GCN coverage of VA's loss of veterans personal data
Almost half of GCN survey respondents report taking federal data files home
The recent theft of personal data on as many as 26.5 million veterans has sent government agencies a chilling message about the need to take new data security measures to prevent confidential data from walking out the door.
According to a new survey by Government Computer News, there is good reason for government officials and the public at large to be concerned.
Nearly one-half (46 percent) of 326 respondents to a GCN reader survey of government IT workers this week said they had taken government data files home in the past six months to keep up with their work.
Government data is moved or carried by a variety of means. The most frequent methods that survey respondents reporting using were:
- Laptop/notebook: 54 percent
- VPN (virtual private network) or secured network: 41 percent
- Key drive: 34 percent
- CDs/DVDs: 32 percent
- E-mail: 31 percent
- External/portable disk drive: 17 percent
- Paper Copies: 4 percent
- PDAs/Cell Phones: 2 percent
And although half (51 percent) of respondents said their government office has a clear policy about what data files they can work on at home or outside the office, 32 percent said their office does not have a clear policy and 18 percent said they don't know if there was a clear policy.
Among respondents familiar with such policies and who were asked how consistently such policies are enforced, 49 percent said routinely, 11 percent said the majority of the time, 9 percent said irregularly or rarely and 30 percent didn't know.
Asked whether their office provides clear encryption instructions when handling sensitive data, a common method for making data more secure, half (51 percent) said yes, 28 percent said no and 21 percent said they didn't know.
Those surveyed offered a variety of recommendations to help guarantee sensitive data is not lost or stolen. The most common recommendations:
- Use automatic encryption
- Allow more government workers working outside the office to have controlled access via secured network connections (or Virtual Private Network) instead of using portable storage devices.
- Require automated alerts when sensitive data is moved, copied, transferred or removed from its original location.
- Make consequences severe for information security violations
The survey was conducted by Government Computer News May 26-31, polling a portion of its 100,000 subscribers who manage information technology and programs for government agencies, including defense and military agencies.Additional coverage
When data walks
The recent theft of data on 26.5 million veterans sends agencies a chilling message: Lock down your own data security and privacy policies immediately or you might wind up with confidential data walking out your own door.
VA loss renews calls to update Privacy Act
The Veterans Affairs Department's recent loss of veterans' personal data highlights a broader question that has rattled around Washington for 10 years: the need to update the Privacy Act of 1974.
How do you defend yourself against 'good' employees?
Much has been made of the theft last month of computer equipment containing personal data from the home of a Veterans Affairs Department employee, but less attention has been given to the fact that the real breach occurred when the employee carried that data out of his office.
VA data files on millions of veterans stolen
The Veterabns Affairs Department has revealed that personal, identifying data for as many as 26 million American veterans was stolen from a VA employee's home in May.
OMB to agencies: review personal data protections
The Office of Management and Budget has directed agencies' senior privacy officials to review and correct any policies and processes to ensure that they protect against misuse of or unauthorized access to personally identifiable information.
VA outlines data security upgrades
The Veterans Affairs Department is tightening its data security policies in response to the theft of sensitive, private electronic data of 26.5 million veterans.
VA changes staff over data theft
The Veterans Affairs Department announced that one official has resigned and other personnel changes have been made as a result of the theft of data of 26.5 million veterans.