Posted by Frank James at 11:29 am CDT
Sen. Larry Craig (R-Idaho,) chair of the Senate Veterans Affairs Committee, said yesterday evening that his committee will hold hearings Thursday on the theft of a computer disk containing sensitive personal information of more than 26 million veterans.
In a short Senate speech, Craig made the critical point that many federal agencies possess personal data on millions of Americans. So while it’s the Veterans Affairs Department in the news today, it could just as easily be another agency tomorrow.
“Frankly, this problem is not likely limited to VA,” Craig said. “Many Federal agencies keep records on citizens that contain sensitive information. It is not just IRS or HHS.
“There is information maintained by the Department of Education, that comes from the free application for Federal student loans or the Department of Agriculture, which provides crop assistance plans and crop insurance and a variety of other kinds of things,” Craig said.
“All of these agencies have names and addresses and Social Security numbers,” he said. “They must be secure. At the same time, we need employees who can use that information for legitimate purposes to serve our constituencies in a timely fashion.
“All of this will require thoughtful balancing on the part of this Congress,” Craig said. “We have to balance every doctor's need to see a veteran's medical records with the legitimate concern that one too many nurses on the floor have access to those records for no reason.”
Actually, the issue of whether nurses without a need to know can access the medical records of particular patients is covered under the Heath Information Portability and Accountability Act signed into law by President Bill Clinton.
The law says no, only a patient’s health-care providers should access those files. Is Craig saying he believes HIPAA is inadequate?
If there’s an upside to the case of the notorious missing VA disk, it’s that lawmakers and agency officials are once again awakened to the serious danger problems that can arise with lax data security practices.
It’s a danger the Government Accountability Office has warned of in years of reports about the information-security weaknesses at federal agencies. But it’s also a risk that has never seemed a top priority to the nation’s top policymakers.
Meanwhile, Sen. John Kerry (D-Mass.) introduced his legislation to require the VA to provide free credit reports for three years to all veterans "affected" by the stolen personal data disk. This would be above and beyond the annual free credit reports individuals are entitled to under the Fair Credit Reporting Act.
Kerry would also offer veterans free credit monitoring for one year. I asked a Kerry spokesperson if they had a pricetag for this legislation and she said it had not been scored yet by the Congressional Budget Officer.
Here's Kerry's press release. Note the headline says "John Kerry fights" etc. I'm not sure that introducing a bill in the Senate would constitute "fighting" for most people. But I just report. I'll let readers of The Swamp decide.
FOR IMMEDIATE RELEASE: May 23, 2006
John Kerry Fights to Protect Veterans from Identity Theft
Kerry bill will provide free credit monitoring for veterans affected by stolen data
Senator John Kerry (D-Mass.) has introduced the Veterans Identity Protection Act of 2006, legislation that will provide free credit monitoring for all United States military veterans who have been affected by the recent theft of personal data.
The personal information - including birth date and social security number - of approximately 26.5 million veterans was recently stolen from the home of a Department of Veterans Affairs staffer who had taken the records out of the office inappropriately.
“Clearly the security at the Department of Veterans Affairs needs to be tightened up in a big way,” Kerry added. “This breach should not have happened in the first place, and someone needs to be fired for it. Veterans Affairs is supposed to be there to protect and help our veterans, not compromise their privacy.”
Kerry’s bill will offer free credit monitoring for one year for every American affected by the theft. Credit monitoring on average costs between $50.00 to $150.00 per person each year. Kerry’s bill will also provide a second free credit report to each veteran for the second and third years of the act, in addition to the free credit report available under the Fair Credit Reporting Act.
“I’m deeply concerned that this theft happened May 3 and 26 million veterans are only finding out about it now. This stolen data is personal and private and there are grave implications if this information has gotten into the wrong hands,” said Kerry. “We need to protect these veterans and their spouses immediately, and offering this free credit monitoring will help make sure they don’t become the victims of identify theft. It’s the very least we can do.”
• 
• 
• 
Comments
I applaud Senator Kerry for his proposal. I am a veteran and I already subscribe to a credit monitoring and fraud alert service at a cost of $12.95 per month ($155.00 per year). At that rate, the cost for 27 million veterans is almost $350 million per month (yes, per MONTH). That figures to be about $4.2 billion a year. Hopefully, the government can get a discount rate (but then again, we've got to remember those $500 toilet seats). I just wonder if I will be reimbursed for this service if my personal information is part of the 27 million on that disk.
Posted by: Susan | May 24, 2006 12:54 PM
Isn't it about time for a federal law slapping a decent mandatory jail sentence (10 years...maybe more) on anyone...anyone...who moves social security and other related identifying information from a workplace or secure location within a workplace via laptop, CD, whatever (except their own information)? Over the last few years there've been several instances of Social Security numbers stolen via laptops left in cars and other places. This is going to keep on happening until the "IT un-security" persons perceive some penal wrath.
Posted by: Jim B. | May 24, 2006 12:58 PM
I just don't get this at all.The GAO has updated Congress every year that this could happen.Sec. Nicholson has known this and has done nothing to stop it.It just like the GAO reports showen that the 2007 veterans budget does not have the right numbers.So if that budget pases over 600,000 veterans could lose their health care.When is the VA going to get back to a working Department
Posted by: Dale Peters | May 24, 2006 6:09 PM
Dale,
It will be a working department again when Americans stop electing politicians that want government to fail.
Nothing succeeds like failure with the conservatives. They think it proves their point about gvmt. not working.
Posted by: C.Morris | May 25, 2006 11:17 AM
Re: Mary's reference to paying for a credit monitoring and fraud alert service at a cost of $12.95 per month ($155.00 per year)....it's my understanding that the three major credit reporting agencies (Experian, etc.) will place a fraud alert on your credit for free. I've had it done in the near past. The way I think it works, the credit reporting agency will contact you if you or someone posing as you has applied for new credit, before the agency allows it to be approved.
Posted by: Jim B. | May 25, 2006 12:46 PM
It is shameful. No decent American should tolerate this, no matter what party they belong to.
Posted by: Tom | May 25, 2006 2:43 PM
I could be mistaken; but my understanding is that the fraud alert is time limited... so what if the crook waits for a year to use my information??
Posted by: Jerry | May 28, 2006 5:01 PM