Privacy Tip #214 – Veterans Warned of Risk of Misuse of Sensitive Personal Information

Robinson+Cole Data Privacy + Security Insider
Contact

The Department of Veterans Affairs’ Office of Inspector General (VA OIG) recently completed an audit of the VA’s Milwaukee Regional Office after it was tipped off by a whistleblower about the exposure of sensitive information on shared drives by employees who did not have authorization to view the information.

According to the audit, sensitive information of veterans was stored on two shared network drives on the VA Enterprise network, so any of the Veterans Administration’s 25,000 employees who had permission to access the VA network could access the files stored on the shared drives. The information contained on the drives includes veterans’ names, addresses, dates of birth, telephone numbers, disability claims information and “other highly sensitive and confidential information.” Although the audit was of the Milwaukee Regional Office, the audit report states that the exposure of data was not limited to that office, so this is considered a national issue.

The exposure was caused by three reported failures: the deliberate or inadvertent negligence by staff who stored the information on the network drives in violation of VA policies; a lack of technical controls to prevent the inappropriate storage of the data on shared network drives; and inadequate oversight to ensure compliance with VA rules.

According to the VA OIG, “Veterans are at significant risk of unauthorized disclosure and misuse of their sensitive personal information. This has the potential to expose veterans to fraud and identity theft.”

With this warning, veterans may wish to consider taking measures to mitigate their risk of becoming a victim of identity theft, including accessing the Federal Trade Commission’s (FTC) website to get tips on how to do so.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.