Stolen VA laptop found
Thursday, June 29th, 2006CNN is also reporting that the SSNs have not been accessed since the robbery. Not sure how this could be verified, but I do recall that file creation, modification, and access date & times of each file is maintained by the file system. It been a minute since I did any REAL work with a PC so I’m not sure. But I think that the more interesting stuff is at the end of the piece:
According to the documents provided to The Associated Press, the analyst, whose name was being withheld, had approval as early as September 5, 2002, to use special software at home that was designed to manipulate large amounts of data.
A separate agreement, dated February 5, 2002, from the office of the assistant Veterans Affairs secretary for policy and planning, allowed the worker to access Social Security numbers for millions of veterans.
A third document, also issued in 2002, gave the analyst permission to take a laptop computer and accessories for work outside of the VA building.
“These data are protected under the Privacy Act,” one document states. The analyst is the “lead programmer within the Policy Analysis Service and as such needs access to real Social Security numbers.”
The department said last month it was in the process of firing the analyst, who is now challenging the dismissal.
It is not the analysts fault for being robbed. It is the VA’s fault for having insufficient procedures for handling personal data, the analyst apparently followed established procedures for taking and handling the data. This is not just a problem with the VA but with corporate and government organizations all over.
