In theory, the idea should have taken root long ago--after all, encryption isn't exactly bleeding edge technology. But good timing or not, the VA has finally set plans to require all portable storage devices used internally to have their data encrypted. The requirement won't take effect until December, however. The move comes in response to an embarrassing, highly publicized data loss that took place last year when an external hard drive "walked away" from a Birmingham, Ala.-based VA location.
That data, which still hasn't been relocated, seems to have included personally identifiable information and health data on 250,000 veterans, as well as HHS data on 1.3 million medical providers. In short, the loss was a complete debacle, and a pricey one.
Right now, policy already dictates data on flash drives, hard drives and other removable devices must be encrypted when employees take those devices off site. But that hasn't been the case for devices intended to remain on campus.
To find out more about the VA's plans
- read this Federal Computer Week article
Related Articles:
VA revamping IT infrastructure. Report
VA pledges better data security. Report
VA suffers major data loss, again. Report