Return to Article: VA to fire data analyst responsible for records breach

By Daniel Pulliam dpulliam@govexec.com May 31, 2006
  • 17413

    All the analysts I know in VA are overworked. Taking work home has been encouraged and routine. This was a long-term, conscientious employee just trying to get his work done. VHA guidelines for treatment of private data on computers have been limited at best, and I have never seen any guideline pertaining to encrypting PHI on laptops until the last month. Perhaps they have existed, but VHA has done a poor job of keeping its employees aware of current directives and guidelines. If one looks at the last privacy and security training, there's nothing there that would have changed the outcome of this situation. Information management in VHA has been in perpetual disarray for years and this is one manifestation of it. Now there's a major top-down effort in VHA to catch up and fix its policies that should have been fixed years ago -- that should be indicative of where the fault really lies. Keep the scapegoat analyst and his boss and purge from the top of VHA.

    GovExec.com reader Posted June 19, 2006 4:50 PM
  • 17234

    Sure Mr. Taxpayer. You take a computer home to do work, it is stolen and you are fired for not having the proper encryption on the computer. How about if you have hardcopy of the materials and you accidentally lose the hardcopy on the train? How about if you are sending this copy electronically and you send it to the wrong address by mistake.

    Why don't we just fire every federal employee who has ever made a mistake? You didn't like my comment but if you were that employee you certainly wouldn't want to be fired for having a computer stolen with data that was not encrypted. Sure he violated policy. Every employee who takes an hour lunch on our government's half hour lunch policy violates that policy -- so what!!!

    Those who are with sins should never cast stones. We have all made mistakes but to kill employment for those mistakes rather than actually fix the mistakes is just plain wrong!!!!

    HR Specialist

    GovExec.com reader Posted June 8, 2006 2:22 PM
  • 17178

    The guy should be fired without question. He violated all policies for data security and did so willingly and knowingly. They also should fire his supervisor for allowing it to happen.

    The HR specialist said, "You cannot have a fully functioning government if you scare civil service and protected employees who will make mistakes with the threat of termination. No employee will take any action out of fear." What a mistake that would be! When government employees refuse to follow policy and protect information of the people they are supposed to be helping, they should be fired! I am a civil servant and would expect to be fired if I did the same thing. Termination is the only significant threat for most civil servants (reduction or loss of pension benefits is another). This will become increasingly important in the "pay for performance" situation about to descend on us. Under pay for performance you will have to do everything the political appointees want are you will get nothing or maybe a negative real salary for opposing those illegal and immoral actions that the political appointees want done. Just remember that supervisors do not determine the final personnel grading -- it is reviewed up the chain and the final say lies with the political appointees! Pay for performance means that the government will get what political appointees want and will strengthen the position of incumbents tremendously -- why else would Tom Davis support it?

    Taxpayer Posted June 6, 2006 7:28 AM
  • 17171

    Hopefully the analyst will file an appeal with the U.S. Merit Systems Protection Board (MSPB). In general this has to be done within the first 30 days. This would allow the analyst to present his side of the story and have it reviewed impartially.

    I encourage other federal employees to visit the MSPB site. Reading some of their past decisions can help you better understand your rights and responsibilities. MSPB decisions are made strictly in accordance with regulations whereas agency decisions are sometimes (as in this case) made for political or emotional reasons.

    The MSPB web address is:

    http://www.mspb.gov

    GovExec.com reader Posted June 5, 2006 5:50 PM
  • 17165

    I can't believe they are going to fire that poor guy!! For instance, one of our offices lost a fingerprint laptop ... did you hear about it in the news? No, because it's who is looking out for them!!! Like most of you said, everyone takes home work. I work in the employment office of the IRS. We are famous for taking work home. Every single GS 12/13/14/15 has a laptop. they download information from here and work at home (conveniently) on Fridays, Saturdays and even Sunday and get paid comp time.

    GovExec.com reader Posted June 5, 2006 2:38 PM
  • 17152

    What a shame,

    I guess this employee doesn't have enough friends and/or relatives in high places in the civil service to help him out. Over at DoD (Navy) where I used to work, he would have been promoted if he were in the boys' club. And all of this shoved under the rug.

    Dis-gruntled.

    GovExec.com reader Posted June 5, 2006 8:24 AM
  • 17095

    Let us all not forget who is really responsible for this act of theft and loss of data! As much time, effort, and money should be used to find the thief/thieves who are the real guilty ones here! Let's save the torches and pitchforks for them and not this employee. As others have said, "there but by the grace of God..." The employee took home the data to do his job, not to benefit or profit personally. Let's not forget that he was forthright in admitting the loss of the data when he could have remained silent. I was one of the employees who had their credit card information lost, so I can understand the time and effort it will take to contact the credit bureaus, watch your credit reports and monitor your bank statements. A phone call to one of the credit bureaus will put a watch on your information at all three bureaus. You can obtain a credit report once a year from each of them. What that means is that you can request a credit report every four months for free by rotating your request.

    GovExec.com reader Posted June 1, 2006 8:31 PM
  • 17088

    So, they are going to fire the analyst. Management has known since 2003 that he was doing work at home. And yet his laptop was not protected by encryption? Doing background checks or firing him now is closing the barn door after the horse is gone. It's too little, too late.

