Está en la página 1de 6

[WORLD VISION, INC.

LETTERHEAD]

SUBMITTED VIA: Federal eRulemaking Portal at http://www.regulations.gov

September 18, 2007

Mr. Philip M. Henegan


Chief Privacy Officer
United States Agency for International Development
1300 Pennsylvania Avenue NW
Office 2.12-003
Washington, DC 20523-2120

RE: Response to Federal Register /Vol. 72, No.139/Friday, July 20, 2007
Agency: U.S. Agency for International Development
Title of Action: Proposed Rule
RIN: 0412-AA61

Dear Mr. Henegan:

World Vision is a Christian humanitarian organization dedicated to working with


children, families and their communities worldwide to reach their full potential by
tackling the causes of poverty and injustice. World Vision helps transform the lives of the
world’s poorest children and families in nearly 100 countries, including the United States.
World Vision, Inc. is a California non-profit corporation and is tax exempt under Section
501(c)(3) of the Internal Revenue Code. Our headquarters are at 34834 Weyerhaeuser
Way South, Federal Way, WA 98001; telephone number 253.815.1000.

For the reasons set out below and in our earlier comment letter submitted on August 20,
2007, World Vision believes that the Partner Vetting System (PVS) as described in the
Proposed Rule can only be implemented after a full review process pursuant to
Executive Order 12866 as amended by Executive Orders Nos. 13258 and 13422
(collectively, EO 12866) and the Congressional Review Act, 5 USC §§ 801, et seq. We
also believe that exemptions for the PVS claimed under the Privacy Act of 1974, 5 USC
§ 552a, are inappropriate.

1. EO 12866.

Among EO 12866’s stated objectives are “to restore the integrity and legitimacy of
regulatory review and oversight; and to make the process more accessible and open
to the public.” The review process set forth in Section 6 of EO 12866 applies to all
regulatory actions by Federal agencies not specifically exempted by the Administrator
of the Office of Information and Regulatory Action (OIRA). USAID has not been
specifically exempted from centralized review by the Administrator of OIRA.
Mr. Philip Henegen
September 19, 2007
Page 2 of 6
USAID states that the Proposed Rule is not subject to review under EO 12866 because it
is not a significant regulatory action; however, Section 6 of EO 12866 requires a Federal
agency to submit all regulatory actions to the Administrator of OIRA for a determination
of significance and whether the review process described by EO 12866 applies. The
Proposed Rule does not include any indication that USAID followed this requirement,
nor has the Proposed Rule appeared in the Inventory of Currently Approved
Information Collections at the OIRA. USAID does not have the authority under EO 12866

to determine unilaterally that the Proposed Rule is not a significant regulatory action
and not subject to review under EO 12866.

World Vision believes that the Proposed Rule is in fact a “significant regulatory action,”
defined in Section 2(f)(3) as “any regulatory action that is likely to result in a regulation
that may … materially alter the rights and obligations of the recipients [of grants].” The
Proposed Rule will alter the rights and obligations of recipients of USAID grants and
individuals within the NGO community in the following ways:

a. The Proposed Rule would create a new general exemption within the regulations
implementing the Privacy Act at 22 CFR 215.13(c). The only general exemption
currently provided at 22 CFR 215.13 is for criminal law enforcement records. The
expansion, for the first time, of the general exemption beyond the protection of
criminal law enforcement records to the protection of administrative records used to
affirm eligibility to receive foreign humanitarian assistance should qualify the
Proposed Rule as significant.

b. The Proposed Rule will allow USAID to share sensitive personal information about the
principal officers and other employees of organizations that apply for USAID funding
with other US agencies, or their contractors, without the consent of such individuals
and without providing such individuals an opportunity to review and correct
information that may be inaccurate, irrelevant, untimely or incomplete.1 As such,
the Proposed Rule is a significant regulatory action impacting the rights of the
employees of grant recipients and should be subject to centralized review pursuant
to EO 12866.

c. The implementation of the PVS as proposed could result in certain grant recipients
being deemed ineligible for USAID funding based on unclear criteria applied to

1 The ability to review and revise information is even more important in light of documented
inaccuracies in the lists and databases against which names and other personal information will
be vetted. See, for example, U.S. Department of Justice Office of the Inspector General, Audit
Division Audit Report 07-41, “Follow -up Audit of the Terrorist Screening Center,” dated September
2007, which found that 38 percent of records tested “continued to contain errors or
inconsistencies that were not identified through the TSC’s quality assurance efforts;” that TSA’s
database contains records for individuals who should not be on the list; and that TSC’s redress
reviews are not always completed in a timely manner.

