Battle over VA's data breach heads to mediation
Plaintiffs allege that department's failure to enact proper protocols left their personal information unprotected.
Lawyers for people who sued the Veterans Affairs Department over last year's data breach will begin mediation with government attorneys in the weeks ahead and will update the federal judge overseeing the case in early 2008.
Earlier this month, U.S. District Judge James Robertson dismissed several aspects of the case but said the handful of plaintiffs sufficiently made the claim that the department failed to safeguard their personal information, as required by the Privacy Act.
The action was brought to the U.S. District Court for the District of Columbia as a potential class-action representing each of the estimated 26.5 million veterans whose data could have been jeopardized in the incident. The FBI eventually recovered the stolen equipment and said the files were not accessed.
The mediation must be verified by the court by Dec. 7, and a status conference will be held after a 60-day work period, Robertson said at a Wednesday hearing. The Justice Department, which is representing the VA, previously asked that the case be dismissed.
Federal privacy law requires agencies to "establish appropriate administrative, technical and physical safeguards to insure the security and confidentiality of records to protect against any anticipated threats or hazards to their security or integrity."
The plaintiffs alleged that the VA's failure to enact such protocols "left their personal information unprotected [and] caused them to suffer emotional and pecuniary harm." If the suit is successful, each veteran impacted would get a minimum of $1,000 in damages.
The government sought to have the claim dismissed on the grounds that the veterans failed to plead intentional or willful violations of the act, according to court documents. That would require proving that the VA "acted with something greater than gross negligence."
"Clearly, the VA is eager to convince veterans that while egregious security breaches occurred, they suffered no harm," plaintiff Tod Ensign wrote on his Citizen Solider Web site. "At a minimum, all the veteran groups are committed to forcing the VA to adopt reforms that ensure this kind of privacy invasion doesn't occur again."
American Civil Liberties Union Legislative Counsel Tim Sparapani said Robertson's decision to allow the lawsuit proceed "is a wake-up call to the federal government. Safeguard the data you gather on the public and put it in a vault with protections like Fort Knox because the private data is like gold in identity thieves' hands."