[Federal Register Volume 61, Number 63 (Monday, April 1, 1996)]
[Rules and Regulations]
[Pages 14264-14267]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 96-7750]
=======================================================================
-----------------------------------------------------------------------
ENVIRONMENTAL PROTECTION AGENCY
48 CFR Parts 1535 and 1552
[FRL-5448-7]
Acquisition Regulation; Confidential Business Information
AGENCY: Environmental Protection Agency.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: This document amends the Environmental Protection Agency
Acquisition Regulation (EPAAR) (48 CFR Chapter 15) by revising both the
prescription for use of solicitation provisions and contract clauses
regarding collection, use, access, treatment, and disclosure of
confidential business information (CBI), and adding solicitation
provisions and contract clauses on CBI.
EFFECTIVE DATE: May 1, 1996.
FOR FURTHER INFORMATION CONTACT: Louise Senzel, Environmental
Protection Agency, Office of Acquisition Management (3802F), 401 M
Street, SW., Washington, DC 20460. Telephone: (202) 260-6204.
SUPPLEMENTARY INFORMATION:
A. Background
The proposed rule was published in the Federal Register (60 CFR
64408) on December 15, 1995, providing for a 60-day comment period
until February 13, 1996.
Interested persons have been afforded an opportunity to participate
in the making of this rule. Due consideration was given to the one
comment received. The following is a summary of the comment received
and the Agency's disposition of the comment.
Comment. The use by the Environmental Protection Agency and
potentially other Federal agencies and contractors of confidential
business information (CBI) would not be objectionable as long as proper
safeguards are in place to protect CBI from improper release to a
company's competitors. The proposed rule appears to provide sufficient
safeguards to protect CBI from improper release with the exception of
one comment and suggestion.
With respect to Section 1552.235-79, Release of Contractor
Confidential Business Information, we suggest that paragraph (c), which
states that the ``Agency will permit release of CBI under subparagraphs
(1), (3), (5), or (9) only pursuant to a confidentiality agreement,''
be modified to include references to subparagraphs (4) and (6), to the
extent that CBI is not otherwise protected by the applicable statute.
The rationale for also including subparagraphs (4) and (6) is to obtain
the protections afforded by a confidentiality agreement in such
situations as contemplated by subparagraphs (4) and (6). An agency's
release of CBI only pursuant to a properly executed confidentiality
agreement should provide sufficient safeguards to protect CBI in the
vast majority of situations.
Response. In practice, the Agency does not release CBI in these
situations unless there has been a properly executed confidentiality
agreement. The Agency has made the requested change to the proposed
rule to ensure that this practice continues and so that contractors are
aware that this is a condition of release of CBI to these individuals.
B. Executive Order 12866
This is not a significant regulatory action for the purposes of
Executive Order 12866; therefore, no review was required by the Office
of Information and Regulatory Affairs.
C. Paperwork Reduction Act
The Paperwork Reduction Act did not apply because this rule does
not contain information collection requirements that require the
approval of OMB under the Paperwork Reduction Act of 1980 (44 U.S.C.
3501 et seq.)
D. Regulatory Flexibility Act
The EPA certifies that this rule does not exert a significant
economic impact on a substantial number of small entities. The
requirements to contractors under the rule impose no reporting,
recordkeeping, or any compliance costs.
E. Unfunded Mandates
This rule will not impose unfunded mandates on state or local
entities, or others.
The provisions of this regulation are issued under 5 U.S.C. 301; 40
U.S.C. 486(c).
List of Subjects in 48 CFR Parts 1535 and 1552
Government procurement.
Therefore, 48 CFR Chapter 15 is amended as set forth below:
1. The authority citation for Parts 1535 and 1552 continues to read
as follows:
Authority: Sec. 205(c), 63 stat. 390, as amended, 40 U.S.C.
486(c).
2. Section 1535.007 is revised to read as follows:
1535.007 Solicitations.
(a) Contracting Officers shall insert the following provisions in
all solicitations when the Contracting Officer has determined that EPA
may furnish the contractor with confidential business information which
EPA has obtained from third parties under the Federal Insecticide,
Fungicide and Rodenticide Act (7 U.S.C. 136 et seq.).
