Difference between revisions of "Protecting Proprietary Information Submitted in a Proposal"

Latest revision as of 09:08, 27 October 2015

Commercial World

In proposing to do business in the commercial world, companies frequently find themselves in the position of having to disclose confidential information and proprietary data in order to win business. Companies may be requested, for example, to turn over mission-critical data to potential customers—the disclosure of which to competitors or the general public might severely impact the company’s competitive edge, as well as hamper its efforts to succeed in the marketplace. In the commercial environment, the parties are free to negotiate whatever contractual arrangements are necessary and appropriate to protect confidential information and proprietary data. They do so through the use of Non-Disclosure Agreements. Commercial entities are also provided with access to the courts to enforce such agreements, to prevent the disclosure of proprietary data, and to collect damages in the event of unauthorized use or disclosure.

Non-Disclosure Agreements

A Non-Disclosure Agreement (NDA) sets forth the specific purpose for which the proprietary information is provided, prohibits the use of the information for any other purpose, and sets other conditions such as limited circulation of the data, a restriction on the number of copies that can be made, and procedures for the return or destruction of the data within a set time.

Non-Disclosure Agreements are generally seen in 3 situations:

1 Purely commercial contracts,

2 Commercial contracts that are being implemented in the US Government Industry. This is commonly the Prime Contractor/Subcontractor relationship.

3 Situations involving DFARS 227.7103-7, which requires the execution of a “Use and Non-Disclosure Agreement” before any disclosure of technical data or computer software delivered to the government with restrictive markings to a third-party recipient.

U S. Government Contracting

When a company is seeking to do business with the federal government, the rules of engagement are, for the most part, laid out in statutes and regulations rather than negotiated. As a result, companies are put on notice from the outset as to what is, and is not, acceptable to the government. These rules are generally non-negotiable, so a company seeking government business must either assume some level of risk or decide not to contract with the US Government.

This article explores the methods available to prospective contractors to protect proprietary information submitted to the government from unauthorized use or disclosure. In addition, the article discusses the inherent risks associated with submitting proposals (whether solicited or unsolicited) to the government. Government Obligations, Federal statutes and agency regulations provide the first layer of protection for proprietary data contained in technical, management, or cost proposals (referred to collectively as “proposals”) by regulating the conduct of government officials and employees who receive such information from prospective contractors.

Trade Secrets Act

Under the Trade Secrets Act, it is a criminal offense for a federal government official or employee to disclose trade secret or confidential commercial or financial data “to any extent not authorized by law.” A “trade secret” under this statute is defined as any formula, pattern, device, or compilation of information that is used in one’s business, and gives him an opportunity to obtain an advantage over competitors who do not know or use it. This act applies to proprietary information contained in proposals.

The Economic Espionage Act of 1964

Protects proprietary information by imposing criminal sanctions for misappropriation or theft of trade secrets by any person (not limited to government officials and employees).

The Procurement Integrity Act

Prohibits federal procurement officials from disclosing bid or proposal information to any person other than those persons authorized to receive such information.

Bid & Proposal information includes cost or pricing data, indirect costs, direct labor rates, and properly marked proprietary information concerning manufacturing process, operations, or techniques. The prohibitions of the Procurement Integrity Act, however, apply only during the procurement process and do not continue after contract award or cancellation of the procurement. The FAR requires that government officials secure all bids — including modifications—until bid opening, and safeguard all proposals from unauthorized disclosure throughout the source selection process. While these provisions guard against the unauthorized use or disclosure of proposal information by government officials and employees, offerors and other prospective contractors should take additional steps to protect more fully proprietary data submitted with a proposal. Protecting Data in an RFP Offerors responding to a competitive solicitation are permitted to mark data included in their proposals with a restrictive legend. The legend restricts the disclosure and use of the data by government personnel to the evaluation of the proposal. Specifically, paragraph (e) of the standard request for proposal (RFP) provision FAR 52.215-1 - Instructions to Offerors–Competitive. FAR 52.215-1, provides that offerors seeking such a restriction on the disclosure and use of their data should take two steps.

First, the offeror should mark the title page of its proposal with the following legend.

This proposal includes data that shall not be disclosed outside the government and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate this proposal. If, however, a contract is awarded to this offeror as a result of—or in connection with—the submission of this data, the government shall have the right to duplicate, use, or disclose the data to the extent provided in the resulting :contract. This restriction does not limit the government’s right to use information contained in this data if it is obtained from another source without restriction. The data subject to this restriction are contained in sheets [insert numbers or other identification of sheets].

Second, the offeror should mark each sheet in its proposal containing data it wishes to restrict with the following legend:

Use or disclose the data contained on this sheet is subject to the restriction on the title page of this proposal.

Note: The government’s right to use or disclose the data after contract award is governed by the clauses incorporated into the contract rather than the legend.

