WASHINGTONSecretary of Veterans Affairs R. James Nicholson on June 8 called for criminal penalties for VA personnel who fail to secure protected personal information.
Nicholson called for the heavier sanctions in an impromptu press conference in the Rayburn House Office building. He was speaking to reporters following a hearing before the House Government Reform Committee where he was questioned about the theft of records containing personal information on over 26 million current or former members of the U.S. military.
In his testimony before the committee, Nicholson recapped the events leading up to the data loss, and explained what he had done once he learned of the problem nearly a month after it was originally reported to police.
“I am outraged at the theft of this data and the fact an employee would put it at risk by taking it home in violation of VA policies,” Nicholson said in his statement to the committee.
He also said that he was greatly concerned about the slow response by VA management when the data loss became known.
Nicholson also announced several major initiatives that would be undertaken by the VA this month. The major effort will take place during the week of June 26, 2006, when every laptop computer in the Department of Veterans Affairs will be required to be returned to IT security personnel for a review to ensure that all security and virus software is current.
At that time, personnel will remove all unauthorized information or software. In addition, Nicholson has ordered that no personal laptops or other computers will be allowed to connect to the VA’s VPN or to perform any sort of official business.
In addition to recalling all laptops for their security audits, every VA facility will have a “security stand down” the week of June 26 for Security Awareness Week.
“Managers throughout VA will review information security and reinforce privacy obligations and responsibilities with their staff,” Nicholson said.
Read the full story on eWEEK.com: VA Secretary Announces New Security Measures