(1) 48 CFR 1552.235-72, Control and Security of Federal
Insecticide, Fungicide, and Rodenticide Act Confidential Business
Information; and
(2) 48 CFR 1552.235-73, Access to Federal Insecticide, Fungicide,
and Rodenticide Act Confidential Business Information.
(b) Contracting Officers shall insert the following provisions in
all solicitations when the Contracting Officer has determined that EPA
may furnish the contractor with confidential business information which
EPA has obtained from third parties under the Toxic Substances Control
Act (15 U.S.C. 2601 et seq.)
(1) 48 CFR 1552.235-74, Control and Security of Toxic Substances
Control Act Confidential Business Information, and
[[Page 14265]]
(2) 48 CFR 1552.235-75, Access to Toxic Substances Control Act
Confidential Business Information.
2a. In section 1535.007-70, paragraphs (b) and (c) are revised and
paragraphs (d) through (f) are added reading as follows:
1535.007-70 Contract clauses.
* * * * *
(b) The Contracting Officer shall insert the clause at 48 CFR
1552.235-71, Treatment of Confidential Business Information, in
solicitations and contracts when the Contracting Officer has determined
that in the performance of the contract, EPA may furnish confidential
business information to the contractor obtained from third parties
under the Clean Air Act (42 U.S.C. 7401 et seq.), the Federal Water
Pollution Control Act (33 U.S.C. 1251 et seq.), the Safe Drinking Water
Act (42 U.S.C. 300f et seq.), the Federal Food, Drug, and Cosmetic Act
(21 U.S.C. 301 et seq.), the Resource Conservation and Recovery Act (42
U.S.C. 301 et seq.), the Federal Insecticide, Fungicide and Rodenticide
Act (7 U.S.C. 136 et seq.), the Comprehensive Environmental Response,
Compensation, and Liability Act (42 U.S.C. 9601 et seq.), and the
provision at 48 CFR 1552.235-70, Release of Contractor Confidential
Business Information. EPA regulations on confidentiality of business
information in 40 CFR part 2, subpart B require that the contractor
agree to the clause entitled ``Treatment of Confidential Business
Information'' before any confidential business information may be
furnished to the contractor.
(c) The Contracting Officer shall insert the clause at 48 CFR
1552.235-76, Treatment of Confidential Business Information, in
solicitations and contracts when the Contracting Officer has determined
that in the performance of the contract, EPA may furnish the contractor
with confidential business information obtained from third parties
under the Toxic Substances Control Act (15 U.S.C. 2601 et seq.). EPA
regulations on confidentiality of business information in 40 CFR part
2, subpart B require that the contractor agree to the clause entitled
``Treatment of Confidential Business Information'' before any
confidential business information may be furnished to the contractor.
(d) The Contracting Officer shall insert the clause at 48 CFR
1552.235-77, Data Security for Federal Insecticide, Fungicide, and
Rodenticide Act, Confidential Business Information, when the contract
involves access to confidential business information related to the
Federal Insecticide, Fungicide, and Rodenticide Act, and the Treatment
of Confidential Business Information clause (48 CFR 1552.235-71) and
the Screening Business Information for Claims of Confidentiality clause
(48 CFR 1552.235-70) are included.
(e) The Contracting Officer shall insert the clause at 48 CFR
1552.235-78, Data Security for Toxic Substances Control Act
Confidential Business Information, when the contract involves access to
confidential business information related to the Toxic Substances
Control Act, and the Treatment of Confidential Business Information
clause (48 CFR 1552.235-76) and Screening Business Information for
Claims of Confidentiality clause (48 CFR 1552.235-70) are included.
(f) Contracting Officers shall insert the clause 48 CFR 1552.235-
79, Release of Contractor Confidential Business Information, in all
solicitations and contracts in order to authorize the Agency to release
confidential business information under certain circumstances.
3. Subpart 1552.2 is amended to revise section 1552.235-72, and add
sections 1552.235-73, through 1552.235-79 to read as follows:
1552.235-72 Control and Security of Federal Insecticide, Fungicide,
and Rodenticide Act Confidential Business Information (Apr 1996).
As prescribed in 1535.007(a), insert the following provision:
Control And Security of Federal Insecticide, Fungicide, And Rodenticide
Act Confidential Business Information (Apr 1996).
