Tuesday, November 16, 2010

Protections for Data Submitted to the Government

Have you ever wondered where the financial data, pricing information, and other proprietary materials that you submit to or furnish the Government in connection with a proposal or to support an incurred cost claim ends up? Have you ever wondered whether it could be inadvertently furnished to a competitor? Or, a newspaper? Or, find its way into a Congressional hearing? Have you ever had reservations about furnishing certain requested information (like employee social security numbers)? Have you ever queried a Government auditor on the protections he/she will afford? You probably don't need to be overly concerned. The Government (excluding Congress) does a pretty good job of protecting contractor propriety information.

First of all, there are protections built into the law. Unauthorized disclosure of proprietary information violates 18 U.S.C. 1905 and, if the information is contractor bid or proposal or source selection information, 41 U.S.C. 423. Any person who unlawfully discloses such information is subject to penalties such as fines, imprisonment, and/or removal from office or employment. How does the Government know what information is proprietary? It wouldn't be practical for the Government to make proprietary decisions on ever piece of data gathered. It makes those determinations only when there is an external request for access. And, when there is such a request, the Government often confers/coordinates with the contractor if there is any doubt.

We recommend that any propriety information provided the Government routinely contain appropriate markings (e.g. company proprietary, company sensitive, procurement sensitive, etc.) in order to assist the Government in making "proprietary" determinations in the event a request is ever made.

Secondly, every Government audit report contains restrictions on who should be privy to the report. For example, on a report issued to someone in the Department of Defense, the restriction reads as follows:
The contents of this report should not be released or disclosed, other than to those persons whose official duties require access in accordance with DoD 5200.1-R, Information Security, January 1997, Appendix 3, paragraph AP3.2.3. This document may contain information exempt from mandatory disclosure under the Freedom of Information Act. Exemption 4, of the Freedom of Information Act, which addresses proprietary information, may apply.
Finally, each audit report contains a cautionary statement that the information included in the report should not be used for any other purpose. Audit reports can often be misused if the person relying on it doesn't understand the specific situation that the report is addressing.
Do not use the information contained in this report for purposes other than action on the subject of this report without first discussing its applicability with the auditor.

No comments:

Post a Comment