The investigation into the whistleblower's allegations found that, in many cases, any user in the VA's data system could view information like an individual’s date of birth, social security number, address or phone number.

The investigation into the whistleblower's allegations found that, in many cases, any user in the VA's data system could view information like an individual’s date of birth, social security number, address or phone number. Peter Dazeley / Getty Images

Featured eBooks
Best Dates to Retire in 2025
Space Tech
The Future of the Air Force
Insights & Reports
GenAI: The Trust Multiplier for Government
Presented By Salesforce
Download Now
2024 NA Federal Industry Trends Survey
Presented By Cellebrite
Download Now
Oversight

VA whistleblowers honored for uncovering mismanagement of veterans’ personal information

Despite receiving OSC’s Public Servant award, the whistleblowers disagreed with investigators’ conclusions that they could not substantiate all of their accusations regarding the department’s alleged inappropriate use of personally identifiable information.

Sean Michael Newhouse

|
Sean Michael Newhouse
Sean Michael Newhouse
Staff Reporter

Updated 6:00pm ET on Oct. 15, 2024. 

The Office of Special Counsel on Oct. 10 honored three Veterans Affairs Department whistleblowers with the agency’s Public Servant award after their actions revealed that veterans’, employees’ and others’ personally identifiable information remained unprotected on a department data system. 

Former senior program manager Peter Rizzo, program analyst Kristen Ruell and another VA employee who chose to remain anonymous informed OSC that officials were improperly storing personal information in the department’s internal electronic system for correspondence work. The system is used to manage and track matters such as agency documents and assistance for veterans inquiring about VA services.

“The investigation spurred by their disclosure uncovered thousands of instances in which personal information was not properly protected and was accessible to VA employees across the agency regardless of the employees’ need to know,” Special Counsel Hampton Dellinger said in a statement. “This case illustrates how OSC’s disclosure process is a vital mechanism that ensures executive agencies meet their obligations and strengthens the public’s trust in its government.”

After OSC referred the disclosure to VA, the department found that, in many cases, any user could view information like an individual’s date of birth, social security number, address or phone number. Investigators were not able to determine how often such unauthorized access occurred, however, because that information wasn’t recorded due to a recent transition to a new data tool.   

VA, in response, began restricting access within the system and designated all open and closed cases in it as “sensitive.” 

In a September report to the president, OSC noted that the whistleblowers criticized how long it took VA to investigate their allegations. They also disagreed with the department's conclusions that it could not substantiate their other accusations: that officials did not include relevant information from the internal system in response to Freedom of Information Act and Privacy Act requests and that VA police improperly used information from it while investigating suspected criminals. 

Despite the disagreements, Dellinger noted in the September letter that he expected the VA to continue to monitor and audit use of personal information in the system and urged the department’s inspector general to closely monitor how VA adheres to associated laws.

Correction: This story has been updated to clarify that VA conducted the investigation into the whistleblowers' allegations.

NEXT STORY: HHS to crack down on providers blocking access to electronic medical records