Veteran Affairs Privacy and Information Security Laws

Verified

Added on 2023/06/03

AI Summary

This article discusses the privacy and information security laws that regulate the Veteran Affairs in the United States. It highlights the laws violated, what contributed to the problem, and security controls and mitigation strategies. The difference between privacy law and information security is also explained.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

By (Name)
The Name of the Class (Course)
Professor (Tutor)
The Name of the School (University)
The City and State
The Date

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Laws Violated
The judiciary of the United States has played a significant role in balancing the interests of
security and the person’s right to privacy. This stems from the fact the US constitution and the
Bill of Rights does not embody express provisions that guarantee the right to privacy. However,
Peltz-Steele (2015) contends that the right to privacy of information within the meaning of the
constitution is regarded to be ‘the right to be left alone’. Justice Brandei in Olmstead v. United
States (1928) the right to privacy of information is entrenched in the Fourth Amendment of the
Constitution which provides that people have the right to be secure and this right includes the
right to have their papers, houses, papers and effects to be secure. In addition, the Fourth
Amendment of the constitution provides that the person, his papers, houses and effects must be
secured and the right must not be subjected to unreasonable seizures and searches. In case a
warrant is issued, it must be premised on credible grounds (Cobb, 2016).
Against this backdrop it is prudent to note that the primary legislation that regulates the right to
privacy of information in the United States is the Federal Trade Commission Act (FTCA). The
right privacy of information is protected under section 5 of the FTCA which prohibits any
individual from engaging in a practice or act that is deceptive of unfair and which will have an
effect on commerce. It is apparent that the FTCA may not expressly provide for the right to
privacy and information security in its dictates. However section 5 of the FTCA has been
interpreted to apply to information security and data privacy.
Information security law in the United States have been brought to force to protect information
that is personally identifiable from access, disclosure or acquisition that is not authorized by the
relevant authority. These laws have also been referred to as data breach laws, it is instructive to
note that these laws have a profound relationship with privacy laws. The Privacy Act of 1974 is
the chief regulation that protects the privacy of information and data. Ideally it regulates the use,
dissemination and collection of any record that has any records about a certain individual and
which is under the custody of the federal agency. However, it is prudent to note that the primary
focus of this study is the United States Veteran affairs privacy and information security laws.
The information and privacy of the veterans is regulated by the Veterans Affairs Information
Security Act (Veterans Benefits, Health Care, and Information Technology Act of 2006, P.L.
109-461) which by virtue of U.S.C. §§ 5722 imposes an imperative on the veteran administration

to protect ‘sensitive personal information’ that relates to Veteran affairs through bringing to
robust agency information security procedures. It bears noting that the P.L. 109-461, § 902 was
given life as law in may 2006 after the occurrence of the famous breach of sensitive personal
information of approximately 25.6 million veterans which was as a result of theft of a hard drive
from a Veterans Affairs employee home (Stevens, 2010).
According to P.L. 109-461, § 902 ‘sensitive personal information’ is defined as any information
about a certain individual that is under the custody of an agency and which entails education and
financial details, medical, criminal and employment background. The information security of the
Veteran affairs is also regulated by the P.L. 114-113, The Cyber Security Act of 2015. More
particularly section 406 of the P.L. 114-113 imposes an imperative on the inspector general of
all the agencies including the Veteran Affairs to make a report to congress detailing the cyber
security measures that they have adopted and implemented. This targeted at strengthening the
information security of the Veteran Affairs and other agencies.
By dint of the P.L. 109-461, in the event that there is a breach of the Veteran Affairs sensitive
personal information it is the obligation Veteran Affairs secretary to ensure that once the breach
of data has been revealed to them, the Veteran Affairs Secretary general performs an
independent risk analysis to establish the potential implications of the breach of the sensitive
personal information is misused (38 U.S. C. § 5724(a)(1)).
What Contributed to the Problem?
The information security breaches that have been revealed in the case study are largely attributed
to a weak security control system in the Veteran Affairs. There was no assessment of the
potential risks could have led to the breach. Further the Veteran Affairs secretary and the
inspector general may have failed to foresee the risk that there could be a data breach of the data
is not handled appropriately. Apparently, there was a negligent and reckless handling of the
security data by the Veteran Affairs. This is demonstrated by the fact that they allowed the a
Veteran Affairs employee to carry very crucial security data containing sensitive personal
information’ personal information of the veterans.
Security Controls and Mitigation Strategies

There are certain security controls and mitigation strategies that may be applied by the Veteran
Affairs to prevent or combat violations. These include;
a. Conducting frequent assessments of implications of a risk and the impact of any harm
that could be engendered by use, access, disclosure or destruction without authority of
Veteran Affairs information so as to mitigate any risks of security breach
b. Bringing to force new security controls that seek to safeguard the confidentiality and
integrity of sensitive personal information, systems security, security strategies and
information systems of the Veteran Affairs. It is of interest to note that the security
controls must be tested frequently
c. Putting in place security measures that are targeted at the detecting, reporting and
responding to any suspicion of data security breach or any other data security concern
Difference between Privacy Law and Information Security
From the above analysis it can be argued that there is a clear difference between privacy laws
and information security laws. Privacy law is a field of law that deals with the retrieving and
dissemination of information. On the other hand, information security laws ensure that certain
information is secured. In this sense, the Veteran Affairs data protection laws that have been
discussed in this paper primarily focus on securing information that pertains to the members of
Veteran Affairs. Therefore, they can be regarded as information security laws and not privacy
law. Any breach of the Veteran Affairs will be regarded as a violation of information security
laws.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

References
Cobb, S. (2016). Data privacy and data protection: US law and legislation. An ESET
White Paper, 1-15.
Olmstead v. United States, 277 U.S. 438 (1928).
Peltz-Steele, R. J. (2015) 'The Pond Betwixt: Differences in the US-EU Data
Protection/Safe Harbor Negotiation' Journal of Internet Law, 19(1): 1,15-30.
Stevens, G. (2010). Federal information security and data breach notification laws.
DIANE Publishing.
The Cyber Security Act (2015 P.L. 114-113).
Veterans Affairs Information Security Act (2006, P.L. 109-461).

1 out of 5

+13062052269

info@desklib.com

Veteran Affairs Privacy and Information Security Laws

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Legal Regulation and Compliance PDF

Computer Law Crime And Investigation Research paper 2022

Public Safety and Privacy of Individuals | Paper

Ethics of Privacy: Balancing Accountability and Personal Protection

Critical Infrastructure Authorities Assignment 2022

Criminal Justice: Ethical Problem and Search and Seizure Cases