VA Closing Barn Door After Database Theft

The Department of Veterans Affairs has begun an examination of policies and procedures after the theft of 26.5 million veterans’ personal information, VA Secretary R. James Nicholson told the House Armed Services Committee May 25. Nicholson testified that he has initiated a review of all current positions requiring access to sensitive data. Those who need access will be required to undergo updated law enforcement and background checks. Employees also must complete electronic security awareness training and general privacy awareness courses by June 30. Nicholson said they then will be required to sign an annual statement indicating they are aware of the Privacy Act and the proper use of government property. Nicholson also has directed the department’s information and technology office to revise the security guidelines for single-user remote access developed by the office of cyber and information security.