Veteran
Groups Sue VA for Privacy Invasion by Tod Ensign Any veteran who's dealt with the VA was not surprised by the agency's May 22nd announcement that a VA employee had lost a laptop computer containing personal data on 26.5 million veterans. It took the agency nearly three weeks after the laptop was stolen on May 3 to notify veterans that they should be on the lookout for breaches of their confidential records. Subsequently, the VA admitted that thirty other high ranking officials also had permission to take home confidential data about veterans on their personal computers. Investigative reports issued by the GAO in 2005 and on March 16, 2006 both identified information security as a government-wide issue and found that most federal agencies were unable to adequately control access to sensitive data. Its latest report urged that employee access to sensitive information be on a need-to-know basis and that access to computer networks be strictly limited. Apparently, no one at VA Headquarters bothered to heed these urgent warnings. A House Government Reform Committee graded the various federal agencies for computer security in 2005 with fewer than half of the 24 agencies receiving a "C" or better. To no one's surpise, the VA, along with eight other Cabinet level departments, received a grade of "F." Citizen Soldier immediately consulted with Doug Rosinski, an attorney with the national law firm of Ogletree & Deakins. Rosinski had made a major pro bono contribution to veterans when he sued the government on behalf of sailors who were doused with chemical and biological weapons as part of the "Shad" tests in the 1960s. (After many twists and turns, that case remains on appeal). Veterans for Peace, the National Gulf War Resource Center, Irradiated Veterans, and the Vietnam Veterans of America joined with Citizen Soldier in filing a class action lawsuit in federal court in Washington, D.C. on June 7th. The complaint seeks: 1) a declaratory judgment that the VA's loss of 26.5 million records violated and continues to violate both Privacy and Administrative Procedure Acts, 2) a court order that the VA disclose exactly what vet records were compromised by its negligence and to inform each veteran of every record it maintains on him or her, 3) an injunction to prevent the VA from altering any data storage system and prohibiting any further use until a court-appointed panel of privacy experts determine how best to prevent such breaches in the future, and 4) a judgment of $1,000 for each veteran who has been harmed by the VA's violation of the Privacy Act. As attorney Rosinski explains, "since the VA's behavior clearly violated both federal laws, it must seek to settle our claims rather than simply trying to convince a judge to grant a motion for dismissal." In June, after the missing laptop had been recovered, the FBI announced that that it didn't appear to have been "compromised." Clearly, the VA is eager to convince veterans that while egregious security breaches occurred, they suffered no harm. Settlement talks with the VA are continuing at press time. At a minimum, all the veteran groups are committed to forcing the VA to adopt reforms that insure this kind of privacy invasion doesn't occur again. Recently, some legislators, including Senate Minority Leader Harry Reid (D-Nev) have called for VA Secretary Jim Nicholson to be fired. Unfortunately, the agency's long standing administrative and budgetary problems will not be solved by making Nicholson walk the plank. |