[Federal Register Volume 60, Number 241 (Friday, December 15, 1995)]
[Proposed Rules]
[Pages 64408-64411]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 95-30357]
-----------------------------------------------------------------------
ENVIRONMENTAL PROTECTION AGENCY
48 CFR Parts 1535 and 1552
[FRL-5332-3]
Acquisition Regulation; Confidential Business Information
AGENCY: Environmental Protection Agency.
ACTION: Proposed rule.
-----------------------------------------------------------------------
SUMMARY: The Environmental Protection Agency (EPA) is proposing to
revise its acquisition regulation by revising both the prescription for
use of solicitation provisions and contract clauses regarding
collection, use, access, treatment, and disclosure of confidential
business information (CBI), and adding solicitation provisions and
contract clauses on CBI.
DATES: Written comments should be submitted to the contact listed below
not later than February 13, 1996.
ADDRESSES: Comments and data may also be submitted electronically by
sending electronic mail (e-mail) to: Senzel.Louise@epamail.epa.gov.
Electronic comments must be submitted as an ASCII file avoiding the use
of special characters and any form of encryption. Comments and data
will also be accepted on disks in WordPerfect in 5.1 format or ASCII
file format. No Confidential Business Information (CBI) should be
submitted through e-mail. Electronic comments on this proposed rule may
be filed online at many Federal Depository Libraries.
FOR FURTHER INFORMATION CONTACT: Louise Senzel, Environmental
Protection Agency, Office of Acquisition Management (3802F), 401 M
Street, SW, Washington, D.C. 20460. Telephone: (202) 260-6204.
SUPPLEMENTARY INFORMATION:
A. Executive Order 12866
The proposed rule is not a significant regulatory action for the
purposes of Executive Order 12866; therefore, no review is required by
the Office of Information and Regulatory Affairs.
B. Paperwork Reduction Act
The Paperwork Reduction Act does not apply because this proposed
rule does not contain information collection requirements that require
the approval of OMB under the Paperwork Reduction Act of 1980 (44
U.S.C. 3501 et seq.)
C. Regulatory Flexibility Act
The EPA certifies that this proposed rule does not exert a
significant economic impact on a substantial number of small entities.
The requirements to contractors under the proposed rule impose no
reporting, record-keeping, or any compliance costs.
D. Unfunded Mandates
This proposed rule will not impose unfunded mandates on state or
local entities, or others.
The provisions of this regulation are issued under 5 U.S.C. 301; 40
U.S.C. 486(c).
List of Subjects in 48 CFR Parts 1535 and 1552
Government procurement.
Therefore, Chapter 15 of title 48, Code of Federal Regulations is
proposed to be amended as set forth below:
1. The authority citation for parts 1535 and 1552 continue to read
as follows:
Authority: Sec. 205(c), 63 stat. 390, as amended, 40 U.S.C.
486(c).
2. Section 1535.007 is revised to read as follows:
1535.007 Solicitations.
(a) Contracting Officers shall insert the following provisions in
all solicitations when the Contracting Officer has determined that EPA
may furnish the contractor with confidential business information which
EPA has obtained from third parties under the Federal Insecticide,
Fungicide and Rodenticide Act (7 U.S.C. 136 et seq.).
(1) 1552.235-72 Control and Security of Federal Insecticide,
Fungicide, and Rodenticide Act Confidential Business Information; and
(2) 1552.235-73 Access to Federal Insecticide, Fungicide, and
Rodenticide Act Confidential Business Information.
(b) Contracting Officers shall insert the following provisions in
all solicitations when the Contracting Officer has determined that EPA
may furnish the contractor with confidential business information which
EPA has obtained from third parties under the Toxic Substances Control
Act (15 U.S.C. 2601 et seq.)
(1) 1552.235-74 Control and Security of Toxic Substances Control
Act Confidential Business Information; and
(2) 1552.235-75 Access to Toxic Substances Control Act Confidential
Business Information.
