Was the VA too lax?
As security experts ponder the future ramifications of the Veterans Affairs data theft, some are still trying to make sense of what went wrong at the agency. Glenn Hill, IT security manager for Northeastern University in Boston, said it’s too soon to pass judgment on the agency. “While we’d like to think that removal of sensitive information from workplaces is tightly controlled, the fact is that information can be moved using a variety of methods and media where successful detection may come down to implementation of costly, intrusive and time-consuming [measures] that are impractical and unacceptable to both organizations and their employees,” he said in an e-mail exchange. Asked if the VA employee should have been allowed to take such sensitive data home, Hill said that in today’s fast-paced workplaces, “these interests often take their place in a context of expediency, which can imply that some parts of the work may need to be undertaken offsite; often at home.” He said Northeaster
