After leading successful efforts to suspend a federal contract awarded to Equifax in the wake of a data breach, leaders of the House Energy and Commerce Committee pressed the General Services Administration (GSA) for information about data security and vetting requirements for contractors.
U.S. Reps. Greg Walden (R-OR), the chairman of the Energy and Commerce Committee, and Frank Pallone Jr. (D-NJ), the ranking member of the committee, issued the request in a bipartisan letter to GSA Acting Administrator Timothy Horne. The committee leaders questioned why Equifax, which had recently been involved in a data breach affecting 145.5 million Americans, was then granted contract for federal data-related services with the IRS.
“We are writing to request information about the GSA consideration of data security practices when vetting vendors and awarding government contracts,” the letter states.
“As a federal government agency, GSA has a responsibility to act in the best interests of the American public, including ensuring that their personal information is secure. It has come to our attention that GSA has awarded contracts to Equifax to provide data-related services handling Americans’ personal information at multiple federal agencies, including the IRS, Social Security Administration and Centers for Medicare and Medicaid Services.”
U.S. Reps. Ryan Costello (R-PA), a committee member who signed the letter, said that companies tasked with handling the personal information of customers as part of their work with the federal government must demonstrate ability to protect information as part of the application process.
“Similarly, federal agencies vetting potential contractors should have a strong confidence in those companies’ ability to securely guard such information,” Costello added.
U.S. Reps. Fred Upton (R-MI), Michael Burgess (R-TX), Leonard Lance (R-NJ), Adam Kinzinger (R-IL), Larry Bucshon (R-IN) and Mimi Walters (R-CA) were also among the committee leaders who signed the letter.
The letter asked Horne if the GSA considers consumer protection issues like data security when vetting contractors, whether subcontractors are subjected to the same vetting process and whether past data breaches in particular are considered when evaluating applications.
The letter to GSA follows a letter the lawmakers sent to the IRS commissioner on Oct. 10 questioning the IRS’s decision to continue its contract for data services with Equifax even after news about the breach was revealed. The IRS said it has since suspended the contract.