Veterans Affairs to protect data on laptops

One week after news that another computer from the U.S. Department of Veterans Affairs had gone missing, the agency announced plans to beef up safeguards on all of its machines.

In the next week, the agency plans to begin installing data encryption software on its laptop and desktop machines, VA Secretary R. James Nicholson said Monday. Data on portable media such as flash drives and CDs will also be protected.

"A system-wide encryption program will be a tremendous step forward in improving the safety and security of sensitive veteran information," Nicholson said in a statement.

The planned upgrade is the agency's latest effort to step up vigilance over its computer systems, after the high-profile theft of a laptop and an external hard drive that housed sensitive information on more than 26 million veterans and active military personnel. The equipment was stolen from the Maryland home of a Veterans Affairs Department employee in early May and was ultimately recovered in June--but not before an uproar ensued among politicians and other watchdogs.

Police arrested two teenagers in connection with the incident last week. Days later, the agency said it was investigating reports of a new theft--this time of a desktop machine from the Reston, Va., offices of Unisys, a subcontractor hired to assist with insurance collections for Department of Veterans Affairs medical centers in Pennsylvania. The agency estimated that the computer contained information on about 38,000 veterans--2,000 of whom were deceased.

The Department of Veterans Affairs' laptop computers will be the first to receive the new encryption software. They will be given products made by GuardianEdge and Trust Digital, which market themselves as mobile security specialists. The agency said it awarded a $3.7 million contract last week to SMS, a Syracuse, N.Y.-based company owned by a "service-disabled" veteran, to carry out the upgrade.

Final testing of the products is currently under way, and installation is set to begin on Aug. 18. The agency hopes to have 100 percent of its laptops covered within four weeks of that date, with desktop machines to follow.

[ml_ess]

Implementing security... no seriously?

This seems almost surreal - how many incidents of laptop theft did it take for government agencies to start implementing security measures? The number of individuals affected by laptop theft and other data breaches is well into the millions (<a class="jive-link-external" href="http://www.techknowbizzle.com/2006/06/20788366461-brief-history-of-data.html" target="_newWindow">http://www.techknowbizzle.com/2006/06/20788366461-brief-history-of-data.html</a>).

Lesson learned: use common sense (don't leave your laptop in a vehicle!), use physical deterrents (locks, cables?) and employ software that actually protects sensitive data within (such as Remote Laptop Security <a class="jive-link-external" href="http://www.essentialsecurity.com/Documents/article18.htm" target="_newWindow">http://www.essentialsecurity.com/Documents/article18.htm</a>).

[marileev]

incidents

Now if the VA is implementing a plan, what about the FTC. As memory serves, their laptop protection plan is still unresolved.

[ml_ess]

FTC irony

Oh yes, how can we forget the Federal Trade Commission... the agency that's supposed to work to PROTECT our privacy put 110 individuals in risk of identity theft due to TWO stolen laptops. <a class="jive-link-external" href="http://www.iwantmyess.com/?p=72" target="_newWindow">http://www.iwantmyess.com/?p=72</a>