2
Mr. Philip Henegen
September 19, 2007
Page 3 of 6
nonpublic information and would require grant recipients to identify and hire key
personnel based on criteria and information unknown to it. This would clearly
materially alter the rights and obligations of such grant recipients.

2. Congressional Review Act.

USAID also states that the Proposed Rule is not a major rule subject to Congressional
review pursuant to the Congressional Review Act of 1996, 5 USC §§ 801 et seq. (CRA).
The purpose of the CRA is to require Congressional review of agency actions that
substantially affect the rights or obligations of outside parties and to assure that federal
agencies are more cautious in how they craft their rules.2

The Proposed Rule falls within the definition of “rule” at 5 USC § 804(3)(C) as it
substantially affects the rights and obligations of non-USAID parties by proposing
exemptions under the Privacy Act that result in the suspension of an individual’s privacy
protections and serious potential harm to the work of the NGOs and the employment
status of covered individuals.

USAID appears to have unilaterally determined that the Proposed Rule is not a “major
rule.” The CRA states that Administrator of OIRA makes a finding as to whether or not a
rule is deemed a “major rule” under CRA and thereby subject to Congressional review.
(5 USC §804(2)). The proposed Rule should have been submitted to OIRA for
determination of whether or not it is subject to Congressional review as a “major rule”
pursuant to 5 USC §§ 804(3).

The Proposed Rule has significant international privacy implications and would require
World Vision and other grant recipients to utilize potentially discriminatory employment
practices. The European Union and many nations afford the personal information of
individuals a very high level of protection. World Vision and its implementing partners
may be precluded from hiring certain employees who decline to waive their privacy
protections or who are residents of countries where such waivers are not legally
permitted or recognized in an employment context. This type of employment action,
based solely on a person’s citizenship or failure to produce certain personal information,
may subject World Vision to a possible claim for damages based on an alleged
discriminatory employment practice. World Vision believes that a rule having the
potential consequences of the Proposed Rule should qualify as a “major rule” under 5
USC §804(2)(C).

2See, 142 Cong. Rec. S3687 (daily ed. Apr. 19, 1996) (Joint Explanatory Statement of Senate
Sponsors); 142 Cong Rec. E579 (daily ed. Apr. 19, 1996) (Joint Explanatory Statement of House
Sponsors).

3
Mr. Philip Henegen
September 19, 2007
Page 4 of 6
3. The Privacy Act and Implementing Regulations

Congress’s purposes in enacting the Privacy Act of 1974 included providing safeguards
against invasion of personal privacy by requiring Federal agencies to permit individuals
access to records pertaining to them collected by such agencies; to allow such
individuals to prevent those records from being used or disseminated for a purpose
other than that for which they were collected; and to provide such individuals with a
process for correcting errors in those records. The Privacy Act reflects the view of
Congress that, even more than 40 years ago, “the increasing use of computers and
sophisticated information technology . . . has greatly magnified the harm to individual
privacy that can occur from any collection, maintenance, use, or dissemination of
personal information.” Privacy Act of 1974, §2(a)(2), 88 Stat. 1986.

The Privacy Act is intended to “permit exemptions from such requirements . . . only in
those cases where there is an important public policy need for such exemption as has
been determined by specific statutory authority.” Privacy Act of 1974, §2(b)(5). As
discussed in World Vision’s earlier comment letter on the PVS dated August 20, 2007,
there is no specific statutory authority for the Proposed Rule.

The Privacy Act provides exemptions from its procedures for law -enforcement agencies
and when the use of the information is considered “routine use.” USAID is not a law
enforcement agency. Because the purpose of the information collection is purportedly
to allow USAID to meet its own compliance requirements with law enforcement and
counterterrorism mandates, USAID’s dissemination of the collected information to
unnamed third parties for investigative purposes would not be a “routine use” within the
scope of USAID’s mission.

World Vision further believes that exemptions USAID seeks to create under the Privacy
Act are inappropriate:

General Exemption. USAID seeks to add a new section to its Privacy Act regulations at
22 CFR §215.13(c), creating a general exemption from the Privacy Act in order to:
ensure the proper functioning of law enforcement activities and the protection of
confidential sources; avoid the premature disclosure of the knowledge of criminal
activity; and prevent interference with law enforcement proceedings. However, the
Privacy Act at 5 USC §552a(j) permits Federal agencies to promulgate general
exemptions only for systems of records that are maintained by the CIA or by an
“agency or component thereof which performs as its principal function any activity
pertaining to the enforcement of criminal laws . . .” In fact, the only other exemption at
Section 215.13(c) is for criminal law enforcement records. USAID is a an administrative
agency charged with implementing the foreign assistance programs of the United
States and acknowledges that its primary functions “are not of a law enforcement
nature.” USAID therefore should not be eligible for a general exemption under 22 CFR
§215.13(c).