3. Subsection 1535.007-70 is amended by revising paragraphs (b) and
(c) and adding paragraph (d) through (f) to read as follows:
1535.007-70 Contract clauses.
(a) * * *
(b) The Contracting Officer shall insert the clause at 1552.235-71,
Treatment of Confidential Business Information, in solicitations and
contracts when the Contracting Officer has determined that in the
performance of the contract, EPA may furnish confidential business
information to the contractor obtained from third parties under the
Clean Air Act (42 U.S.C. 7401 et seq.), the Federal Water Pollution
Control Act (33 U.S.C. 1251 et seq.), the Safe Drinking Water Act (42
U.S.C. 300f et seq.), the Federal Food, Drug, and Cosmetic Act (21
U.S.C. 301 et seq.), the Resource Conservation and Recovery Act (42
U.S.C. 301 et seq.), the Federal Insecticide, Fungicide and Rodenticide
Act (7 U.S.C. 136 et seq.), the Comprehensive Environmental Response,
Compensation, and Liability Act (42 U.S.C. 9601 et seq.), and provision
1552.235-70, Release of Contractor Confidential Business Information.
EPA regulations on confidentiality of business information in 40 CFR
part 2, subpart B, require that the contractor agree to the clause
entitled ``Treatment of Confidential Business Information'' before any
confidential business information may be furnished to the contractor.
(c) The Contracting Officer shall insert the clause at 1552.235-76,
Treatment of Confidential Business Information, in solicitations and
contracts when the Contracting Officer has determined that in the
performance of the contract, EPA may furnish the contractor with
confidential business information obtained from third parties under the
Toxic Substances Control Act (15 U.S.C. 2601 et seq.). EPA regulations
on confidentiality of business information in 40 CFR part 2, subpart B,
require that the contractor agree to the clause entitled ``Treatment of
Confidential Business Information'' before any confidential business
information may be furnished to the contractor.
(d) The Contracting Officer shall insert the clause at 1552.235-77
Data Security for Federal Insecticide, Fungicide, Rodenticide Act
Confidential Business Information, when the contract involves access to
confidential business information related to the Federal Insecticide,
Fungicide, Rodenticide Act and the Treatment of Confidential Business
Information clause (1552.235-71) and the Screening Business Information
for Claims of Confidentiality clause (1552.235-70) are included.
[[Page 64409]]
(e) The Contracting Officer shall insert the clause at 1552.235-78
Data Security for Toxic Substances Control Act Confidential Business
Information, when the contract involves access to confidential business
information related to the Toxic Substances Control Act and the
Treatment of Confidential Business Information clause (1552.235-76) and
Screening Business Information for Claims of Confidentiality clause
(1552.235-70) are included.
(f) Contracting Officers shall insert the clause 1552.235-79
Release of Contractor Confidential Business Information in all
solicitations and contracts in order to authorize the Agency to release
confidential business information under certain circumstances.
4. Subpart 1552.2, is amended by revising section 1552.235-72, and
adding sections 1552.235-73 through 1552.235-79 to read as follows:
1552.235-72 Control and Security of Federal Insecticide, Fungicide,
Rodenticide Act Confidential Business Information (XXX 1995).
As prescribed in 1535.007(a), insert the following provision:
Control and Security of Federal Insecticide, Fungicide, Rodenticide Act
Confidential Business Information (XXX 1995)
The offeror certifies that--
--The Contractor and its employees have read and are familiar with
the requirements for the control and security of Federal
Insecticide, Fungicide, Rodenticide Act confidential business
information contained in the manual entitled ``Federal Insecticide,
Fungicide, Rodenticide Act Information Security Manual''. (See also
1552.235-77 elsewhere in this solicitation.)
(End of Provision)
1552.235-73 Access to Federal Insecticide, Fungicide, Rodenticide Act
Confidential Business Information (XXX 1995).
