Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« Have You Started Planning For Global Security Week? | Main | The Business Leader’s Primer for Incorporating Privacy and Security into the SDLC Process »

VA Credit Monitoring Withdrawn

Very surprisingly today I read in The Guardian Unlimited report from a couple of days ago that "Free credit monitoring for veterans whose personal information was stolen has been withdrawn, the Bush administration said Tuesday, because the laptop containing their data has been recovered." 

Data can be copied from hard drives and other storage media without leaving behind any evidence it was copied.   

Today there was also a story about this on the Washington AP Wire.

"Testifying to a Senate panel, Nicholson acknowledged there were no 100 percent guarantees that names, birthdates and Social Security numbers stored on a VA employee's stolen laptop and external drive were not accessed or copied. But he said the low risk did not justify a year of personalized monitoring at a taxpayer cost of $160.5 million. "Facts have changed, the situation has changed," Nicholson said, noting that the stolen equipment has been recovered and that the FBI determined with a "high degree of confidence" that the data was not compromised.  Speaking of veterans groups, some of whom are fiercely opposed to the decision, Nicholson added: "Some oppose, but some concur, thinking it would be a waste of $160.5 million.""

So...it's about the money?  It would be interesting to know what facts have changed...do they know where the stolen equipment was all along? 

"Nicholson said the VA was in the process of hiring a company to provide data breach analysis to detect potential patterns of misuse of data. In addition, the department planned to send letters to veterans informing them of free services already available to all citizens, including free monitoring for 90 days and credit reports three times a year."

The credit monitoring services already have the systems in place to be able to detect these types of potential misuse...but the VA is going to hire a company to do this?  How will the monitoring a hired company does be able to detect "potential patterns of misuse"?

26.5 million individuals...

Technorati Tags






 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on July 20, 2006 9:57 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/139

Comments

You know what? I'm glad they did this.

Sure you can get the data, but you'd have to be an awfully sophisticated thug, not the simple "steal and pawn" type, which is what these threats were categorized as.

I mean, as a taxpayer, I already pay for so much crud. There's now such a low probability of compromise, is it worth tens of millions of dollars for credit tracking and counseling?

Getting upset about this just seems like chicken little hype.

Posted by: Alex Hutton | July 21, 2006 8:17 AM

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold,CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for over 18 years. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the 25 top privacy experts and on their list of the 9 best privacy consulting firms. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 11th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.