Two and one-half years ago, then-VA Administrator Jim Nicholson asked Congress for emergency funding of not less $160.5 million "for credit counseling
and other measures to protect veterans and military troops whose sensitive
personal information was stolen." Yesterday, the VA announced that it had agreed to pay $20 million to settle class-action litigation filed by five veterans groups as a result of that data theft.
Unfortunately for the taxpayers, there's a rub. As VA spokesman Phil Buhdan stated yesterday: "We want to assure veterans there is no evidence that the information involved in this incident was used to harm a single veteran."
It's even better than that. A lap top and external hard drive containing the data were stolen, and later recovered. According to FBI experts at the that time, the data had not been accessed by the thieves, much less used. In the intervening 30 months, not a single incident of identity theft or other unlawful use of the personal information was reported. So why pay $20 million?
The money, which will come from the U.S. Treasury, will be used to pay veterans who can show they suffered actual harm, such as physical symptoms of emotional distress or expenses incurred for credit monitoring.
[...]
According to the proposed settlement, veterans who show harm from the data theft will be able to receive payments ranging from $75 to $1,500. If any of the $20 million is left over after making payments, the remainder would be donated to veterans' charities agreed to by the parties, such as the Fisher House Foundation Inc. and The Intrepid Fallen Heroes Fund.
[...]
"This is a very positive result," said Douglas J. Rosinski, an attorney representing the veterans groups. "A lot of hard work went into finding a resolution that all the parties could be proud to say they were a part of bringing about."
$75 to $1500 a pop for "emotional distress." How many warriors will step forward and claim that prize? Not many, I bet. As for credit monitoring, the VA offered to provide free credit monitoring for any veteran who asked for it, but it wasn't necessary, was it? We knew it was a waste of money in the summer of 2006, and the absence of any misuse of personal information in the intervening months has only supported that view. The VA fired the parties responsible for the lapse of security, and the OMB changed its rules to require encryption of laptop hard drives, and all that was done without prompting by a class action lawsuit. Therefore, no actual harm exists to be compensated, and no dysfunctional behavior was corrected by the litigation.
The folks that this class-action litigation serves are the plaintiffs' lawyers. They'll make a lot more per-person than $75 to $1500. They'll make millions. For that small cadre, this outcome is, indeed, "a very positive result."
