The Government is required to protect contractors' proprietary information from unauthorized disclosure. Contractors are responsible for deciding what data is proprietary. FAR 52.215-1 provides specific language for marking information that contractors consider to be proprietary. There is specific wording for a cover page and for each page that contains proprietary data. To read more about these protections, see "Protect Your Proprietary Information".
In a case that underscores the importance of protecting proprietary data as well making the point that it is the contractors', not the Government's responsibility to clearly identify proprietary data, the U.S. Court of Federal Claims denied a contractor's protest that the Air Force mistakenly included its proprietary data - specifically its indirect rate and fee structures - in solicitation materials. The contractor, who was also the incumbent contractor for the work, stressed that other bidders having knowledge of its proprietary data, had a baseline from which to prepare their own bids. The contractor asked for a five-year extension of its current contract as a remedy for the inadvertent release of its proprietary data.
The incumbent contractor had included indirect cost and award fee data in its management reports to the Air Force. The Air Force, in turn, included those reports in the solicitation without redacting the contractor's proprietary data. Upon learning of this from another potential bidder, the Air Force took reasonable steps to mitigate the disclosure including removal from the solicitation information and removing other offerors' ability to propose individual indirect rates and fees in a new competition.
The Court of Federal Claims found that the Air Force had taken reasonable steps to mitigate the damage however the Court also found that it was ultimately the contractor's fault, not the Government's, because the contractor had the affirmative duty to clearly mark data that was proprietary and by failing to do so, had waived its rights.
To read the entire decision, click here.
Showing posts with label proprietary information. Show all posts
Showing posts with label proprietary information. Show all posts
Wednesday, March 16, 2016
Thursday, December 19, 2013
Protecting Proprietary Information
Government contractors have always been reluctant to provide the Government with data and information that it considers proprietary. Its a natural reaction. After all, who really knows what happens to information once it gets sucked into the bowels of the Government bureaucracy. Is it passed around? Is it carelessly left unprotected for anyone to view/copy/steal? Is it given to competitors?
In our experience, Government contractors do not have too much to be concerned about. Government employees are trained and instructed to protect all contractor data - regardless of whether the data contains protective markings. Data provided to auditors for example, get bound into folders and stuffed into filing cabinets for a few years, then boxed and sent to a Federal Records Center for a few more years, then destroyed. There is very little risk that contractor proprietary data will get into the wrong hands. There is less risk that if the information should leak out, it would irreparably harm the contractor.
There was one case many years ago where Congress requested contractor proprietary information from Defense Contract Management Agency (DCMA) that was subsequently publicized in a Congressional hearing. The contractor protested loudly and for a long time afterward, there was a lot of mistrust whenever DCAA or DCMA requested proprietary information necessary to perform its work.
Anyone who releases proprietary information to an unauthorized party, risks fines and jail time. The law pertaining to unauthorized disclosure of contractor information, and penalties for violation thereof, is contained in 18 USC 1905:
In our experience, Government contractors do not have too much to be concerned about. Government employees are trained and instructed to protect all contractor data - regardless of whether the data contains protective markings. Data provided to auditors for example, get bound into folders and stuffed into filing cabinets for a few years, then boxed and sent to a Federal Records Center for a few more years, then destroyed. There is very little risk that contractor proprietary data will get into the wrong hands. There is less risk that if the information should leak out, it would irreparably harm the contractor.
There was one case many years ago where Congress requested contractor proprietary information from Defense Contract Management Agency (DCMA) that was subsequently publicized in a Congressional hearing. The contractor protested loudly and for a long time afterward, there was a lot of mistrust whenever DCAA or DCMA requested proprietary information necessary to perform its work.
Anyone who releases proprietary information to an unauthorized party, risks fines and jail time. The law pertaining to unauthorized disclosure of contractor information, and penalties for violation thereof, is contained in 18 USC 1905:
Whoever, being an office or employee of the United States or of any department or agency thereof, any person acting on behalf of the Office of Federal Housing Enterprise Oversight, or agent of the Department of Justice as defined in the Antitrust Civil Process Act, or being an employee of a private sector organization who is or was assigned to an agency under chapter 37 of title 5, publishes, divulges, discloses, or makes know in any manner or to any extent not authorized by law any information coming to him in the course of his employment or official duties or by reason af any examination or investigation made by, or return, report or record made to or filed with, such department or agency or officer or employee thereof, which information concerns or relates to the trade secrets, processes, operations, style of work, or apparatus, or to the identity, confidential statistical data, amount or source of any income, profits, losses or expenditures of any person, firm, partnership, corporation, or association; or permits any income return or copy thereof or any book containing any abstract or particulars thereof to be seen or examined by any person except as provided by law, shall be fined under this title, or imprisoned not more than one year, or both; and shall be removed from office or employment.One last thing. Contractors who object to providing routinely requested information will sometimes pique an auditor's curiosity. Auditors might wonder what the contractor is trying to hide and they'll dig a little deeper than they might otherwise have. That's called "risk assessment".
Tuesday, May 8, 2012
Is Your Proprietary Data Protected?
Companies, especially companies new to the Government contracting arena, are often wary of sending proprietary company data off to faceless, nameless bureaucrats. One never knows where that information could end up. Will it somehow end up in the hands of the competition? Will it be passed along to other Government agencies, where perhaps, you've submitted proposals with different costing information? Will it end up in a congressional hearing? Will it become public? What about company responsibility to safeguard employee personnel data?