The offeror certifies that--
--the Contractor and its employees have read and are familiar
with the requirements for the control and security of Federal
Insecticide, Fungicide, and Rodenticide Act confidential business
information contained in the manual entitled ``Federal Insecticide,
Fungicide, and Rodenticide Act Information Security Manual.'' (See
also 1552.235-77 elsewhere in this solicitation.)
(End of Provision)
1552.235-73 Access to Federal Insecticide, Fungicide, and Rodenticide
Act Confidential Business Information (Apr 1996).
As prescribed in 1535.007(a), insert the following provision:
Access to Federal Insecticide, Fungicide, and Rodenticide Act
ConfidentialL Business Information (Apr 1996).
In order to perform duties under the contract, the Contractor
will need to be authorized for access to Federal Insecticide,
Fungicide, and Rodenticide Act (FIFRA) confidential business
information (CBI). The Contractor and all of its employees handling
CBI while working under the contract will be required to follow the
procedures contained in the security manual entitled ``FIFRA
Information Security Manual.'' These procedures include applying for
FIFRA CBI access authorization for each individual working under the
contract who will have access to FIFRA CBI, execution of
confidentiality agreements, and designation by the Contractor of an
individual to serve as a Document Control Officer. The Contractor
will be required to abide by those clauses contained in EPAAR
1552.235-70, 1552.235- 71, and 1552.235-77 that are appropriate to
the activities set forth in the contract.
Until EPA has approved the Contractor's security plan, the
Contractor may not be authorized for FIFRA CBI access away from EPA
facilities.
(End of Provision)
1552.235-74 Control and Security of Toxic Substances Control Act
Confidential Business Information (Apr 1996).
As prescribed in 1535.007(b), insert the following provision:
Control and Security of Toxic Substances Control Act Confidential
Business Information (Apr 1996).
The offeror certifies that--
--the Contractor and its employees have read and are familiar
with the requirements for the control and security of Toxic
Substances Control Act confidential business information contained
in the manual entitled ``Toxic Substances Control Act Confidential
Business Information Security Manual.'' (See also 1552.235-78
elsewhere in this solicitation.)
(End of Provision)
1552.235-75 Access to Toxic Substances Control Act Confidential
Business Information (Apr 1996).
As prescribed in 1535.007(b), insert the following provision:
Access to Toxic Substances Control Act Confidential Business
Information (Apr 1996)
In order to perform duties under the contract, the Contractor
will need to be authorized for access to Toxic Substances Control
Act (TSCA) confidential business information (CBI). The Contractor
and all of its employees handling CBI while working under the
contract will be required to follow the procedures contained in the
security manual entitled ``TSCA Confidential Business Information
Security Manual.'' These procedures include applying for TSCA CBI
access authorization for each individual working under the contract
who will have access to TSCA CBI, execution of confidentiality
agreements, and designation by the Contractor of an individual to
serve as a Document Control Officer. The Contractor will be required
to abide by those clauses contained in EPAAR 1552.235-70, 1552.235-
71, and 1552.235-78 that are appropriate to the activities set forth
in the contract.
Until EPA has inspected and approved the Contractor's
facilities, the Contractor may not be authorized for TSCA CBI access
away from EPA facilities.
(End of Provision)
[[Page 14266]]
1552.235-76 Treatment of Confidential Business Information (Apr 1996).
As prescribed in 1535.007-70(c), insert the following clause:
Treatment of Confidential Business Information (Apr 1996)
(a) The Project Officer (PO) or his/her designee, after a
written determination by the appropriate program office, may
disclose confidential business information (CBI) to the Contractor
necessary to carry out the work required under this contract. The
Contractor agrees to use the CBI only under the following
conditions:
(1) The Contractor and Contractor's employees shall (i) use the
CBI only for the purposes of carrying out the work required by the
contract; (ii) not disclose the information to anyone other than
properly cleared EPA employees without the prior written approval of
the Assistant General Counsel for Information Law or his/her
designee; and (iii) return the CBI to the PO or his/her designee,
whenever the information is no longer required by the Contractor for
performance of the work required by the contract, or upon completion
of the contract.