    I feel for the analyst. Short supplies, no overtime or comp time, no travel / TDY / training -- all disapproved -- business as usual -- but get your job done or get written up. I hope he files EEO, Privacy Act, FOIA, union grievances and retires. If someone like a spy at the CIA can keep his pension, this poor soul who was a victim of a theft should be able to keep his.

    GovExec.com reader Posted June 1, 2006 3:36 PM
  • 17087

    If there was a crime committed, I would like to see him tried in criminal court in an effort to bring the entire story to light. Let's not just hang the guy at the bottom, but find out the root cause and eliminate that, too.

    Rizwan Khawaja Posted June 1, 2006 3:01 PM
  • 17085

    Congress is busy pushing telework and then responds with calls for termination when something goes wrong with someone who is working at home. This is typical congressional scapegoating. So far there is no indication that the data has been used by anyone. The Senate just promoted the former head of the NSA to head the CIA after he eavesdropped illegally on untold numbers of Americans. This just shows the treatment handed out to low-level federal workers who make a mistake versus that for high level employees who willfully do wrong (but with political backing).

    Steven Brennan Posted June 1, 2006 2:00 PM
  • 17080

    The analyst better get a good lawyer to protect his pension. One of the real questions is whether the agency provided the analyst with security software, i.e. encryption and laptop tracking. I bet he had neither due to budget constraints.

    CS Posted June 1, 2006 10:24 AM
  • 17076

    I'd like to hear from the analyst! He was probably just trying to get his work done and is going to be the scapegoat here. If his management knew he was working at home and turned a blind eye, shame on them for not stepping up and saying something.

    GovExec.com reader Posted June 1, 2006 9:29 AM
  • 17071

    Just to interject some context to the incident, it is not unusual for career government employees to do something like this when their units are underfunded and understaffed. His intentions were probably honorable and a bad thing happened. I know government employees who do the same thing without incident. We would not punish them and should have some compassion for this individual.

    I hope he is offered a retirement instead of just resigning and getting nothing. Thirty years of service should be worth something.

    rds Posted June 1, 2006 9:10 AM
  • 17068

    Being retired military with extensive background in automation, I'm extremely irritated by this theft and the procedural ignorance in handling privacy act information.

    And yet, now being a civil servant, I know of many times that lack of overtime approval has required us to take work home in order to accomplish a mission that can not be done within an eight-hour day.

    Comp time is only another excuse to rob Peter to pay Paul. If you can't get your job done in a day's work, then giving you time off later only gets you further behind.

    Seeing both sides of this issue makes me wish for the old days of Schedule X work analysis. As cumbersome and time consuming as it was to track and analyze my day's activities from customer service, to phone calls, and then that rare actually productive work time, it did show in stark detail the difference between work and resources.

    All this trimming of the work force, in the name of efficiency, has left not only the military a shell but also their civilian counterparts.

    I am wondering how many other conscientious workers in that office did the same exact thing; taking home work, in a vain effort to "do the right thing." I can imagine them thinking "There, but for the grace of God, go I."

    With the chaff been thrown out, I hope the administration will look for the root cause of this occurrence; and a valid solution. With additional cuts, cut throat competition for performance-based salary increases, even fewer overtime approvals, and the further implementation of teleworking, I can see more incidences of this nature occurring. Perhaps next time it may be something even more critical than just all my life's information.

    Tip off.

    Tip Posted June 1, 2006 8:27 AM
  • 17063

    Wrong, wrong, wrong! Firing the analyst solves nothing. The VA is just trying to save face. The analyst was taking VA work home because they were carrying more than their fair load at work. Now, someone else will get dumped on and the problem will reoccur. How can the VA so callously do this to someone who was willing to do VA work on their own time?

    If the VA fires the analyst, they had better fire the management that caused this problem to begin with.

    Robert M. Posted June 1, 2006 7:40 AM
  • 17058

    That is outrageous.

    Rep. Bob Filner, D-Calif., acting ranking member of the House Veterans' Affairs Committee, has called for Nicholson to fire those responsible for the data compromise and then resign himself.

    You cannot have a fully functioning government if you scare civil service and protected employees who will make mistakes with the threat of termination. No employee will take any action out of fear.

    I would bet good money that this employee was required to take home that database and work gobs of uncompensated overtime to get the work accomplished from home. How is anyone going to function, especially teleworkers, if theft of their equipment will lead to termination?

    While I don't carry millions of social security numbers with me on my blackberry, it would be embarrassing to have it stolen because of files and e-mails. Do I risk losing my job if it is stolen?

    Should I not be able to work on HR-sensitive files on my laptop out of fear for my job?

    How dare this congressman throw stones at the VA when his organization is just filled with criminals -- the good congressman from California should be working to clean up his own house!

    I can't think of a worse outcome than firing a 30-year VA civil servant for this mistake. Keep killing the federal employees over mistakes and there will be nothing left of the government and nobody will take any risks or excel!

    HR Specialist

    GovExec.com reader Posted June 1, 2006 6:40 AM

Post a Comment

To post a comment, you must provide a name and a valid e-mail address. Messages must be limited to 400 words. By using this Service you agree not to post material that is obscene, harassing, defamatory, or otherwise objectionable. Although Government Executive does not monitor comments posted to this site (and has no obligation to), it reserves the right to delete, edit, or move any material that it deems to be in violation of this rule.

VA to fire data analyst responsible for records breach
*
*
*
Vendors Solutions Center