Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

VA Admins -- Hold Your Fire!

I am certain the U.S. Department of Veteran Affairs will investigate the circumstances surrounding the VA analyst who lost personal data on 26.5 million veterans, correlate the facts, and then fire that employee.

If this analyst was acting with malicious intent, the VA would be right to cut him loose. But assuming all the facts we have to date are accurate, firing him would be shortsighted and wrong. Average employees do not take work home with them; only motivated employees--an organization's best employees--do that. Firing this worker will send a message that will ripple through both the public and private sectors: "Take work home with you, and we will fire you."

Instead, the VA must confront the system that let this volume of data leave the building. The analyst was not authorized to take this data home, according to the reports we've seen, but he'd been doing so for three years, which means the VA can't--or doesn't--enforce its own security policies.

The VA should reprimand this analyst, then undertake some serious work to deploy mechanisms such as extrusion prevention to ensure that no other well-meaning employee can unwittingly put veterans' identities at risk.