(2) The Contractor shall obtain a written agreement to honor the
above limitations from each of the Contractor's employees who will
have access to the information before the employee is allowed
access.
(3) The Contractor agrees that these contract conditions
concerning the use and disclosure of CBI are included for the
benefit of, and shall be enforceable by, both EPA and any affected
businesses having a proprietary interest in the information.
(4) The Contractor shall not use any CBI supplied by EPA or
obtained during performance hereunder to compete with any business
to which the CBI relates.
(b) The Contractor agrees to obtain the written consent of the
CO, after a written determination by the appropriate program office,
prior to entering into any subcontract that will involve the
disclosure of CBI by the Contractor to the subcontractor. The
Contractor agrees to include this clause, including this paragraph
(b), in all subcontracts awarded pursuant to this contract that
require the furnishing of CBI to the subcontractor.
(End of Clause)
1552.235-77 Data Security for Federal Insecticide, Fungicide, and
Rodenticide Act Confidential Business Information (Apr 1996).
As prescribed in 1535.007-70(d), insert the following clause:
Data Security for Federal Insecticide, Fungicide, and Rodenticide Act
Confidential Business Information (Apr 1996)
The Contractor shall handle Federal Insecticide, Fungicide, and
Rodenticide Act (FIFRA) confidential business information (CBI) in
accordance with the contract clause entitled ``Treatment of
Confidential Business Information'' and ``Screening Business
Information for Claims of Confidentiality,'' the provisions set
forth below, and the Contractor's approved detailed security plan.
(a) The Project Officer (PO) or his/her designee, after a
written determination by the appropriate program office, may
disclose FIFRA CBI to the contractor necessary to carry out the work
required under this contract. The Contractor shall protect all FIFRA
CBI to which it has access (including CBI used in its computer
operations) in accordance with the following requirements:
(1) The Contractor and Contractor's employees shall follow the
security procedures set forth in the FIFRA Information Security
Manual. The manual may be obtained from the Project Officer (PO) or
the Chief, Information Services Branch (ISB), Program Management and
Support Division, Office of Pesticide Programs (OPP) (H7502C), U.S.
Environmental Protection Agency, 401 M Street, SW, Washington, DC
20460.
(2) The Contractor and Contractor's employees shall follow the
security procedures set forth in the Contractor's security plan(s)
approved by EPA.
(3) Prior to receipt of FIFRA CBI by the Contractor, the
Contractor shall submit a certification statement to the Chief of
the ISB, with a copy to the Contracting Officer (CO), certifying
that all employees who will be cleared for access to FIFRA CBI have
been briefed on the handling, control and security requirements set
forth in the FIFRA Information Security Manual.
(4) The Contractor Document Control Officer (DCO) shall obtain a
signed copy of the FIFRA ``Contractor Employee Confidentiality
Agreement'' from each of the Contractor's employees who will have
access to the information before the employee is allowed access.
(b) The Contractor agrees that these requirements concerning
protection of FIFRA CBI are included for the benefit of, and shall
be enforceable by, both EPA and any affected business having a
proprietary interest in the information.
(c) The Contractor understands that CBI obtained by EPA under
FIFRA may not be disclosed except as authorized by the Act, and that
any unauthorized disclosure by the Contractor or the Contractor's
employees may subject the Contractor and the Contractor's employees
to the criminal penalties specified in FIFRA (7 U.S.C. 136h(f)). For
purposes of this contract, the only disclosures that EPA authorizes
the Contractor to make are those set forth in the clause entitled
``Treatment of Confidential Business Information.''
(d) The Contractor agrees to include the provisions of this
clause, including this paragraph (d), in all subcontracts awarded
pursuant to this contract that require the furnishing of CBI to the
subcontractor.
(e) At the request of EPA or at the end of the contract, the
Contractor shall return to the EPA PO or his/her designee all
documents, logs, and magnetic media which contain FIFRA CBI. In
addition, each Contractor employee who has received FIFRA CBI
clearance will sign a ``Confidentiality Agreement for Contractor
Employees Upon Relinquishing FIFRA CBI Access Authority.'' The
Contractor DCO will also forward those agreements to the EPA PO or
his/her designee, with a copy to the CO, at the end of the contract.
