Legal Meets Practical: Accessible Solutions
13 Mar 2014

The VetBiz Portal: How Safe is Your Information?

For those of you who may be unfamiliar with it, the VetBiz Vendor Information Pages (VIP) is a listing of companies that have been verified by the Department of Veterans Affairs’ (VA’s) Center for Verification and Evaluation (CVE) as veteran-owned and veteran-controlled. Businesses listed in the VetBiz VIP are eligible for set-asides conducted by the VA, and any company that has run the VetBiz gauntlet (especially multi-member companies) can testify that it is a rigorous process.

As businesses listed in the VetBiz Vendor Information Pages (VIP) know, as part of the process, a good deal of personal information needs to be uploaded to an electronic portal for review by the CVE – from individual tax returns to the company’s operating agreement or bylaws. One logs into the portal with a user name and password.

But how safe is this portal? There are two inquiries here – how safe is the portal in terms of security, and how safe is the portal in terms of the protection of personal information?

Let’s look at security first. After the SAM scare last year, where it was possible to view the extremely sensitive information of companies after following a series of steps (I have free credit reporting for a year as a consequence of this, as I was identified as “high risk” for identity fraud), the Government should be cognizant of potential security breaches.

As it relates to VetBiz VIP, I’m curious to know what measures are taken to make sure this highly personal and/or confidential information is sufficiently protected. Is it encrypted on the VA’s side? How can it be accessed by VA personnel? I am not an IT professional by any means, but it would give businesses peace of mind if the CVE would share how it protects the information it receives. It also alarms me that CVE does not have a process in place to kick back documentation submitted by the veteran that contains non-redacted social security numbers.

Also related to security is the information requested. Unlike the Small Business Administration’s assessment of an 8(a) Business Development application, the CVE does not examine whether an individual is economically disadvantaged. If this is so, why request an entire individual tax return? If this practice was eliminated, and the CVE instead requested a letter from the individual’s CPA summarizing from where the individual received income, this would allow the CVE to check for affiliation issues (the purpose for requesting tax returns) while protecting the veteran’s personal information.

I have no expectation that changes in the required documentation will be implemented, however. I know of one VetBiz Verification Assistance Counselor who has repeatedly told the CVE that certain documents are inapplicable depending on the type of business. It has been years and no change has been made.

Now let’s talk personal information. The CVE requests information including how much money an individual makes (tax returns), corporate documents (company operation), resumes, bank signature cards and cancelled checks, and copies of contract signature pages. If they exist, you must upload these documents to be considered; the CVE does not make exceptions.

Recently, the CVE sent out this mass email to select businesses listed in the VetBiz VIP. I say “select” because I know of some businesses who received this, others did not. However, there is no reason why some businesses would be distinguished from others:

Dear Veteran Business Owner:

Documentation provided to the Center for Verification and Evaluation by an applicant is subject to Freedom of Information Act (FOIA) requests, may be subject to publication in response to a FOIA request, and can be used for purposes other than the Verification application by FOIA requestors.

Determination of ineligibility does not make any statement regarding the legal standing and validity of a particular business model other than to impact its eligibility for Department of Veterans Affairs Veterans First Contracting Program.

If you have any questions, or need more information, please contact our Help Desk at 1-866-584-2344 or email [email protected].

A VetBiz Verification Assistance Counselor I know promptly submitted an inquiry to the CVE, asking it for input especially as to the wording of the first sentence. After two weeks, he is still waiting for a response.

In practice, the fact that information is subject to FOIA requests will likely not impact businesses. The government cannot give out information that is “a trade secret or confidential commercial or financial information obtained from a person.” But the fact that the request can be made is unneverving.

At this point, I have not heard of information being misused or compromised via the VetBiz VIP or the electronic portal for submission. At the same time, however, these concerns are real, and I hope the CVE is cognizant of the need to address them.

Did you find this article informative? If so, sign up for my weekly blog at: https://legalmeetspractical.com. Remember to click the link sent to your email to activate your subscription!

 

 

Posted in Uncategorized | Comments Off on The VetBiz Portal: How Safe is Your Information?

Comments are closed.

Mission Statement

My mission is to provide accessible, high-quality legal services to small business owners and to veterans. I will strive to clearly communicate, understand objectives, and formulate and execute effective legal solutions.

Disclaimer

No Attorney-Client Relationship

This website is maintained exclusively for informational purposes. It is not intended to provide legal or other professional advice and does not necessarily represent the opinions of the lawyer or her clients. Viewing this site, using information from it, or communicating with Sarah Schauerte through this site by email does not create an attorney-client relationship.

Non-Reliance

Online readers should not act nor decline to act, based on content from this site, without first consulting an attorney or other appropriate professional. Because the law changes frequently, this website's content may not indicate the current state of the law. Nothing on this site is meant to predict or guarantee future results. I am not liable for the use or interpretation of information contained on this website, and expressly disclaim all liability for any actions you take or fail to take, based on this website's content.

Links

I do not necessarily endorse and am not responsible for content accessed through this website's links to other Internet resources. Correctness and adequacy of information on those sites is not guaranteed, and unless otherwise stated, I am not associated with such linked sites.

Contacting Me

You may email me through the email address provided by this site, but information you send through email or this website is not secure and may not be confidential. Communications will not be treated as privileged unless I already represent you. Do not send confidential information until you have established a formal attorney-client relationship with me. Even if I represent you, please understand that email security is still uncertain and that you accept all risks of such uncertainty and potential lack of confidentiality when you send us unencrypted, sensitive, or confidential email. Email from me never constitutes an electronic signature, unless it expressly says so.