C ontractor access to sensitive information l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 33

C ontractor Access to Sensitive Information PowerPoint PPT Presentation


  • 195 Views
  • Uploaded on
  • Presentation posted in: General

C ontractor Access to Sensitive Information . Background. For years contractors have submitted sensitive information in responding to NASA solicitations. Similarly, contractors have submitted sensitive information in performing contracts. Background.

Download Presentation

C ontractor Access to Sensitive Information

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


C ontractor access to sensitive information l.jpg

Contractor Access to Sensitive Information


Background l.jpg

Background

  • For years contractors have submitted sensitive information in responding to NASA solicitations.

  • Similarly, contractors have submitted sensitive information in performing contracts.


Background3 l.jpg

Background

  • Traditionally, only government employees have received, analyzed, and used contractor submissions.

  • Federal felony for government employees to disclose sensitive information to unauthorized people/entities.


Background4 l.jpg

Background

  • Felony protection of sensitive came from the Trade Secrets Act.

    • Applies only to government employees.

    • Prohibits government employees from disclosing “trade secrets” to unauthorized parties.

  • Threat of felony prosecution gave contractors confidence to submit sensitive information.


Background5 l.jpg

Background

  • Statute defined “Trade Secret” broadly:

    • Information on processes, operations, style of work, amount or source of income, profits, losses, or expenditures.

  • Defined prohibition vaguely:

    • Government employees may not disclose “to any extent not authorized by law.”


Background6 l.jpg

Background

  • Apparent assumptions behind Trade Secrets Act:

    • Except when authorized by law, one contractor should not have access to another’s sensitive information.

    • Property law has always authorized owner to consent to disclosure.


Background7 l.jpg

Background

  • FAR 9.505-4 implements these concepts for government procurement.

    • Classifies access to another contractor’s information as organizational conflict of interest.

    • Requires specific parties to resolve conflict before disclosure can occur.


Background8 l.jpg

Background

  • Owner and contractor receiving access must agree in writing on disclosure.

  • Contracting officer must obtain copy of terms and ensure properly executed.

  • Maintain in contract file.


Background9 l.jpg

Background

  • Implicitly, FAR 9.505-4 assumed situation would arise rarely.

  • Labor-intensive, formal process.

  • Parties must be known in advance and willing to agree on terms of disclosure.


Background10 l.jpg

Background

  • In procurement context, FAR 9.505-4 assumes:

    • Contractor has been selected to perform specific tasks using identified data.

    • Owner is willing to allow identified party controlled access for specific purposes.


Background11 l.jpg

Background

  • Implicit dynamics behind FAR 9.505-4:

    • Before any disclosure occurs, owner receives notice.

    • Notice allows owner to reject disclosure.

    • Or, owner can control use of information and impose protection procedures.


Background12 l.jpg

Background

  • FAR 9.505-4 stayed same since 1984.

  • Since then, practical realities and policy shifts have changed procurement environment.


Background13 l.jpg

Background

  • Practical pressures for change:

    • Significant downsizing of government.

    • Agencies must still support activities and functions.


Background14 l.jpg

Background

  • Policy pressures for change:

    • “Competitive Sourcing” initiative drives agencies to private sector for support.

    • Exception for “Inherently governmental functions” limited to establishing policy and spending tax dollars.


Proposed solution l.jpg

Proposed Solution

  • FAR 9.505-4 not adequate for NASA in today’s environment.

  • Would require multiple, inter-related protection agreements.

  • At time when parties, needed information, and type of protections are all unknown.


Proposed solution16 l.jpg

Proposed Solution

  • FAR 9.503 allows agency head to waive any conflict of interest rule.

  • Requires written finding why compliance is not in the Government’s interest.

  • NASA waived FAR 9.505-4 consistent with above discussion.


Proposed solution17 l.jpg

Proposed Solution

  • Waiver will allow NASA to pursue broad competition among service providers to support activities and functions.