(f) If, subsequent to the date of this contract, the Government
changes the security requirements, the CO shall equitably adjust
affected provisions of this contract, in accordance with the
``Changes'' clause when:
(1) The Contractor submits a timely written request for an
equitable adjustment; and
(2) The facts warrant an equitable adjustment.
(End of Clause)
1552.235-78 Data security for Toxic Substances Control Act
confidential business information (Apr 1996)
As prescribed in 1535.007-70(e), insert the following clause:
Data Security for Toxic Substances Control Act Confidential Business
Information (Apr 1996)
The Contractor shall handle Toxic Substances Control Act (TSCA)
confidential business information (CBI) in accordance with the
contract clause entitled ``Treatment of Confidential Business
Information'' and ``Screening Business Information for Claims of
Confidentiality.''
(a) The Project Officer (PO) or his/her designee, after a
written determination by the appropriate program office, may
disclose TSCA CBI to the contractor necessary to carry out the work
required under this contract. The Contractor shall protect all TSCA
CBI to which it has access (including CBI used in its computer
operations) in accordance with the following requirements:
(1) The Contractor and Contractor's employees shall follow the
security procedures set forth in the TSCA CBI Security Manual. The
manual may be obtained from the Director, Information Management
Division (IMD), Office of Pollution Prevention and Toxics (OPPT),
U.S. Environmental Protection Agency (EPA), 401 M Street, SW,
Washington, DC 20460. Prior to receipt of TSCA CBI by the
Contractor, the Contractor shall submit a certification statement to
the Director of the EPA OPPT/Office of Program Management and
Evaluation, with a copy to the Contracting Officer (CO), certifying
that all employees who will be cleared for access to TSCA CBI have
been briefed on the handling, control, and security requirements set
forth in the TSCA CBI Security Manual.
(2) The Contractor shall permit access to and inspection of the
Contractor's facilities in use under this contract by
representatives of EPA's Assistant Administrator for Administration
and Resources Management, and the TSCA Security Staff in the OPPT,
or by the EPA Project Officer.
(3) The Contractor Document Control Officer (DCO) shall obtain a
signed copy of EPA Form 7740-6, ``TSCA CBI Access Request,
Agreement, and Approval,'' from each of the Contractor's employees
who will have access to the information before the employee is
allowed access. In addition, the Contractor shall obtain from each
employee who will be cleared for TSCA CBI access all information
required by EPA or the U.S. Office of Personnel Management for EPA
to conduct a Minimum Background Investigation.
(b) The Contractor agrees that these requirements concerning
protection of TSCA
[[Page 14267]]
CBI are included for the benefit of, and shall be enforceable by,
both EPA and any affected business having a proprietary interest in
the information.
(c) The Contractor understands that CBI obtained by EPA under
TSCA may not be disclosed except as authorized by the Act, and that
any unauthorized disclosure by the Contractor or the Contractor's
employees may subject the Contractor and the Contractor's employees
to the criminal penalties specified in TSCA (15 U.S.C. 2613(d)). For
purposes of this contract, the only disclosures that EPA authorizes
the Contractor to make are those set forth in the clause entitled
``Treatment of Confidential Business Information.''
(d) The Contractor agrees to include the provisions of this
clause, including this paragraph (d), in all subcontracts awarded
pursuant to this contract that require the furnishing of CBI to the
subcontractor.
(e) At the request of EPA or at the end of the contract, the
Contractor shall return to the EPA PO or his/her designee, all
documents, logs, and magnetic media which contain TSCA CBI. In
addition, each Contractor employee who has received TSCA CBI
clearance will sign EPA Form 7740-18, ``Confidentiality Agreement
for Contractor Employees Upon Relinquishing TSCA CBI Access
Authority.'' The Contractor DCO will also forward those agreements
to the EPA OPPT/IMD, with a copy to the CO, at the end of the
contract.
(f) If, subsequent to the date of this contract, the Government
changes the security requirements, the CO shall equitably adjust
affected provisions of this contract, in accordance with the
``Changes'' clause, when:
(1) The Contractor submits a timely written request for an
equitable adjustment; and,
(2) The facts warrant an equitable adjustment.
(End of Clause)
1552.235-79 Release of contractor confidential business information
(Apr 1996).
