Battle over VA's data breach heads to mediation

Lawyers for people who sued the Veterans Affairs Department over last year's data breach will begin mediation with government attorneys in the weeks ahead and will update the federal judge overseeing the case in early 2008.

Earlier this month, U.S. District Judge James Robertson dismissed several aspects of the case but said the handful of plaintiffs sufficiently made the claim that the department failed to safeguard their personal information, as required by the Privacy Act.

The action was brought to the U.S. District Court for the District of Columbia as a potential class-action representing each of the estimated 26.5 million veterans whose data could have been jeopardized in the incident. The FBI eventually recovered the stolen equipment and said the files were not accessed.

The mediation must be verified by the court by Dec. 7, and a status conference will be held after a 60-day work period, Robertson said at a Wednesday hearing. The Justice Department, which is representing the VA, previously asked that the case be dismissed.

Federal privacy law requires agencies to "establish appropriate administrative, technical and physical safeguards to insure the security and confidentiality of records to protect against any anticipated threats or hazards to their security or integrity."

The plaintiffs alleged that the VA's failure to enact such protocols "left their personal information unprotected [and] caused them to suffer emotional and pecuniary harm." If the suit is successful, each veteran impacted would get a minimum of $1,000 in damages.

The government sought to have the claim dismissed on the grounds that the veterans failed to plead intentional or willful violations of the act, according to court documents. That would require proving that the VA "acted with something greater than gross negligence."

"Clearly, the VA is eager to convince veterans that while egregious security breaches occurred, they suffered no harm," plaintiff Tod Ensign wrote on his Citizen Solider Web site. "At a minimum, all the veteran groups are committed to forcing the VA to adopt reforms that ensure this kind of privacy invasion doesn't occur again."

American Civil Liberties Union Legislative Counsel Tim Sparapani said Robertson's decision to allow the lawsuit proceed "is a wake-up call to the federal government. Safeguard the data you gather on the public and put it in a vault with protections like Fort Knox because the private data is like gold in identity thieves' hands."

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Cyber Risk Report: Cybercrime Trends from 2016

    In our first half 2016 cyber trends report, SurfWatch Labs threat intelligence analysts noted one key theme – the interconnected nature of cybercrime – and the second half of the year saw organizations continuing to struggle with that reality. The number of potential cyber threats, the pool of already compromised information, and the ease of finding increasingly sophisticated cybercriminal tools continued to snowball throughout the year.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • GBC Issue Brief: The Future of 9-1-1

    A Look Into the Next Generation of Emergency Services

  • GBC Survey Report: Securing the Perimeters

    A candid survey on cybersecurity in state and local governments

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

  • eBook: State & Local Cybersecurity

    CenturyLink is committed to helping state and local governments meet their cybersecurity challenges. Towards that end, CenturyLink commissioned a study from the Government Business Council that looked at the perceptions, attitudes and experiences of state and local leaders around the cybersecurity issue. The results were surprising in a number of ways. Learn more about their findings and the ways in which state and local governments can combat cybersecurity threats with this eBook.


When you download a report, your information may be shared with the underwriters of that document.