Very surprisingly today I read in The Guardian Unlimited report from a couple of days ago that "Free credit monitoring for veterans whose personal information was stolen has been withdrawn, the Bush administration said Tuesday, because the laptop containing their data has been recovered."
Data can be copied from hard drives and other storage media without leaving behind any evidence it was copied.
Today there was also a story about this on the Washington AP Wire.
"Testifying to a Senate panel, Nicholson acknowledged there were no 100 percent guarantees that names, birthdates and Social Security numbers stored on a VA employee’s stolen laptop and external drive were not accessed or copied. But he said the low risk did not justify a year of personalized monitoring at a taxpayer cost of $160.5 million. "Facts have changed, the situation has changed," Nicholson said, noting that the stolen equipment has been recovered and that the FBI determined with a "high degree of confidence" that the data was not compromised. Speaking of veterans groups, some of whom are fiercely opposed to the decision, Nicholson added: "Some oppose, but some concur, thinking it would be a waste of $160.5 million.""
So…it’s about the money? It would be interesting to know what facts have changed…do they know where the stolen equipment was all along?
"Nicholson said the VA was in the process of hiring a company to provide data breach analysis to detect potential patterns of misuse of data. In addition, the department planned to send letters to veterans informing them of free services already available to all citizens, including free monitoring for 90 days and credit reports three times a year."
The credit monitoring services already have the systems in place to be able to detect these types of potential misuse…but the VA is going to hire a company to do this? How will the monitoring a hired company does be able to detect "potential patterns of misuse"?
26.5 million individuals…
Technorati Tags
information security
IT compliance
government
data protection
VA privacy breach
credit monitoring
privacy