As prescribed in 1535.007-70(f), insert the following clause:
Release of Contractor Confidential Business Information (Apr 1996)
(a) The Environmental Protection Agency (EPA) may find it
necessary to release information submitted by the Contractor either
in response to this solicitation or pursuant to the provisions of
this contract, to individuals not employed by EPA. Business
information that is ordinarily entitled to confidential treatment
under existing Agency regulations (40 CFR Part 2) may be included in
the information released to these individuals. Accordingly, by
submission of this proposal or signature on this contract or other
contracts, the Contractor hereby consents to a limited release of
its confidential business information (CBI).
(b) Possible circumstances where the Agency may release the
Contractor's CBI include, but are not limited to the following:
(1) To other Agency contractors tasked with assisting the Agency
in the recovery of Federal funds expended pursuant to the
Comprehensive Environmental Response, Compensation, and Liability
Act, 42 U.S.C. Sec. 9607, as amended, (CERCLA or Superfund);
(2) To the U.S. Department of Justice (DOJ) and contractors
employed by DOJ for use in advising the Agency and representing the
Agency in procedures for the recovery of Superfund expenditures;
(3) To parties liable, or potentially liable, for costs under
CERCLA Sec. 107 (42 U.S.C. Sec. 9607), et al, and their insurers
(Potentially Responsible Parties) for purposes of facilitating
settlement or litigation of claims against such parties;
(4) To other Agency contractors who, for purposes of performing
the work required under the respective contracts, require access to
information the Agency obtained under the Clean Air Act (42 U.S.C.
7401 et seq.); the Federal Water Pollution Control Act (33
U.S.C.1251 et seq.); the Safe Drinking Water Act (42 U.S.C. 300f et
seq.); the Federal Insecticide, Fungicide and Rodenticide Act (7
U.S.C. 136 et seq.); the Resource Conservation and Recovery Act (42
U.S.C. 6901 et seq.); the Toxic Substances Control Act (15 U.S.C.
2601 et seq.); or the Comprehensive Environmental Response,
Compensation, and Liability Act (42 U.S.C. 9601 et seq.);
(5) To other Agency contractors tasked with assisting the Agency
in handling and processing information and documents in the
administration of Agency contracts, such as providing both preaward
and post award audit support and specialized technical support to
the Agency's technical evaluation panels;
(6) To employees of grantees working at EPA under the Senior
Environmental Employment (SEE) Program;
(7) To Speaker of the House, President of the Senate, or
Chairman of a Committee or Subcommittee;
(8) To entities such as the General Accounting Office, boards of
contract appeals, and the Courts in the resolution of solicitation
or contract protests and disputes;
(9) To Agency contractor employees engaged in information
systems analysis, development, operation, and maintenance, including
performing data processing and management functions for the Agency;
and
(10) Pursuant to a court order or court-supervised agreement.
(c) The Agency recognizes an obligation to protect the
contractor from competitive harm that may result from the release of
such information to a competitor. (See also the clauses in this
document entitled ``Screening Business Information for Claims of
Confidentiality'' and ``Treatment of Confidential Business
Information.'') Except where otherwise provided by law, the Agency
will permit the release of CBI under subparagraphs (1), (3), (4),
(5), (6), or (9) only pursuant to a confidentiality agreement.
(d) With respect to contractors, 1552.235-71 will be used as the
confidentiality agreement. With respect to Potentially Responsible
Parties, such confidentiality agreements may permit further
disclosure to other entities where necessary to further settlement
or litigation of claims under CERCLA. Such entities include, but are
not limited to accounting firms and technical experts able to
analyze the information, provided that they also agree to be bound
by an appropriate confidentiality agreement.
(e) This clause does not authorize the Agency to release the
Contractor's CBI to the public pursuant to a request filed under the
Freedom of Information Act.
(f) The Contractor agrees to include this clause, including this
paragraph (f), in all subcontracts at all levels awarded pursuant to
this contract that require the furnishing of confidential business
information by the subcontractor.
(End of Clause)
Dated: March 19, 1996.
Betty L. Bailey,
Director, Office of Acquisition Management.
[FR Doc. 96-7750 Filed 3-29-96; 8:45 am]
BILLING CODE 6560-50-P