As prescribed in 1535.007(a), insert the following provision:
Access to Federal Insecticide, Fungicide, Rodenticide Act Confidential
Business Information (XXX 1995)
In order to perform duties under the contract, the Contractor
will need to be authorized for access to Federal Insecticide,
Fungicide, Rodenticide Act (FIFRA) confidential business information
(CBI). The Contractor and all of its employees handling CBI while
working under the contract will be required to follow the procedures
contained in the security manual entitled ``FIFRA Information
Security Manual''. These procedures include applying for FIFRA CBI
access authorization for each individual working under the contract
who will have access to FIFRA CBI, execution of confidentiality
agreements, and designation by the Contractor of an individual to
serve as a Document Control Officer. The Contractor will be required
to abide by those clauses contained in EPAAR 1552.235-70, 1552.235-
71, and 1552.235-77 that are appropriate to the activities set forth
in the contract.
Until EPA has approved the Contractor's security plan, the
Contractor may not be authorized for FIFRA CBI access away from EPA
facilities.
(End of Provision)
1552.235-74 Control and Security of Toxic Substances Control Act
Confidential Business Information (XXX 1995).
As prescribed in 1535.007(b), insert the following provision:
Control and Security of Toxic Substances Control Act Confidential
Business Information (XXX 1995)
The offeror certifies that--
--The Contractor and its employees have read and are familiar with
the requirements for the control and security of Toxic Substances
Control Act confidential business information contained in the
manual entitled ``Toxic Substances Control Act Confidential Business
Information Security Manual''. (See also 1552.235-78 elsewhere in
this solicitation.)
(End of Provision)
1552.235-75 Access to Toxic Substances Control Act Confidential
Business Information (XXX 1995).
As prescribed in 1535.007(b), insert the following provision:
Access to Toxic Substances Control Act Confidential Business
Information (XXX 1995)
In order to perform duties under the contract, the Contractor
will need to be authorized for access to Toxic Substances Control
Act (TSCA) confidential business information (CBI). The Contractor
and all of its employees handling CBI while working under the
contract will be required to follow the procedures contained in the
security manual entitled ``TSCA Confidential Business Information
Security Manual''. These procedures include applying for TSCA CBI
access authorization for each individual working under the contract
who will have access to TSCA CBI, execution of confidentiality
agreements, and designation by the Contractor of an individual to
serve as a Document Control Officer. The Contractor will be required
to abide by those clauses contained in EPAAR 1552.235-70, 1552.235-
71, and 1552.235-78 that are appropriate to the activities set forth
in the contract.
Until EPA has inspected and approved the Contractor's
facilities, the Contractor may not be authorized for TSCA CBI access
away from EPA facilities.
(End of Provision)
1552.235-76 Treatment of Confidential Business Information (XXX 1995).
As prescribed in 1535.007-70(c), insert the following clause:
Treatment of Confidential Business Information (XXX 1995)
(a) The Project Officer (PO) or his/her designee, after a
written determination by the appropriate program office, may
disclose confidential business information (CBI) to the Contractor
necessary to carry out the work required under this contract. The
Contractor agrees to use the CBI only under the following
conditions:
(1) The Contractor and Contractor's employees shall (i) use the
CBI only for the purposes of carrying out the work required by the
contract; (ii) not disclose the information to anyone other than
properly cleared EPA employees without the prior written approval of
the Assistant General Counsel for Information Law or his/her
designee; and (iii) return the CBI to the PO or his/her designee,
whenever the information is no longer required by the Contractor for
performance of the work required by the contract, or upon completion
of the contract.
(2) The Contractor shall obtain a written agreement to honor the
above limitations from each of the Contractor's employees who will
have access to the information before the employee is allowed
access.
(3) The Contractor agrees that these contract conditions
concerning the use and disclosure of CBI are included for the
benefit of, and shall be enforceable by, both EPA and any affected
businesses having a proprietary interest in the information.
(4) The Contractor shall not use any CBI supplied by EPA or
obtained during performance hereunder to compete with any business
to which the CBI relates.
(b) The Contractor agrees to obtain the written consent of the
CO, after a written determination by the appropriate program office,
prior to entering into any subcontract that will involve the
disclosure of CBI by the Contractor to the subcontractor. The
Contractor agrees to include this clause, including this paragraph
(b), in all subcontracts awarded pursuant to this contract that
require the furnishing of CBI to the subcontractor.
