VA Moves To Encrypt Data To Prevent LossesVA Moves To Encrypt Data To Prevent Losses

Fool me once, shame on you. Fool me twice, it's probably time to make some changes. That's the sentiment at the Department of Veterans Affairs after a second PC with sensitive departmental data turned up missing, affecting 38,000 people.

A computer disappeared earlier this month from contractor Unisys' offices, following the May über-breach that compromised about 26.5 million data records on veterans. VA Secretary James Nicholson last week sought to avoid a third such embarrassing incident by mandating that 300,000 departmental computers and mobile devices immediately be upgraded with encryption technology.

VA tapped Systems Made Simple to do the work, signing the contractor to a $3.7 million contract to install GuardianEdge Technologies and Trust Digital mobile encryption software on all laptops by mid-September. After that, the VA will add the software to all of its desktops and enforce the encryption of all data stored on flash drives and CDs.

Encryption can be an expensive and cumbersome way to protect data, which is why the technology isn't more widely deployed. Given the hundreds of millions of dollars the VA spent notifying veterans that their data was missing and the cost of credit-monitoring services that the VA promised to offer before the initial laptop was recovered, the money it's paying SMS is a bargain.

And, while encryption technology adds latency, it's another trade-off the VA is happy to make to keep out of the papers.