On February 27, the VA CVE sent an email to companies listed in the VetBiz database, suggesting that all documentation submitted to the CVE may be subject to Freedom of Information Act requests. Many SDVOSBs and VOSBs were outraged–was the VA really stating that tax returns, payroll, bank signature cards, and other closely-guarded information would be made available to the public?
Now, after push back from SDVOSBs and VOSBs, the CVE has issued a press release clarifying that some documentation submitted to the CVE may be withheld under FOIA on a “case by case basis” and that the CVE will seek to limit the exposure of proprietary and personally identifiable information.
The press release is a good start, but in the wake of its misguided email, the CVE needs to do more to assure SDVOSBs and VOSBs that their proprietary information is safe in the government’s hands.
The CVE’s February 27 email stated:
Dear Veteran Business Owner:
Documentation provided to the Center for Verification and Evaluation by an applicant is subject to Freedom of Information Act (FOIA) requests, may be subject to publication in response to a FOIA request, and can be used for purposes other than the Verification application by FOIA requestors.
Determination of ineligibility does not make any statement regarding the legal standing and validity of a particular business model other than to impact its eligibility for Department of Veterans Affairs Veterans First Contracting Program.
If you have any questions, or need more information, please contact our Help Desk at 1-866-584-2344 or email VIP@VA.GOV.
Not surprisingly, many SDVOSBs and VOSBs were shaken by the email. After all, the CVE application process requires SDVOSBs and VOSBs to submit a great deal of information that most people consider proprietary and confidential, including business tax returns, personal tax returns, bank signature cards,and cancelled checks, as well as internal corporate documentation such as operating agreements, shareholders’ agreements, and bylaws. Releasing this information to the public could cause considerable harm to SDVOSBs and VOSBs, as well as to their individual owners.
Now, the CVE seems to have backed off its initial position. The CVE’s press release states:
The Center for Verification and Evaluation (CVE) acknowledges Veterans’ concerns regarding the possible FOIA release of information received from them as part of their verification application. First and foremost the Department of Veterans Affairs (VA) and CVE must follow the guidance of the VA Office of General Counsel, and laws pertaining to information subject to FOIA. We are required to disclose:
- Name of Company
- Data Universal Numbering System (DUNS) Number
- Business Address
- Business City
- Business State
- Business Zip Code
- Veteran-Owned Small Business (VOSB)
- Service-Disabled Veteran-Owned Small Business (SDVOSB)
- Bonding Level
- Number of Employees
- Email Address
Any privileged or confidential commercial, or financial information contained in applications may be subject to withholding on a case by case basis. We are in dialogue with the Department’s Office of General Counsel and FOIA subject matter experts to determine what additional information could be provided in response to a FOIA request. A decision has not been made at this time. To the fullest extent possible, and as allowed by law, every consideration will be taken into account to limit the exposure of a businesses’ proprietary information, and the personal information of all owners.
Of course, the press release begs the question–shouldn’t the CVE have consulted with the “Department’s Office of General Counsel and FOIA subject matter experts” before sending an email to the entire VetBiz list suggesting that all application documentation could be made public? But now that the CVE has unnerved countless SDVOSBs and VOSBs with a declaration that their documentation is subject to FOIA, the CVE should do more to clean up its mess.
First, the CVE should email its press release to everyone who received the initial February 27 announcement. Most SDVOSBs and VOSBs do not regularly visit the CVE’s press release website. Without a follow-up email, these SDVOSBs and VOSBs may continue to believe that all documentation submitted to the CVE is fair game in a FOIA request.
Second, the CVE should rapidly conclude its internal discussions and announce a more specific FOIA policy. For instance, the CVE could inform SDVOSBs and VOSBs that, at least as a general matter, documents like tax returns will not be released in response to a FOIA request.
The price of VetBiz verification should not be the release of closely-guarded information. Let’s hope the CVE understands this, and offers further reassurances to SDVOSBs and VOSBs.