The personnel changes come on the heels of a directive issued last week by Nicholson to all VA supervisors reminding them about their responsibility in protecting sensitive and confidential information.

Because of the data loss, all VA employees will be required to complete a general privacy awareness and cybersecurity training exercise by June 30 and will also be required to sign a statement affirming their commitment to and understanding of their data security obligations.

In a statement issued May 26, Nicholson announced that he has convened a task force to review department-wide information security practices. As part of the effort, the task force will compile an inventory of all positions within the VA that require access to sensitive data. The inventory will include information on justification for access, data type and method of access. The task force has until June 30 to complete the inventory.