(End of Clause)
1552.235-77 Data Security for Federal Insecticide, Fungicide,
Rodenticide Act Confidential Business Information (XXX 1995).
As prescribed in 1535.007-70(d), insert the following clause:
Data Security for Federal Insecticide, Fungicide, Rodenticide Act
Confidential Business Information (XXX 1995)
The Contractor shall handle Federal Insecticide, Fungicide,
Rodenticide Act (FIFRA) confidential business information (CBI) in
accordance with the contract clause entitled ``Treatment of
Confidential Business Information'' and ``Screening Business
Information for Claims of Confidentiality,'' the provisions set
forth below, and the Contractor's approved detailed security plan.
(a) The Project Officer (PO) or his/her designee, after a
written determination by the appropriate program office, may
disclose FIFRA CBI to the contractor necessary to carry out the work
required under this contract. The Contractor shall protect all FIFRA
CBI to which it has access (including
[[Page 64410]]
CBI used in its computer operations) in accordance with the following
requirements:
(1) The Contractor and Contractor's employees shall follow the
security procedures set forth in the FIFRA Information Security
Manual. The manual may be obtained from the Project Officer (PO) or
the Chief, Information Services Branch (ISB), Program Management and
Support Division, Office of Pesticide Programs (OPP) (H7502C), U.S.
Environmental Protection Agency, 401 M Street, SW, Washington, DC
20460.
(2) The Contractor and Contractor's employees shall follow the
security procedures set forth in the Contractor's security plan(s)
approved by EPA.
(3) Prior to receipt of FIFRA CBI by the Contractor, the
Contractor shall submit a certification statement to the Chief of
the ISB, with a copy to the Contracting Officer (CO), certifying
that all employees who will be cleared for access to FIFRA CBI have
been briefed on the handling, control and security requirements set
forth in the FIFRA Information Security Manual.
(4) The Contractor Document Control Officer (DCO) shall obtain a
signed copy of the FIFRA ``Contractor Employee Confidentiality
Agreement'' from each of the Contractor's employees who will have
access to the information before the employee is allowed access.
(b) The Contractor agrees that these requirements concerning
protection of FIFRA CBI are included for the benefit of, and shall
be enforceable by, both EPA and any affected business having a
proprietary interest in the information.
(c) The Contractor understands that CBI obtained by EPA under
FIFRA may not be disclosed except as authorized by the Act, and that
any unauthorized disclosure by the Contractor or the Contractor's
employees may subject the Contractor and the Contractor's employees
to the criminal penalties specified in FIFRA (7 U.S.C. 136h(f)). For
purposes of this contract, the only disclosures that EPA authorizes
the Contractor to make are those set forth in the clause entitled
``Treatment of Confidential Business Information.''
(d) The Contractor agrees to include the provisions of this
clause, including this paragraph (d), in all subcontracts awarded
pursuant to this contract that require the furnishing of CBI to the
subcontractor.
(e) At the request of EPA or at the end of the contract, the
Contractor shall return to the EPA PO or his/her designee all
documents, logs, and magnetic media which contain FIFRA CBI. In
addition, each Contractor employee who has received FIFRA CBI
clearance will sign a ``Confidentiality Agreement for Contractor
Employees Upon Relinquishing FIFRA CBI Access Authority''. The
Contractor DCO will also forward those agreements to the EPA PO or
his/her designee, with a copy to the CO, at the end of the contract.
(f) If, subsequent to the date of this contract, the Government
changes the security requirements, the CO shall equitably adjust
affected provisions of this contract, in accordance with the
``Changes'' clause when:
(1) The Contractor submits a timely written request for an
equitable adjustment; and
(2) The facts warrant an equitable adjustment.
(End of Clause)
1552.235-78 Data Security for Toxic Substances Control Act
Confidential Business Information (XXX 1995).
