Veterans' benefits applications slated for shredder

Computerworld - The U.S. Department of Veterans Affairs' undersecretary for benefits has ordered all VA regional offices to suspend document shredding activities after several original copies of veterans' applications for financial benefits were found among those slated for shredding.

No duplicates existed for the documents that had been scheduled for destruction, which meant if they had been shredded, applications would have been lost. The offices process veterans' applications for disability pay, pensions, home loans and other financial benefits.

Had the documents been destroyed, the action "might have affected the fate of veterans' applications," for benefits, the VA said in a statement issued today.

VA Secretary James Peake vowed "swift action" in the wake of the discovery. Anyone who is discovered to have violated the department's policy on data protection "will be held accountable," Peake said in the statement.

No mention was made of the actual number of documents that were saved from shredding, but the VA statement described affected documents as a "handful."

The suspension of shredding activities will remain in place until the VA determines whether the practice is more widespread or not. Before shredding is allowed to resume, directors of the regional offices will have to sign off that no originals of key documents or records from cases under consideration are being shredded.

The documents that were saved from shredding are being returned to the "proper offices" for processing.

The VA has been under fire over its data protection practices. The agency found itself in the spotlight in 2006 when a laptop PC and external hard disk containing personal data on 26.5 million veterans and active-duty military personnel were stolen from the house of a VA data analyst.

Both pieces of hardware were later recovered by the FBI, which said the data appeared to have been untouched. Still, the episode triggered sweeping changes at the agency.

Last November, the agency said it was investigating a potential data compromise involving about 12,000 veterans after three computers holding the data were stolen from a VA facility in Indianapolis.

In an earlier incident, an IT specialist at a VA medical center in Birmingham, Alabama reported as missing a hard disk containing personal data on more than 250,000 veterans (PDF) and an additional 1.3 million medical providers.

In August 2006, the VA disclosed that Unisys Corp., a subcontractor hired to assist in insurance collections for VA medical centers in Pittsburgh, had reported a missing computer containing personal data on more than 16,000 veterans.

At a 2006 hearing over the breach that had resulted in the exposure of 26.5 million records, VA officials disclosed several other security incidents. One of them was the loss of a back-up tape containing legal and case related information on 16,500 veterans from Indianapolis. Another disclosed at the hearing involved the loss of Social Security numbers and other personal data on 66 veterans when a VA auditor's rental car with papers containing the data in its trunk was stolen.