Department of Veteran Affairs laptop found

It looks like they’ve finally recovered the data (laptop) and the VA employee that apparently didn’t have permission now indeed did have permission. How the heck do you misplace permission forms for that long? And don’t think the whole mandate for encrypted laptop security and two-factor authentication is going to help any.
In any case, this still doesn’t resolve the fact that there are some serious issues with how the data is managed. Why are the social security numbers not in an actual database? Where you have to authenticate yourself into a government VPN? The employee was a “lead programmer for the Policy Analysis Service”. Shouldn’t he have known better?
There are a lot of issues with the whole network design for securing sensitive data. We wouldn’t be surprised if the Department of Veteran Affairs still scores low next year in the whole security thing after this high profile public affairs issue blows over.
Slashdot < SFGate