Last month, the Director of the VA Privacy Service, John Buck, and HiSoftware c0-presented a session at the IAPP Global Privacy Summit entitled “US Department of Veterans Affairs’ Battle to Protect Privacy.” This blog post summarizes that presentation.
The US Department of Veteran’s Affairs (VA) provides benefits and services to more than 20 million veterans and over 350,000 agency employees worldwide through a range of Web pages and Web-enabled applications.
With a brief to provide universally accessible online services, while safeguarding protected health and other personally identifiable information, the VA has taken an aggressive approach to data privacy.
The VA is keen to promote best-in-class privacy practices and its evolving approach is a good model for how all government agencies can embrace new technologies, balancing the need to protect sensitive information against the benefits of collaboration, sharing information and the need for public services transparency.
With 663 privacy officers and a Privacy Service staff of nine, the VA takes its compliance responsibilities seriously. To support its staff in managing risk across 1,000 sites, some of which are public facing, it has taken steps to automate compliance and collaboration relating to content in its SharePoint 2010 system. The department faced compliance challenges arising from its huge and diverse contributor base and the massive expansion of its content.
Following a successful pilot of HiSoftware Compliance Sheriff, the VA signed a three-year contract for the HiSoftware solution to meet a requirement for a practical privacy program that achieves compliance and regulatory conformance while supporting the evolving business needs of the agency. The VA’s aim is to deliver a privacy program that makes it easier for users to ‘do the right thing’.
There are three key components to this project:
- Set up a SharePoint 2010 ‘Model Farm’ to demonstrate a best practices approach for privacy and Section 508 accessibility compliance across government. This will model business requirements underpinned by a comprehensive review of who uses SharePoint within the organization and how they use it. Perhaps they used it to send emails collaborate on documents, share calendars – or they may use all three applications and more. The ‘Model Farm’ will also model compliance requirements by exploring all the privacy regulations and how they may be best addressed. Finally it will model the technical requirements that determine how Compliance Sheriff, SharePoint 2010 and other Microsoft technologies can work together to automate compliance enforcement. The hope is that this will provide a best practice resource for securing SharePoint content across government.
- Add two new SharePoint 2010 sites
- Expand existing MOSS sites for continuous improvements, automated notification and continued scanning of existing sites.
HiSoftware Compliance Sheriff delivers a balance between data management and protection with a platform that:
- Honors data privacy and security policies, laws and regulations
- Enables enforcement
- Minimizes risk of data loss or misuse
- Minimizes potential impact of data loss or theft
- Generates proof of effectiveness and execution of data protection policies and measures compliance
View the IAPP presentation: US Department of Veterans Affairs’ Battle to Protect Privacy
Read more about the VA’s battle to protect privacy.