Veterans can finally rest assured that, when their personal data is stolen from a laptop taken home for a pet project without authorization, the thieves will have some trouble using it.

Where in the past, personal data of Americans that was taken home by VA personnel without authorization was not even encrypted… From now on, anyone walking out with the unauthorized personal data of millions of other Americans will apparently not be allowed to do so, if the data has not been encrypted.

U.S. Senator Larry Craig, Chairman of the Senate Committee on Veterans’ Affairs, is patting himself on the back for a job well done.

Here’s his success story, in his own staff’s words:
Last week VA officials announced that they have contracted with ID Analytics to provide data analysis of information on veterans which may have been made public by the recent thefts of two VA computers. Today the agency announced it has contracted with SMS, Inc., to provide encryption technology for all laptop and desktop computers in the Department of Veterans Affairs inventory.

“These are important steps which should go a long way to making VA the model agency in data security within the federal government. That is the goal of both Secretary Nicholson and the Senate Committee on Veterans’ Affairs,” Craig said. “VA has just taken two major steps forward. This is good news for veterans everywhere.”

The need for the data analysis and encryption was prompted by the theft in May of a laptop computer and external hard drive from the home of a VA employee which contained information on 26.5 million veterans and active duty personnel. Both were later recovered by law enforcement and an FBI analysis found that the information was not breached.

Two 19-year-old individuals and a juvenile have been arrested for involvement in that theft.

More recently a computer containing data on an estimated 38,000 veterans was stolen from a VA contractor’s secure facility. Veterans impacted by the second theft, most of whom live in and around Pennsylvania, will soon receive a letter from VA explaining the situation and outlining how they can sign up for credit monitoring. The private contractor which had the computer stolen from its offices - Unisys Corporation - will pay for those services.

“I have promised America’s veterans that I intend to make VA information security a model of data security and this expedited encryption program is a major step in that direction,” said VA Secretary Jim Nicholson in a statement to the press.

The contract for the encryption service with SMS, Inc., will cost taxpayers $3.7 million. ID Analytics’ data analysis services will be provided for free.

“Cost-free is good. In fact, it is simply amazing, especially when this service will be provided by one of the top data security firms in the country,” Craig said.

ID Analytics’ services are used daily by more than half the credit and retail card issuers in the United States, as well as leading wireless and online consumer finance companies.

Despite all the happy-talk, I still haven’t heard if or when anything will be done to prevent unauthorized people from walking out of the building with the critical personal information of millions of fellow Americans.
Must have missed the memo.