Editorial: The VA's reminder

The case of the Department of Veterans Affairs’ stolen data should go down in history as one of those events that reminds everybody in government of the importance of security and privacy. Such high-profile mistakes have consequences — both good and bad.

On the bad side, there is the suggestion that the VA’s security efforts should get judicial oversight — something akin to the situation with the Interior Department. And it seems likely that this case will provide federal managers — some of whom are already leery about the concept of telework — with a reason to postpone implementing such programs.

On the positive side, however, the case should raise the visibility of security throughout government. Security experts always talk about assessing risk and balancing true and absolute security and privacy with convenience, speed and efficiency. It is often difficult for security experts to convince users of the need for what must seem like pesky security practices and procedures. During FCW Events’ recent CIO Summit, two security experts — one a fed and the other a former fed now working in the private sector — suggested that one of their biggest hurdles is convincing people that security matters.

The VA incident will, undoubtedly, help them make the case.

We suspect the number of people complaining about government security policies and practices has fallen off precipitously.