<html>
<body>
I predict, that in the future, some of these lessons may be learned
again.<br><br>
Privacy: Lessons Learned about Data Breach Notification.
GAO-07-657, April 30.<br><br>
Much of this concerns internal prompt notification, like to law
enforcement and within organizational hierarchy, getting correct names
& addresses of who to notify and other legal
complications.<br><br>
The GAO report includes a summary of data breach incidents at 6 gov
agencies (Depts of Agriculture, Defense, Education, Health+Human
services, Transportation and Veteran's Administration) ... any here we
did not already know about?<br>
* 2006 Jan Farm Services FOIA contractor oops on 80,000 tobacco
producers<br>
* 2006 Mar Navy Marine Corps thumb drive lost 207,570 individuals<br>
* 2006 May VA employee home burglarized affecting 26.5 million <br>
* 2006 June National Student Loan CD lost in transit on
<font face="Helvetica, Helvetica">13,756 individuals<br>
</font>* 2006 June HHS contractor employee laptop stolen
<font face="Helvetica, Helvetica">49,572 Medicare beneficiaries<br>
</font>* 2006 Dec DoT laptop stolen from car parked in FL
<font face="Helvetica, Helvetica">133,000 commercial drivers & FAA
pilot licensees<br>
</font>
<a href="http://www.gao.gov/cgi-bin/getrpt?GAO-07-657" eudora="autourl">
http://www.gao.gov/cgi-bin/getrpt?GAO-07-657<br>
</a>Highlights -
<a href="http://www.gao.gov/highlights/d07657high.pdf" eudora="autourl">
http://www.gao.gov/highlights/d07657high.pdf<br><br>
</a>GAO conclusions specifically on VA data breaches.<br>
<a href="http://www.gao.gov/highlights/d07532thigh.pdf" eudora="autourl">
http://www.gao.gov/highlights/d07532thigh.pdf<br>
</a></body>
</html>