[Federal Register Volume 62, Number 138 (Friday, July 18, 1997)] [Rules and Regulations] [Pages 38476-38478] From the Federal Register Online via the Government Publishing Office [www.gpo.gov] [FR Doc No: 97-18971] ----------------------------------------------------------------------- ENVIRONMENTAL PROTECTION AGENCY 48 CFR Parts 1535 and 1552 [FRL-5860-6] Acquisition Regulation: Removal of Certification Requirements Regarding Collection, Use, Access, Treatment, and Disclosure of Confidential Business Information (CBI) AGENCY: Environmental Protection Agency. ACTION: Final rule. ----------------------------------------------------------------------- SUMMARY: The Environmental Protection Agency (EPA) is amending the Environmental Protection Agency Acquisition Regulation (EPAAR) (48 CFR Chapter 15) by removing certification requirements regarding the collection, use, access, treatment, and disclosure of confidential business information (CBI) which are not specifically imposed by statute, and to [[Page 38477]] amend CBI clauses to remove such certification requirements. Existing contract clauses for the protection of CBI submitted pursuant to the Federal Insecticide, Fungicide and Rodenticide Act (FIFRA) and the Toxic Substances Control Act (TSCA) are amended to mandate that prior to receipt of FIFRA CBI and TSCA CBI by the contractor, the contractor will ensure that their employees have read and are familiar with the handling, control, and data security requirements without the need for a certification. This accomplishes the objective of the certifications. EFFECTIVE: August 18, 1997. FOR FURTHER INFORMATION CONTACT: Paul Schaffer at (202) 260-9032. SUPPLEMENTARY INFORMATION: A. Statutory Authority Section 4301(b) of the Clinger-Cohen Act of 1996 (formerly the Federal Acquisition Reform Act of 1996--``FARA'') requires agencies to remove all non-statutory certifications from their acquisition regulation, unless the head of the agency approves a justification for the retention of a certification requirement. The basis for the justification must be that there is no less burdensome means for administering and enforcing the certification requirement. The following two non-statutory certification requirements are removed: 1. 48 CFR 1552.235-72 Control and Security of Federal Insecticide, Fungicide, and Rodenticide Act (FIFRA) Confidential Business Information (Apr 1996). 2. 48 CFR 1552.235-74 Control and Security of Toxic Substances Control Act (TSCA) Confidential Business Information (Apr. 1996). B. Background The proposed rule was published in the Federal Register (61 FR 55126) on October 24, 1996, providing for a 60-day comment period. Interested persons have been afforded an opportunity to participate in the making of this rule. Due consideration has been given to the five comments received. The following is a summary of each comment received and the Agency's disposition of these comments. 1. Comment: The certification should be retained since there is no less burdensome means for administering and enforcing the protection of CBI. EPA disagrees with this comment. Amending existing contract clauses to require that the contractor ensure that its employees have read and are familiar with the handling, control, and data security requirements is a less burdensome means of achieving such familiarity. The contractor would still be bound by the terms of the contract to ensure that its employees have read and are familiar with the security requirements. Moreover, existing statutory criminal penalties for unauthorized disclosure of CBI are unaffected by this change. 2. Comment: The requirement for a person's signature certifying compliance with EPA data security procedures will in fact cause individuals to be more aware of and diligent in their adherence to EPA's requirements for handling CBI. EPA disagrees with this comment. In fact, under both the TSCA and FIFRA security manuals, contractor (as well as Federal) employees given access to CBI are required to sign an agreement to adhere to those procedures. 3. Comment: The proposed elimination of CBI certifications should not be contemplated at this time in light of EPA's potential loss of approximately 200 TSCA CBI documents by an Agency contractor. EPA disagrees with this comment. The Agency is currently reviewing the circumstances surrounding the unaccounted for documents. However, the subject of the certification at issue is unrelated to the document processing procedures under review. 4. Comment: The retention of a signed certification by contractors will make it easier for EPA to meet its data security goals. See response to comment 1. 