Bob Brewin alerts us to another new resource on data breaches:
Today the Veterans Affairs Department started posting online its monthly data breach reports as part of its ongoing transparency thing, VA Chief Information Officer Roger Baker told a press briefing this morning. He said the latest report (for July) might not make it to the Web until Thursday
Read more on NextGov.
The reports make for interesting reading. Most of the incidents are relatively minor, but the VA has meticulously documented them and aggregated them by type of incident.
If they intended to make these public as part of a transparency initiative, the FOUO designation on the reports is somewhat confusing:
For Official Use Only/Limited Distribution
WARNING: This document is FOR OFFICIAL USE ONLY. It contains information that may be exempt from public release under the Freedom of Information Act (5 U.S.C. 552). This document is to be controlled, handled, transmitted, distributed, and disposed of in accordance with DHS policy relating to FOUO information and is not to be released to the public or other personnel without prior approval of the Veterans Affairs Chief Information Officer. Where appropriate, U.S. person identities have been removed. Should you have a requirement for particular U.S. person identity information, contact the VA-NSOC. No portion of this report should be furnished to the media, either in written or verbal form.
Posting it on their web site doesn’t count as furnishing it to the media, I guess.