Personal data, including Social Security numbers of 26.5 million U.S. veterans, was stolen from a Veterans Affairs employee this month after he took the information home without authorization, the department said Monday.
The INFOSEC practitioner in me wants to beat some GS-half-wit @$$ . . . the ex-GI in me lowering my trousers and spreading ‘em . . .
Captain Ed makes a good point at Captain’s Quarters: by design big programs are unlikely to betray us, but careless/clueless individuals may very well. Unlike say, a computerized program that looks at numbers, a human with someone else’s name, SSN, and other data can actually do damage and really violate your privacy (not to mention your bank account and credit rating). The jury is still out whether this was part of some cunning plan or just someone after someone else’s hardware (most likely). Either way I find it hard to believe taking this data home for some O/T work was authorized by superior or statute.
All related discussions are satellites around a core question: is our data our own or not? Pick on nanny-state Europeans all you like; they’d sooner give up a limb than personal data. Trading in personal data w/o authorization might cost you a (figurative) limb. Barring the creation of a similar situation here in the US, what constitutes misuse and abuse of personal data will remain very much a point of view.