Personal electronic information on up to 26.5 million military veterans, including their Social Security numbers and birth dates, was stolen from the residence of a Department of Veterans Affairs employee who had taken the data home without authorization, the agency said Monday.
At a news conference on Monday afternoon, Attorney General Alberto R. Gonzales said there was "no reason to believe at this time that the identities of these veterans have been compromised." (NY Times)
No reason? How about the little reason of a government employee letting his unauthorized, insecure notebook computer get stolen? Granted, there may be little chance that this information will be used fraudulently, but to me "little" does not mean the same thing as "no". When will people learn that PR bluster may buy you something in the short term but that you'll get labeled a dissembler in the long?
In the aftermath of the ChoicePoint debacle, several states have passed tough legislation aimed principally at forcing companies, schools and other handlers of private data to notify consumers when their information has been compromised. Other new laws permit consumers to freeze their credit as a way of foiling would-be thieves, or force new security standards on data handlers.
Several pieces of legislation are also pending in Congress, but so far the interests of the financial services and credit industries, which seek to limit inhibitions on data handling and the penalties for security breaches, have competed with those of consumer advocates. As a result, no consensus has emerged.
Ah yes, the credit industry lobbying against inhibitions and penalties. I guess the good news about a lack of "consensus" is that the states' laws haven't been rolled back. Here's to Congress not intervening where it's not wanted.