Much has been said on the security breach that exposed up to 145 million Americans’ most sensitive information. Not only had Equifax, some say negligently, exposed half of America’s social security numbers, credit card information, and just about anything else needed to steal an identity, but the company thoroughly botched the cleanup by directing customers to a dubiously credentialed website and made a not-so-subtle attempt to induce its customers to waive any right to sue. The remarkable nature of the incident even received a 15-minute break down by HBO’s John Oliver, which is by far the most entertaining way to catch up on the breach if you have been in hiding for the last month.
The IRS award of a seven million dollar contract to Equifax, made shortly after the security hack, seemed to put a cherry on top of a perfect media outrage story. And rage they did. After Politico “discovered” the “sole-source award” by the IRS to Equifax, every major media outlet from Fox News to CNN ran stories mocking the agency’s poor decision. Senators from both sides of the aisle openly scolded the IRS for handing Equifax government funds without even allowing other companies to compete for the contract. Through a grin, Mr. Oliver told his crowd of the award, made on the very same day the former CEO was being chewed up in an open Senate hearing. How could something like this happen? Simply put, because a law aimed at preventing fraud and abuse required the IRS to give Equifax the contract, without any competition.
Federal contractors are well aware of what is called a “statutory stay.” When the government wants to buy goods or services, most of the time it must follow very strict and complicated rules. One such rule requires the government agency to give a debriefing to disappointed contractors when their bid was passed over in favor of another’s. For a variety of reasons, the contractor may believe the government made a mistake in its decision or perhaps something more sinister is to blame for the loss. If the contractor “protests” the decision within five days of the debriefing, the contract at issue is automatically frozen while the Government Accountability Office takes a look under 31 U.S.C. § 3553. The reason behind the law is fairly plain – i.e., to avoid a situation where a company begins performing for the government, and racking up costs, only to have that contract overturned at a much later date.
So about this infamous IRS “award” to Equifax; it was made after the IRS chose a different company to perform on a contract where Equifax was the incumbent. Equifax protested, activated the automatic stay described above, and the IRS was forced to grant a short extension to Equifax’s previous contract while the protest was decided. Notably, the short extension was publicly made, because “a sole source order is required to cover the timeframe needed to resolve the protest on contract TIRNO-17-Z-00024. This is considered a critical service that cannot lapse.” The protest was quickly denied, and now a new company will take over performing services to the IRS.
Notably, the IRS decision to take the contract away from Equifax was made long before the media “put pressure on the IRS,” or before both sides of the aisle joined together in decrying the purported incompetent waste of government funds. While the vagaries of government procurement procedure may not be as shocking as the story told by the major outlets, and it is certainly not nearly as funny as the John Oliver segment, it is however the real explanation to the latest chapter of the Equifax security breach.
The post The Misplaced Rage Regarding Equifax’s Post Data Breach “Contract Award” appeared first on Centre Law & Consulting.