h-

Re:Yeah - laws that let the gov't have all access

[bunions]

Data privacy laws aren't there to keep the gov't from snooping into your stuff, it's to keep companies from trading your private data, or even keeping it on file in many instances.