  • Developed self-executing system of procurement policy, procedures, and clauses.

    • Flexible to cover full range of operations.

    • Provides sufficient protection of information.


Proposed solution18 l.jpg

Proposed Solution

  • New system recognizes NASA can define only services needed.

  • Exact information necessary to provide support may not be known in advance.

  • To provide support, must have access to all necessary information.


Proposed solution19 l.jpg

Proposed Solution

  • Owning contractors may fear access could compromise competitive positions.

  • Narrowing definition of “sensitive information” could allay fear of compromise.

  • Yet, narrow definition may block service provider from performing needed support.


Proposed solution20 l.jpg

Proposed Solution

  • As alternative, NASA will use reciprocal clauses to address:

    • Cannot identify service provider before award.

    • Cannot define precise information needed to perform support.

  • One clause= access with commitments.

  • One clause= consent with defined protections.


Proposed solution21 l.jpg

Proposed Solution

  • “Access to Sensitive Information” clause: in any contract to perform support that may need access to sensitive information.

  • “Release of Sensitive Information” clause: in all contracts to document consent to release information needed by service provider.


Proposed solution22 l.jpg

Proposed Solution

  • “Access” clause: limits extent of information necessary to perform specified services.

  • “Release” clause: allows access only to information needed to perform specified services.


Proposed solution23 l.jpg

Proposed Solution

  • “Access” clause: service provider must keep information in own organization and train employees in protection procedures.

  • “Release” clause: to get access, service provider’s contract must contain “Access” clause.


Proposed solution24 l.jpg

Proposed Solution

  • “Access” clause: employees must provide written affirmations training was received.

  • “Release” clause: access to information conditioned on affirmations about training.


Proposed solution25 l.jpg

Proposed Solution

  • “Access” clause: service provider agrees to monitor compliance, report breaches, and take corrective actions.

  • “Release” clause: conditions access to information on service provider agreeing to monitor, report, and correct.


Proposed solution26 l.jpg

Proposed Solution

  • “Access” clause: use information only for specified services, prevent unauthorized uses, and limit use to those who need it.

  • “Release” clause: recognizes access for limited uses, subject to safeguards, and only as needed to perform services.


Proposed solution27 l.jpg

Proposed Solution

  • “Release” clause: owning contractor shall identify sensitive information entitled to protection.

  • “Release” clause: contracting officer shall evaluate claims that information is sensitive.

  • “Release” clause: unless grounds to challenge claim, service provider will comply with protections.


Nasa final rule l.jpg

NASA Final Rule

  • After lengthy notice and comment process, publish final revisions to NASA FAR Supplement in June.

  • Just began using new approach, but in time seems likely to be workable solution.


Proposed far solution l.jpg

Proposed FAR Solution

  • DAR Council has now tasked Acquisition Law Team to consider FAR coverage.

  • Focus on enabling commercial support for government operations that require access to sensitive information.

  • Try to avoid intellectual property problems that have plagued FAR writers since 1984.


Proposed far solution30 l.jpg

Proposed FAR Solution

  • Case must specifically address how to deal with FAR 9.505-4.

  • Coverage to consider recognized organizational conflict of interest.

  • FAR could leave to agency discretion whether to waive.


Proposed far solution31 l.jpg

Proposed FAR Solution

  • FAR definition of “sensitive information” may need expressly to exclude “technical data,” as discussed in FAR Part 27.

  • Main focus of coverage is financial and administrative information.

  • NASA left definition broad in case access to technical data needed by service provider supporting source selections.


Proposed far solution32 l.jpg

Proposed FAR Solution

  • Except for one industry association, NASA coverage did not elicit many comments.

  • Proposed FAR coverage likely to get more attention during public comment phase.


Proposed far solution33 l.jpg

Proposed FAR Solution

  • FAR touches much broader spectrum of interest groups.

  • Agency concerns with technical data issues have varied for years.

  • Vocal and diverse interest groups should improve quality and precision of coverage.


  • Login