Offerors submitting proposals to the Department of Defense (DOD) should also be aware of DOD’s policy governing disclosure and use of proprietary proposal data. Specifically, DOD regulations provide that, by submitting the proposal, the offeror agrees that DOD may reproduce and use proposal information for evaluation purposes. The regulations also advise that subsequent to contract award, the government shall have the right to disclose and use proposal information within the government, and outside the government with the contractor’s written permission.

Protecting Data from Release Under FOIA

The FAR legends noted earlier impose restrictions on the government’s use or disclosure of proposal data. But, the FAR legends do not protect information or data submitted with a proposal from release or disclosure under the Freedom of Information Act (FOIA), 5 U.S.C. § 552. Enacted in 1966, FOIA gives any person, including a competitor, the right to request access to company documents in the possession of a federal agency. Since 1997, civilian agencies and DOD have been prohibited by statute from releasing under FOIA proposals submitted in response to a competitive procurement.

The statute also does not apply to any proposal that is set forth or incorporated by reference into a contract between the government and the party submitting the information. It is therefore recommended that, notwithstanding this statute, all offerors continue to mark their proposals in the manner such as described in FAR 52.215-1.

Trade Secrets and Confidential Information

To be protected from disclosure in response to a FOIA request, the information or data submitted with a proposal must fall within one of the exceptions set forth in the statute. The most common exemption relied on by offerors and government officials seeking to protect proposal data from public disclosure is the FOIA’s exemption for “trade secret” and “privileged or confidential commercial or financial information.” Under this provision, trade secret is defined as “a secret, commercially valuable plan, formula, process, or device that is used for the making, preparing, compounding, or processing of trade commodities and that can be said to be the end product of either innovation or substantial effort.” Commercial or financial information is within the FOIA exemption if it is confidential. Confidential means that the information is not customarily released to the public and the release would cause competitive harm or would impact the government’s ability to obtain such information in the future. Information protected is the release of overhead factors, cost figures, and profit and line-item pricing information, where the release of information would likely cause substantial competitive harm. Since the government disfavors any modification or change to the FAR legends for marking the proposal title page and proposed sheets, the best practice is for an offeror to mark its proposal with the exact legend prescribed in the FAR and then mark the proposal separately and distinctly with the FOIA legend. A suggested additional legend is:

This proposal contains trade secret and confidential business or financial information exempt from disclosure under the Freedom of Information Act.

Exemption for Critical Infrastructure Information

In 2002, Congress passed the Homeland Security Act which created a new FOIA exemption. The act exempts from disclosure Critical infrastructure information (including the identity of the submitting person or entity) that is voluntarily submitted to a covered Federal agency for use by that agency regarding the security of critical infrastructure and protected systems, analysis, warnings, or other informational purpose.

The term “critical infrastructure” means systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters. The definition left open to argument what systems and assets are so crucial that their destruction would have a debilitating impact on the security of the country.

The offeror must mark proprietary information appropriately. In the case of proposals submitted to DHS, the offeror must include the following legend (for written information):

This information is voluntarily submitted to the federal government in expectation of protection from disclosure as provided by the provisions of

the Critical Infrastructure Information Act of 2002.

For information submitted verbally, the submitter must provide a written statement regarding the expectation of nondisclosure within a reasonable period following the verbal communication.

Exemption for CRADA Information

Another exemption relevant to protecting proprietary information relates to Cooperative Research and Development Agreements, or CRADAs. A CRADA is an agreement between a federal laboratory and a private party to engage in joint research and development efforts. The exemption does not specifically protect information submitted in a proposal, but rather precludes the disclosure of trade secrets or commercial or confidential financial information that is obtained by the government pursuant to a CRADA.

Debriefings

Another event in the competitive bidding process that poses some risk for the disclosure of an offeror’s proposal data is the post-award debriefing of offerors. By law, any successful offeror that has received notification of a contract award may request a debriefing by the agency. The debriefing provides the offeror information, including the overall evaluated cost and technical ranking of awardees, and a summary of the rationale for the award decision. The debriefing is not to reveal information protected from disclosure under FOIA including trade secrets, privilege or confidential manufacturing processes and techniques, and commercial and financial information that is privileged or confidential including cost breakdowns, profit, indirect cost rate, and similar information.

Enforcing Your Rights

If a federal government agency and an offeror wants to release proprietary information to competitors or the general public, an offeror’s can file an action in federal district court seeking an injunction against the release of its proprietary data by the federal agency. The offeror must establish that release of the information would be in violation of a statutory or regulatory provision, such as the Trade Secrets Act, the Procurement Integrity Act, or the FOIA exemption for the trade secret and confidential commercial and financial information. If upheld, the agency will likely be prohibited from disclosing the information.

Conclusion

Offering to do business with the government frequently involves the submission of proprietary information to the government. It is critical that prospective contractors be cognizant of what the government’s rights and obligations are with respect to that information, as well as the steps that offerors must take to protect that information. Of course, protecting information at the proposal stage is only the beginning—once a company actually contracts with the government, a whole different set of rules