Six years after a data breach that resulted in the Department of Veterans Affairs (VA) being vilified for disregarding its own gap-filled information security and privacy policies, the VA now stands as a model for how to effectively integrate tough safeguards into its daily operations. The breach produced a sea change at VA to protect veterans’ information through policies and procedures that are now communicated clearly as a top priority from the secretary on down through the sprawling agency. VA relies on automated technologies, continuous monitoring and reporting, and periodic employee training and re-training for adherence. Some of VA’s best practices include: an independent privacy breach analysis team made up of legal, technology, business and privacy officers who examine each incident that is reported to Congress, how it was handled and what else can be done to prevent it in the future; encrypted laptops; personal data does not flow outside the VA unless it’s encrypted according to the latest federal information processing standard from the National Institute of Standards and Technology (NIST), etc.
Read more
