So, yeah, its [previous VA data loss] old news, but I was told about this specific bit today.
Do you know why the laptop a) had all the data and b) was taken home? Because this employee had a cool idea for a "fascination project" [quote from page 2] which he "'self-initiated" on "his own time." And this pet project required all the veteran data.
The second highlight (should I say "lowlight"? :-)) was related to VA processes and centered around the second instant winner of the idiom contest (takes second place after the aforementioned "fascination project" :-)): "casual hallway meeting." The facts of a breach were reported to the superiors via a "casual hallway meeting." I can picture this: "Yo, Joe, this guy here lost a laptop with 26 m personal records of our veterans!" - "Wow, it sucks! Let's go get some coffee!" :-)
Is this happening at your company right now? I bet'ya, it does! When you think "insider attacks/abuse" you should not obsess over dumpster diving ex-KGB colonels on the Mafia service; think dumb IT pros on their stupidity dis-service...
More fun quotes follow, but do read the report /and weep/, it is just 9 pages and it would help you to learn why Albert Einstein supposedly said "Two things are infinite: the universe and human stupidity; and I'm not sure about the universe..."
Quote 1: "The employee explained that much of the data that he had stored on the stolen external hard drive was for his "fascination project" that he self-initiated and worked on at home during his own time. "
Quite 2: "Mr. McLendon also did not inform his direct supervisor, Mr. Duffy, when he learned of the incident on May 3, 2006. Mr. Duffy advised us that he did not learn of the theft until Friday morning, May 5, 2006, when he spoke with the OPP&P ISO, in what Mr. Duffy described as a rather "casual hallway meeting." "
Quite 3: "Mr. Duffy said he just did not perceive this as a crisis. In hindsight, he added that his greatest regret is that he "failed to recognize the magnitude of the whole thing." "