As prescribed in 1535.007-70(e), insert the following clause:
Data Security for Toxic Substances Control Act Confidential Business
Information (XXX 1995)
The Contractor shall handle Toxic Substances Control Act (TSCA)
confidential business information (CBI) in accordance with the
contract clause entitled ``Treatment of Confidential Business
Information'' and ``Screening Business Information for Claims of
Confidentiality.''
(a) The Project Officer (PO) or his/her designee, after a
written determination by the appropriate program office, may
disclose TSCA CBI to the contractor necessary to carry out the work
required under this contract. The Contractor shall protect all TSCA
CBI to which it has access (including CBI used in its computer
operations) in accordance with the following requirements:
(1) The Contractor and Contractor's employees shall follow the
security procedures set forth in the TSCA CBI Security Manual. The
manual may be obtained from the Director, Information Management
Division (IMD), Office of Pollution Prevention and Toxics (OPPT),
U.S. Environmental Protection Agency (EPA), 401 M Street, SW,
Washington, DC 20460. Prior to receipt of TSCA CBI by the
Contractor, the Contractor shall submit a certification statement to
the Director of the EPA OPPT/Office of Program Management and
Evaluation, with a copy to the Contracting Officer (CO), certifying
that all employees who will be cleared for access to TSCA CBI have
been briefed on the handling, control, and security requirements set
forth in the TSCA CBI Security Manual.
(2) The Contractor shall permit access to and inspection of the
Contractor's facilities in use under this contract by
representatives of EPA's Assistant Administrator for Administration
and Resources Management, and the TSCA Security Staff in the OPPT,
or by the EPA Project Officer.
(3) The Contractor Document Control Officer (DCO) shall obtain a
signed copy of EPA Form 7740-6, ``TSCA CBI Access Request,
Agreement, and Approval'' from each of the Contractor's employees
who will have access to the information before the employee is
allowed access. In addition, the Contractor shall obtain from each
employee who will be cleared for TSCA CBI access all information
required by EPA or the U.S. Office of Personnel Management for EPA
to conduct a Minimum Background Investigation.
(b) The Contractor agrees that these requirements concerning
protection of TSCA CBI are included for the benefit of, and shall be
enforceable by, both EPA and any affected business having a
proprietary interest in the information.
(c) The Contractor understands that CBI obtained by EPA under
TSCA may not be disclosed except as authorized by the Act, and that
any unauthorized disclosure by the Contractor or the Contractor's
employees may subject the Contractor and the Contractor's employees
to the criminal penalties specified in TSCA (15 U.S.C. 2613(d)). For
purposes of this contract, the only disclosures that EPA authorizes
the Contractor to make are those set forth in the clause entitled
``Treatment of Confidential Business Information.''
(d) The Contractor agrees to include the provisions of this
clause, including this paragraph (d), in all subcontracts awarded
pursuant to this contract that require the furnishing of CBI to the
subcontractor.
(e) At the request of EPA or at the end of the contract, the
Contractor shall return to the EPA PO or his/her designee, all
documents, logs, and magnetic media which contain TSCA CBI. In
addition, each Contractor employee who has received TSCA CBI
clearance will sign EPA Form 7740-18, ``Confidentiality Agreement
for Contractor Employees Upon Relinquishing TSCA CBI Access
Authority''. The Contractor DCO will also forward those agreements
to the EPA OPPT/IMD, with a copy to the CO, at the end of the
contract.
(f) If, subsequent to the date of this contract, the Government
changes the security requirements, the CO shall equitably adjust
affected provisions of this contract, in accordance with the
``Changes'' clause when:
(1) The Contractor submits a timely written request for an
equitable adjustment; and
(2) The facts warrant an equitable adjustment.
(End of Clause)
1552.235-79 Release of contractor confidential business information
(XXX 1995).
