The Department of Veterans Affairs (VA) has admitted – through a recent settlement agreement – to wrongfully disclosing for a brief period of time the COVID-19 vaccination data of over 500,000 VA employees in October 2021 without the employees’ permission.
The American Federation of Government Employees’ (AFGE) National VA Council (NVAC) filed a grievance against the agency on behalf of the affected employees at the time, and the VA agreed to notify AFGE’s bargaining unit of the disclosure.
In a statement to MeriTalk, NVAC said the privacy breach was active for two hours, disclosing a list of all employees who had certified their COVID-19 vaccination status with the VA.
The list – which included the names, positions, and vaccination status of all 500,000 employees – was sent to several people in senior leadership positions, including their executive assistants and support staff.
In July 2021, the VA mandated all healthcare staff to receive the COVID-19 vaccine, and later expanded the mandate in August to include most Veterans Health Administration (VHA) employees, volunteers, and contractors.
“Disclosing the personal information of more than a half a million employees is unacceptable and irresponsible,” said AFGE NVAC President Alma Lee. “While we are glad that the VA has admitted to this wrongdoing and has notified our bargaining unit employees of the violation of their rights, we hope that a breach of this magnitude never happens again.”
“VA remains committed to providing the highest levels of privacy protection to its employees,” a VA spokesperson said in a statement to MeriTalk. “We investigated this matter and concluded on November 16, 2021, that the breach demonstrated a low risk of compromise.”