We can't tell you not to worry, but you shouldn't worry too much. Agencies have a responsibility to protect proprietary information from disclosure outside the Executive Branch. Intentional and inadvertent disclosures can harm the competitive position of contractors among their competitors and impair the ability of the Federal Government to maintain a robust and competitive marketplace. Disclosure is also illegal under a variety of statutes. For this reason, Government contracting personnel including contract auditors are trained from the very beginning of their careers the importance of safeguarding proprietary information.
While there are restrictions on the release of proprietary information outside the Government, there are no general limitations on the disclosure of information between agencies within the Government. As a matter of fact, agencies are encouraged to share pricing information to help ensure the Government is getting the best value for taxpayers. While the flow of information outside the Government can cause harm, the flow of information between agencies (within the Executive Branch) does not cause harm but helps "root out wasteful duplication and negotiate better deals for the taxpayer."
Sometimes the Government relies on contractors to help award other contracts. These contract workers will have access to the proprietary data of other contractors including cases where those contractors are in direct competition with their own company. In these cases, the Government tries to build a firewall so that proprietary data is not communicated back to the employer. These procedures are covered in FAR 9.5 regarding organizational conflicts of interest.
There have been cases where company proprietary information has been demanded of an Executive Agency by Congress and subsequently made public during a Congressional committee hearing, for example. These are extreme cases and would be difficult to prevent, no matter how tightly a company's or an Executive Agency's policies were drafted.
Contractors should be routinely marking each document that contains proprietary information with a statement to that effect. This should at least reduce the risk of inadvertent disclosures.
We can't tell you not to worry, but you shouldn't worry too much. Agencies have a responsibility to protect proprietary information from disclosure outside the Executive Branch. Intentional and inadvertent disclosures can harm the competitive position of contractors among their competitors and impair the ability of the Federal Government to maintain a robust and competitive marketplace. Disclosure is also illegal under a variety of statutes. For this reason, Government contracting personnel including contract auditors are trained from the very beginning of their careers the importance of safeguarding proprietary information.
While there are restrictions on the release of proprietary information outside the Government, there are no general limitations on the disclosure of information between agencies within the Government. As a matter of fact, agencies are encouraged to share pricing information to help ensure the Government is getting the best value for taxpayers. While the flow of information outside the Government can cause harm, the flow of information between agencies (within the Executive Branch) does not cause harm but helps "root out wasteful duplication and negotiate better deals for the taxpayer."
Sometimes the Government relies on contractors to help award other contracts. These contract workers will have access to the proprietary data of other contractors including cases where those contractors are in direct competition with their own company. In these cases, the Government tries to build a firewall so that proprietary data is not communicated back to the employer. These procedures are covered in FAR 9.5 regarding organizational conflicts of interest.
There have been cases where company proprietary information has been demanded of an Executive Agency by Congress and subsequently made public during a Congressional committee hearing, for example. These are extreme cases and would be difficult to prevent, no matter how tightly a company's or an Executive Agency's policies were drafted.
Contractors should be routinely marking each document that contains proprietary information with a statement to that effect. This should at least reduce the risk of inadvertent disclosures.
Tuesday, August 23, 2011
Protect Your Proprietary Information
The Government is required to protect contractors' proprietary information from unauthorized disclosure. There are two recurring issues regarding this requirement. What is contractor "proprietary data" and what is "unauthorized disclosure".
Contractors are responsible for deciding what data is proprietary. FAR 52.215-1 provides specific language for marking information that they consider proprietary. There is specific wording for the cover page and truncated wording for each page that contains proprietary data. We've discussed this requirement and wording in earlier postings. Vigilance in protecting proprietary information is a must. Although not fail-safe, failing to include these markings greatly increases the likelihood that competitors will see your information, good ideas, indirect rates, compensation levels, etc.
Once "proprietary information" status is disclosed, FAR 2.104-4 kicks in. Paragraph (a) of that section states:
They key phrase here is "...person authorized in accordance with applicable agency regulations and procedures. If there is ever a dispute about who is or is not authorized, contractors should request copies of agencys' specific policies.
FAR 2.104-4 also contains procedures for resolving disagreements between contractors (or prospective contractors) and the Government as to whether certain information is indeed "proprietary". Some companies make it a policy to mark everything "proprietary" when it is not necessarily so. This practice often irritates Government personnel, causes more work for everyone, and is not recommended.
Contractors are responsible for deciding what data is proprietary. FAR 52.215-1 provides specific language for marking information that they consider proprietary. There is specific wording for the cover page and truncated wording for each page that contains proprietary data. We've discussed this requirement and wording in earlier postings. Vigilance in protecting proprietary information is a must. Although not fail-safe, failing to include these markings greatly increases the likelihood that competitors will see your information, good ideas, indirect rates, compensation levels, etc.
Once "proprietary information" status is disclosed, FAR 2.104-4 kicks in. Paragraph (a) of that section states:
... no person or other entity may disclose contractor bid or proposal information or source selection information to any person other than a person authorized, in accordance with applicable agency regulations or procedures, by the agency head or the contracting officer to receive such information.
They key phrase here is "...person authorized in accordance with applicable agency regulations and procedures. If there is ever a dispute about who is or is not authorized, contractors should request copies of agencys' specific policies.
FAR 2.104-4 also contains procedures for resolving disagreements between contractors (or prospective contractors) and the Government as to whether certain information is indeed "proprietary". Some companies make it a policy to mark everything "proprietary" when it is not necessarily so. This practice often irritates Government personnel, causes more work for everyone, and is not recommended.
This clause does not authorized the withholding on any information from Congress, a Federal agency, GAO, or the Inspector General though if an agency releases such information, it must notify the contractor.
Subscribe to:
Comments (Atom)