When it rains, it seems to pour. This spring brought reports of alligator attacks in Florida, while last summer, multiple shark attacks made headlines. Most recently, attacks on data privacy are making big news.
The stolen VA laptop debacle started in late May with the announcement that the personal information such as names, Social Security numbers and birthdates of 26.5 million U.S. service people dating back to 1975 were taken when a laptop was stolen from the home of a data analyst working with the VA.
And since then, national TV news stories and web newsletters alike have reported on repeat offenses on patient data theft and breaches of confidentiality. One involves the theft of another laptop, this one holding Social Security numbers and other confidential data of 13,000 District of Columbia staffers. The theft took place at the home of an employee of a government contractor that administers the district’s retirement plan, and again, there was a lag in notifying officials. The scariest part? The data was not encrypted and the laptop was not password-enabled.
Lawmakers are springing into action, introducing into Congress several bills in response with the goal of protecting electronic data security and privacy. A bill sponsored by Sen. Daniel Akaka of Hawaii (S 3506) would set penalties for “viewing, using, downloading or removing” personal or health information from a federal database. Another bill (HR 5588) would require the VA secretary to immediately notify all veterans of a data breach and provide affected people with credit monitoring and credit reports at no charge. Another bill seeks to restrict the online posting of the last four digits of Social Security numbers (S 3514), while HR 5582 would require federal agencies to notify potential victims of any unauthorized electronic data procurement.
Bill Gates said recently when he announced he’s transitioning out of day-to-day responsibilities at Microsoft to concentrate on philanthropy: “With great wealth comes great responsibility, a responsibility to give back to society, a responsibility to see that those resources are put to work in the best possible way to help those most in need.” For sure, with great wealth of personal data comes great responsibility. “Giving back” should never include bad news of a confidentiality breach.