Contractors seek delay in USAID vetting system

A prominent trade association has asked the U.S. Agency for International Development to delay implementing a system designed to deny funds to individuals or groups associated with terrorism.

The new Partner Vetting System will collect basic personal information on nongovernmental organizations, contractors and other groups and individuals with potential access to USAID funds. The data will be checked against government databases to identify potential links to terrorist organizations or activities.

The agency already has a similar program in place, but it is limited to organizations operating in the West Bank-Gaza region. The new program would require companies and organizations doing business with the agency worldwide to provide information on employees -- including name, date and place of birth, Social Security number or equivalent government-issued identification number, address and employment data.

The Professional Services Council, an Arlington, Va.-based contractors association, issued comments Monday on a July 17 Federal Register notice about the system issued by USAID. In a letter to USAID Chief Privacy Officer Philip Heneghan, PSC's senior vice president and counsel, Alan Chvotkin, asked the agency to delay introducing the program until "numerous ambiguities and inconsistencies are addressed."

Chvotkin met with USAID officials Tuesday to discuss the program and said they told him that its provisions would be applied gradually to contractors.

"It is not going to go agencywide immediately," Chvotkin said. "There will be a phase-in period as to the number of organizations covered and number of agency programs affected in locations around the world."

According to USAID's Partner Vetting System Web site, the data collected through the system is not used to populate other databases and is shared only with the Justice Department for matching purposes. The site also says USAID does not retain the information after it is checked.

Chvotkin said the individuals required to submit information will likely vary depending on contracts and the structure of organizations seeking to work under them. He said USAID wants to collect data on people directly responsible for procuring and administering USAID funds, but such individuals could range from members of a company's board of directors to its senior executives and project managers.

In his letter, Chvotkin expressed concern that the program could impose a "secret determination of eligibility" and that individuals who return a positive hit in the matching system might have no recourse to question that result -- or might not even know that they were the cause of the hit.

"What happens when that hit comes up is an area that is troubling to us because it is unstated and there is no ability to correct," Chvotkin said. "There ought to be some rights of individuals and some ability of organizations to address these positives or false positives … We've encouraged USAID to develop [a system to do this] and, before finalization, to work through these very important privacy and policy issues."

USAID did not return calls for comment Tuesday, but Chvotkin said his meeting with the agency represented "a good faith effort to reach out to affected communities …. We're satisfied the dialogue has begun and hope it continues in a meaningful way over the next few weeks and into the implementation of the program."

Stay up-to-date with federal news alerts and analysis — Sign up for GovExec's email newsletters.
Close [ x ] More from GovExec

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Sponsored by G Suite

    Cross-Agency Teamwork, Anytime and Anywhere

    Dan McCrae, director of IT service delivery division, National Oceanic and Atmospheric Administration (NOAA)

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security


When you download a report, your information may be shared with the underwriters of that document.