Buy American and hire American. The concept is easy, but the implementation can be far more complicated, particularly in the current government contracting world where waivers to those requirements have become common. In an attempt to strengthen the commitment to buying American and hiring American, on January 26, 2018, a bipartisan group of ten Senators sent a letter to President Trump urging him to “keep the promises” that he had made in April 2017 to buy American and hire American. The letter follows Senators Rob Portman (R-OH), Sherrod Brown (D-OH), Lindsey Graham (R-SC), and Chris Murphy’s (D-CT) introduction of the bipartisan BuyAmerican.gov Act of 2018 on January 9, 2018. This new legislation seems to be an effort to codify President Trump’s April 18, 2017, Buy American and Hire American Executive Order (the Executive Order), and slow what the BuyAmerican.gov Act Press Release calls the “excessive number of waivers” to the Buy American laws. Since President Trump signed the Executive Order, much has been written about the potential effects of that Executive Order. However, the potential impacts on government contractors who maintain or store data relating to their performance of federal government contracts have been largely disregarded.
To date, nothing in the Federal Acquisition Regulation prohibits contractors from storing contract-related data offshore—i.e., outside the United States. Some federal agencies have included an obligation for bidders to disclose their intentions regarding data storage if they are successful and awarded a contract, but these efforts have not been consistent across federal agencies. States have been the most aggressive in terms of policing a contractor’s ability to store state contract data offshore. Seven states have statutes or regulations that prohibit contractors from storing state contract data outside the United States. Multiple other states have regulations or include provisions in their solicitations that require bidders on state contracts to disclose where the contractor intends to store the state’s data.
The proposed BuyAmerican.gov Act legislation and the related Executive Order appear to be an effort to curtail offshoring. Offshoring is generally defined as the import from abroad of goods and services that were previously produced domestically. For data, offshoring might include personal health information stored on foreign servers or medical transcription services occurring abroad. The newly introduced BuyAmerican.gov legislation seeks to create an Executive Branch policy to “maximize” the use of goods, products, and materials manufactured in the United States, i.e., domestically, and “scrupulously monitor, enforce, and comply with Buy American Laws, to the extent they apply, and minimize the use of waivers.” Significantly, the proposed BuyAmerican.gov Act would require that each waiver request related to Buy American laws, “properly and adequately document and justify the statutory basis” for the requested waiver. The proposed legislation would also require the Administrator of the General Services Administration to include information about all waivers that are requested, pending, or granted on BuyAmerican.gov.
In the current contracting climate, data offshoring, and its effects on the security of personal data, is highly scrutinized. The safety and security of the public’s and individual personal data is paramount. Breaches of personal data can lead to identity theft and statutory violations. Breaches of classified information can lead to potentially catastrophic national security and diplomatic consequences. Contractors have always had to demonstrate to contracting officers and agencies how the security of data stored offshore is protected. However, now, with the transparency requirements proposed in the Buy American.gov legislation, contractors and bidders also may have to justify in a publically-available forum why data needs to be offshored for a particular contract and why that data cannot be adequately stored and protected domestically. Contractors that offshore data will also likely be subject to harsh public review and potential criticism. Potential qui tam relators will be chomping at the bit for any potential data or contract breach that could lead to False Claims Act liability.
At this point, only time will tell how the BuyAmerican.gov Act or the Executive Order will change the landscape for prospective bidders, especially for those who submit proposals that include offshoring data storage or usage. The BuyAmerican.gov Act has the potential to create new winners and losers in federal contracting, and those losers may now have a new and improved avenue for bid protests. If a successful bidder cannot demonstrate that it fully complied with the complicated Buy American Laws or did not sufficiently justify its waiver requests, the successful bidder may be stripped of its award. This proposed legislation and the Executive Order likely mean heightened scrutiny for all aspects of potential offshoring, including for offshore data programs, and government contractors must be aware of the potential consequences.
In the meantime, a bidder on federal contracts should:
carefully review all solicitation requirements;
be aware of what is required for compliance with any Buy American Law that is incorporated into a solicitation;
prepare for the potential backlash of public opinion if it proposes offshoring and request a waiver of a Buy America law; and
include review of data storage requirements in its Government Contracts Compliance Plan.
 States prohibiting a contractor from storing data offshore are Alaska, Arizona, Illinois, New Jersey, Missouri, Ohio, and Wisconsin.
 Such states include, for example, Alabama, Colorado, Idaho, Maryland, Michigan, Minnesota, North Carolina, Pennsylvania, Tennessee, and South Carolina.