5. Comment: Without proper CBI protections, companies will not be willing to initiate new product development. EPA has an obligation under TSCA and FIFRA to protect CBI. EPA, for the reasons discussed in the response to comment 1, does not believe that this change will result in the lack of proper protection of CBI. EPA has not changed the final rule from the proposed rule as a result of these comments. C. Executive Order 12866 This is not a significant regulatory action for the purposes of Executive Order 12866; therefore, no review was required by the Office of Information and Regulatory Affairs. D. Paperwork Reduction Act This rule does not contain information collection requirements that require the approval of OMB under the Paperwork Reduction Act of 1980 (44 U.S.C. 3501 et seq.) E. Regulatory Flexibility Act EPA certifies that this rule does not exert a significant economic impact on a substantial number of small entities, pursuant to the requirements of the Regulatory Flexibility Act (5 U.S.C. 601 et seq.). This rule imposes no reporting, record-keeping, or any compliance costs. Therefore, no regulatory flexibility analysis was prepared. F. Submission to Congress and the General Accounting Office This action is not a major rule as defined by 5 U.S.C. 804(2). Pursuant to 5 U.S.C. 801(a)(1)(A), EPA submitted this action to the U.S. Senate, the U.S. House of Representatives and the Comptroller General prior to its publication in today's Federal Register. G. Unfunded Mandates Reform Act Title II of the Unfunded Mandates Reform Act of 1995 (UMRA), Pub. L. 104-4, establishes requirements for Federal agencies to assess the effects of certain regulatory actions on State, local, and tribal governments and the private sector, and to seek input from State, local, and tribal governments on certain regulatory actions. Because this rule removes rather than adds regulatory requirements, EPA has determined that this action does not contain a Federal mandate that may result in expenditures of $100 million or more for State, local, and tribal governments, in the aggregate, or the private sector in any one year. Therefore, this action is not subject to the requirements of sections 202 and 205 of the UMRA. The requirements of sections 203 and 204 of UMRA which relate to regulatory requirements that might significantly or uniquely affect small governments and to regulatory proposals that contain a significant Federal intergovernmental mandate, respectively, also do not apply to today's rule. List of Subjects in 48 CFR Parts 1535 and 1552 Government procurement. Therefore, 48 CFR Chapter 15 is amended as set forth below: 1. The authority citations for Parts 1535 and 1552 continue to read as follows: Authority: Sec. 205(c), 63 stat. 390, as amended, 40 U.S.C. 486(c). 2. Section 1535.007 is revised to read as follows: 1535.007 Solicitations. (a) Contracting officers shall insert 48 CFR 1552.235-73, Access to Federal Insecticide, Fungicide, and Rodenticide Act Confidential Business Information, in all solicitations when the contracting officer has determined that EPA may furnish the contractor with confidential [[Page 38478]] business information which EPA had obtained from third parties under the Federal Insecticide, Fungicide, and Rodenticide Act (7 U.S.C. 136 et seq.). (b) Contracting officers shall insert 48 CFR 1552.235-75, Access to Toxic Substances Control Act Confidential Business Information, in all solicitations when the contracting officer has determined that EPA may furnish the contractor with confidential business information which EPA had obtained from third parties under the Toxic Substances Control Act (15 U.S.C. 2601 et seq.). 1552.235-72 and 1552.235-74 [Removed and Reserved] 3. Sections 1552.235-72 and 1552.235-74 are removed and reserved. 4. Section 1552.235-77 is amended by revising the section heading and clause heading dates to read ``June 1997'' and by revising paragraph (a)(3) to read as follows: 1552.235-77 Data Security for Federal Insecticide, Fungicide and Rodenticide Act Confidential Business Information (June 1997) * * * * * (a) * * * (3) Prior to receipt of FIFRA CBI by the Contractor, the Contractor shall ensure that all employees who will be cleared for access to FIFRA CBI have been briefed on the handling, control, and security requirements set forth in the FIFRA Information Security Manual. * * * * * 5. Section 1552.235-78 is amended by revising the section heading and clause heading dates to read ``June 1977'' and by revising paragraph (a)(1) to read as follows: 1552.235-78 Data Security for Toxic Substances Control Act Confidential Business Information (June 1997) (a) * * * (1) The Contractor and Contractor's employees shall follow the security procedures set forth in the TSCA CBI Security Manual. The manual may be obtained from the Director, Information Management Division (IMD), Office of Pollution Prevention and Toxics (OPPT), U.S. Environmental Protection Agency (EPA), 401 M Street, SW, Washington, DC 20460. Prior to receipt of TSCA CBI by the Contractor, the Contractor shall ensure that all employees who will be cleared for access to TSCA CBI have been briefed on the handling, control, and security requirements set forth in the TSCA CBI Security Manual. * * * * * Dated: July 7, 1997. Betty L. Bailey, Director, Office of Acquisition Management. [FR Doc. 97-18971 Filed 7-17-97; 8:45 am] BILLING CODE 6560-50-P