Technology evolves so quickly these days, it can be difficult to keep up. That constant game of catch-up is particularly true for policies — especially government policies — which tend to evolve much more slowly than the next generation of tech capabilities.
That lag, in part, explains the problems agencies have these days with keeping data safe.
The amazing advances in technology have made it possible, in the case of the Veterans Affairs Department, for just about anybody to carry personal data on millions of veterans.
In addition, ever-larger amounts of data are easily accessible online. Many agencies used Social Security numbers for various purposes. At the time, it seemed to make sense. Today, it just doesn’t.
It is a brave new world. And agencies are having to reformulate the way they do business in this brave new world.
One of the areas where they urgently need to change their ways is in the critical connections among mobile data, security and privacy.
In the old days of the all-paper world, of course, agencies would collect as much data as possible during transactions with citizens because the data collection process was complex and costly. Those same obstacles also made it nearly impossible for agencies to get that data from other ones.
Today, it is much easier to acquire data, either because it was collected previously or, increasingly, because another agency has that information in an easy-to-share electronic form.
Privacy concerns are increasingly in the spotlight. Agency executives are much more aware that the more data they collect, the more data they must secure. Privacy advocates have long urged agencies to collect only the data that is really necessary. Besides being the right thing to do from a philosophical perspective, that also makes agency officials’ jobs easier.
Some agencies, however, still reflexively collect personal information with no clear purpose. The Postal Service Web site, for example, continues a nonsensical policy that requires people to register before they can buy stamps.
It remains unclear to us why an organization would require people
to provide that information when it only means they have to secure it.
Experts preach that both privacy and security need to be key considerations at the earliest stages of system development.
In the end, just about everybody knows most of this. Last year, in the wake of the stolen VA laptop, there was a palpable sense of people saying under their breath, “Thank goodness it was them and not us.”
Yet in the past 12 months, data losses have struck just about every agency. If it hasn’t yet, just wait.
There are few issues that have such potential to damage citizens’ view of government. In a way, every agency ought to thank VA and then redouble their efforts to ensure their agency has taken steps to demonstrate they take the issue seriously.
