VA showed 'indifference' after data breach
GovExec.com has an article based on a just released report by the VA Inspector General. The Veterans Affairs IG found that the analyst whose laptop was stolen had the OK to access the data, but apparently not to take the laptop home. I think there will be a different of opinion there. The analyst (with 34 years at the VA) might argue that since his PC was a laptop, how could he use the data without taking it home? I think that misses the point—it was lax security policies and lack of encryption, plus poor response measures that sunk this ship. And of course, the political sharks smell blood:
Rep. Lane Evans, D-Ill., ranking member of the committee, said that "utterly dysfunctional leadership" was one of a series of failures resulting in the data breach and Nicholson's next steps must include a review of why his managers and advisers "botched it and failed to report the matter to him."