4
Mr. Philip Henegen
September 19, 2007
Page 5 of 6
Specific Exemptions. USAID is also seeking specific exemptions under the Privacy Act
asserting the applicability of certain provisions of 5 USC § 552a(k).

5 USC §552a(k)(1). Section 552a(k)(1) provides that an agency may exempt from
disclosure matters that are "(A) specifically authorized under criteria established by
an Executive order to be kept secret in the interest of national defense or foreign
policy and (B) are in fact properly classified pursuant to such Executive order.”
Executive Order 12958 (EO 12958) provides that when properly classified, national
security information is exempt from mandatory disclosure under the Privacy Act.
However, the information to be collected and maintained in the PVS would not be
properly classified under EO 12958 as it does not concern: (a) military plans,
weapons systems, or operations; (b) foreign government information; (c) intelligence
activities (including special activities), intelligence sources or methods, or
cryptology; (d) foreign relations or foreign activities of the United States, including
confidential sources; (e) scientific, technological, or economic matters relating to
the national security, which includes defense against transnational terrorism; (f)
United States Government programs for safeguarding nuclear materials or facilities;
(g) vulnerabilities or capabilities of systems, installations, infrastructures, projects,
plans, or protection services relating to the national security, which includes defense
against transnational terrorism; or (h) weapons of mass destruction. It is, therefore,
inappropriate to attempt to rely upon 5 USC §552a(k)(1) for an exemption from the
Privacy Act.

5 USC §552a(k)(2). Section 552a(k)(2) provides specific exemption under the Privacy
Act for investigatory material compiled for law enforcement purposes. Compliance
with the law is not the equivalent of enforcement of the law and USAID
acknowledges it is not a law enforcement agency. The information to be compiled
in the PVS is for the purpose of allowing USAID to assure itself that US Government
funds are not benefiting terrorists. It is, therefore, inappropriate to rely upon 5 USC
§552a(k)(2) for an exemption from the Privacy Act.

5 USC §552a(k)(5). Section 552a(k)(5) provides a specific exemption under the


Privacy Act for information compiled solely for the purpose of determining suitability,
eligibility or qualification for Federal employment, military service, Federal contracts
or access to classified information. The exemption only applies where required
disclosure would reveal a source of the information. In this instance, a grant
recipient would be the primary source of the information about its employees.

Those employees will know that their employer is the source of the information. The
very limited exception at 552a(k)(5) does not support USAID’s wholesale request for
exemption under the Privacy Act to (a) preclude individuals from access to the
information in their records; or (b) limiting the information maintained in the PVS to
that information relevant and necessary to accomplish the purpose of the agency.
Because compliance with this rule may result in the loss of a job, the failure to allow
access by individuals to their records to review the accuracy of the information
could have serious personal consequences. Such a process directly contradicts the

5
Mr. Philip Henegen
September 19, 2007
Page 6 of 6
fundamental transparency that is at the heart of the Privacy Act, as well as
analogous federal privacy laws in other sectors, such as the Fair Credit Reporting
Act, 15 USC §1681 et seq.

4. Impact on Grant Recipients and Their Staff. The implementation of the PVS without
full consultation and review is especially problematic given the a significant negative
impact of designating grant recipients as an arm of US law enforcement. No
adequate justification has been provided for USAID’s assertion that it is required to
engage in these law enforcement-type activities to ensure its compliance with the law.
USAID must demonstrate why it believes the current practices of grant recipients are
inadequate before it creates such an invasive and burdensome new system.

By naming the NGOs as “partners” in the collection and sharing of sensitive personal
information for purposes of law enforcement, USAID is identifying the overseas staff of
grant recipients as an extension of the intelligence arm of the US Government. World
Vision is convinced that this will jeopardize our acceptance in the communities in which
we work. The safety and security of our staff and beneficiaries will be severely
impacted, and our ability to implement USAID programs will be reduced.

We again urge USAID to withdraw the Proposed Rule and to engage in an appropriate
rule-making process.

Sincerely,

/s/ RICHARD STEARNS

President, World Vision USA

Cc: Art Fraas, Branch Chief, OIRA (by email: afraas@omb.eop.gov)


David Rostker, Desk Officer for USAID, OIRA (by email: drostker@omb.gov)