VA outsourcing breach risks expose personal data of a House staffer

The #1 Fear: ‘Sweetheart, Did You Buy a Porsche in China?” L., sure you might have your fears. AJ certainly did: My outsourcers now know an alarming amount about me—not just my schedule but my cholesterol, my infertility problems, my Social Security number, my passwords (including the one that is a particularly adolescent curse word). Sometimes I worry that I can’t piss off my outsourcers or [ll end up with a $12,000 charge on my MasterCard bill from the Louis Vuitton in Anantapur. The good news is that misuse of financial and confidential information is rare. In all of the interviews I conducted for this section, I could find only one case of information abuse, and I had to search long and hard. It involved an overworked U.S.-based VA who hired freelance help at the last moment. Commit to memory the following—never use the new hire. Prohibit small-operation VAs from subcontracting work to untested freelancers without your written permission. The more established and higher-end firms, Brickwork in the below example, have security measures that border on excessive and make it simple to pinpoint abusers in the case of a breach: e» Employees undergo background checks and sign NDAs (nondisclosure agreements) in accordance with the company policy of maintaining confidentiality of client information e » Electronic access card for entry and exit e » Credit card information keyed only by select supervisors e » Removal of paper from the offices is prohibited e » VLAN-based access restrictions between different teams; this ensures that there is no unauthorized access of information between people of different teams in the organization e » Regular reporting on printer logs HOUSE_OVERSIGHT_013882