As prescribed in 1535.007-70(f), insert the following clause:
Release of Contractor Confidential Business Information (XXX 1995)
(a) The Environmental Protection Agency (EPA) may find it
necessary to release information submitted by the Contractor either
in response to this solicitation or pursuant to the provisions of
this contract, to individuals not employed by EPA. Business
information that is ordinarily entitled to confidential treatment
under existing Agency regulations (40 CFR part 2) may be included in
the information released to these individuals. Accordingly, by
submission of this proposal or signature on this contract or other
contracts, the Contractor hereby consents to a limited release of
its confidential business information (CBI).
(b) Possible circumstances where the Agency may release the
Contractor's CBI include, but are not limited to the following:
(1) To other Agency contractors tasked with assisting the Agency
in the recovery of Federal funds expended pursuant to the
Comprehensive Environmental Response, Compensation, and Liability
Act, 42 U.S.C. 9607, as amended, (CERCLA or Superfund);
(2) To the U.S. Department of Justice (DOJ) and contractors
employed by DOJ for use in advising the Agency and representing the
Agency in procedures for the recovery of Superfund expenditures;
[[Page 64411]]
(3) To parties liable, or potentially liable, for costs under
CERCLA Sec. 107 (42 U.S.C. 9607), et al, and their insurers
(Potentially Responsible Parties) for purposes of facilitating
settlement or litigation of claims against such parties;
(4) To other Agency contractors who, for purposes of performing
the work required under the respective contracts, require access to
information the Agency obtained under the Clean Air Act (42 U.S.C.
7401 et seq.); the Federal Water Pollution Control Act (33
U.S.C.1251 et seq.); the Safe Drinking Water Act (42 U.S.C. 300f et
seq.); the Federal Insecticide, Fungicide and Rodenticide Act (7
U.S.C. 136 et seq.); the Resource Conservation and Recovery Act (42
U.S.C. 6901 et seq.); the Toxic Substances Control Act (15 U.S.C.
2601 et seq.); or the Comprehensive Environmental Response,
Compensation, and Liability Act (42 U.S.C. 9601 et seq.);
(5) To other Agency contractors tasked with assisting the Agency
in handling and processing information and documents in the
administration of Agency contracts, such as providing both preaward
and post award audit support and specialized technical support to
the Agency's technical evaluation panels;
(6) To employees of grantees working at EPA under the Senior
Environmental Enrollee (SEE) Program;
(7) To Speaker of the House, President of the Senate, or
Chairman of a Committee or Subcommittee;
(8) To entities such as the General Accounting Office, boards of
contract appeals, and the Courts in the resolution of solicitation
or contract protests and disputes;
(9) To Agency contractor employees engaged in information
systems analysis, development, operation, and maintenance, including
performing data processing and management functions for the Agency;
and
(10) Pursuant to a court order or Court-supervised agreement.
(c) The Agency recognizes an obligation to protect the
contractor from competitive harm that may result from the release of
such information to a competitor. (See also the clauses in this
document entitled ``Screening Business Information for Claims of
Confidentiality'' and ``Treatment of Confidential Business
Information.'') Except where otherwise provided by law, the Agency
will permit the release of CBI under subparagraphs (1), (3), (5), or
(9) only pursuant to a confidentiality agreement.
(d) With respect to contractors, 1552.235-71 will be used as the
confidentiality agreement. With respect to Potentially Responsible
Parties, such confidentiality agreements may permit further
disclosure to other entities where necessary to further settlement
or litigation of claims under CERCLA. Such entities include, but are
not limited to accounting firms and technical experts able to
analyze the information, provided that they also agree to be bound
by an appropriate confidentiality agreement.
(e) This clause does not authorize the Agency to release the
contractor's CBI to the public pursuant to a request filed under the
Freedom of Information Act.
(f) The Contractor agrees to include this clause, including this
paragraph (f), in all subcontracts at all levels awarded pursuant to
this contract that require the furnishing of confidential business
information by the subcontractor.
(End of Clause)
Dated: October 30, 1995.
Betty L. Bailey,
Director, Office of Acquisition Management.
[FR Doc. 95-30357 Filed 12-14-95; 8:45 am]
BILLING CODE 6560-50-P
