[Federal Register Volume 62, Number 138 (Friday, July 18, 1997)]
[Rules and Regulations]
[Pages 38476-38478]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 97-18971]
-----------------------------------------------------------------------
ENVIRONMENTAL PROTECTION AGENCY
48 CFR Parts 1535 and 1552
[FRL-5860-6]
Acquisition Regulation: Removal of Certification Requirements
Regarding Collection, Use, Access, Treatment, and Disclosure of
Confidential Business Information (CBI)
AGENCY: Environmental Protection Agency.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The Environmental Protection Agency (EPA) is amending the
Environmental Protection Agency Acquisition Regulation (EPAAR) (48 CFR
Chapter 15) by removing certification requirements regarding the
collection, use, access, treatment, and disclosure of confidential
business information (CBI) which are not specifically imposed by
statute, and to
[[Page 38477]]
amend CBI clauses to remove such certification requirements.
Existing contract clauses for the protection of CBI submitted
pursuant to the Federal Insecticide, Fungicide and Rodenticide Act
(FIFRA) and the Toxic Substances Control Act (TSCA) are amended to
mandate that prior to receipt of FIFRA CBI and TSCA CBI by the
contractor, the contractor will ensure that their employees have read
and are familiar with the handling, control, and data security
requirements without the need for a certification. This accomplishes
the objective of the certifications.
EFFECTIVE: August 18, 1997.
FOR FURTHER INFORMATION CONTACT: Paul Schaffer at (202) 260-9032.
SUPPLEMENTARY INFORMATION:
A. Statutory Authority
Section 4301(b) of the Clinger-Cohen Act of 1996 (formerly the
Federal Acquisition Reform Act of 1996--``FARA'') requires agencies to
remove all non-statutory certifications from their acquisition
regulation, unless the head of the agency approves a justification for
the retention of a certification requirement. The basis for the
justification must be that there is no less burdensome means for
administering and enforcing the certification requirement.
The following two non-statutory certification requirements are
removed:
1. 48 CFR 1552.235-72 Control and Security of Federal Insecticide,
Fungicide, and Rodenticide Act (FIFRA) Confidential Business
Information (Apr 1996).
2. 48 CFR 1552.235-74 Control and Security of Toxic Substances
Control Act (TSCA) Confidential Business Information (Apr. 1996).
B. Background
The proposed rule was published in the Federal Register (61 FR
55126) on October 24, 1996, providing for a 60-day comment period.
Interested persons have been afforded an opportunity to participate in
the making of this rule. Due consideration has been given to the five
comments received. The following is a summary of each comment received
and the Agency's disposition of these comments.
1. Comment: The certification should be retained since there is no
less burdensome means for administering and enforcing the protection of
CBI.
EPA disagrees with this comment. Amending existing contract clauses
to require that the contractor ensure that its employees have read and
are familiar with the handling, control, and data security requirements
is a less burdensome means of achieving such familiarity. The
contractor would still be bound by the terms of the contract to ensure
that its employees have read and are familiar with the security
requirements. Moreover, existing statutory criminal penalties for
unauthorized disclosure of CBI are unaffected by this change.
2. Comment: The requirement for a person's signature certifying
compliance with EPA data security procedures will in fact cause
individuals to be more aware of and diligent in their adherence to
EPA's requirements for handling CBI.
EPA disagrees with this comment. In fact, under both the TSCA and
FIFRA security manuals, contractor (as well as Federal) employees given
access to CBI are required to sign an agreement to adhere to those
procedures.
3. Comment: The proposed elimination of CBI certifications should
not be contemplated at this time in light of EPA's potential loss of
approximately 200 TSCA CBI documents by an Agency contractor.
EPA disagrees with this comment. The Agency is currently reviewing
the circumstances surrounding the unaccounted for documents. However,
the subject of the certification at issue is unrelated to the document
processing procedures under review.
4. Comment: The retention of a signed certification by contractors
will make it easier for EPA to meet its data security goals.
See response to comment 1.
5. Comment: Without proper CBI protections, companies will not be
willing to initiate new product development. EPA has an obligation
under TSCA and FIFRA to protect CBI.
EPA, for the reasons discussed in the response to comment 1, does
not believe that this change will result in the lack of proper
protection of CBI.
EPA has not changed the final rule from the proposed rule as a
result of these comments.
C. Executive Order 12866
This is not a significant regulatory action for the purposes of
Executive Order 12866; therefore, no review was required by the Office
of Information and Regulatory Affairs.
D. Paperwork Reduction Act
This rule does not contain information collection requirements that
require the approval of OMB under the Paperwork Reduction Act of 1980
(44 U.S.C. 3501 et seq.)
E. Regulatory Flexibility Act
EPA certifies that this rule does not exert a significant economic
impact on a substantial number of small entities, pursuant to the
requirements of the Regulatory Flexibility Act (5 U.S.C. 601 et seq.).
This rule imposes no reporting, record-keeping, or any compliance
costs. Therefore, no regulatory flexibility analysis was prepared.
F. Submission to Congress and the General Accounting Office
This action is not a major rule as defined by 5 U.S.C. 804(2).
Pursuant to 5 U.S.C. 801(a)(1)(A), EPA submitted this action to the
U.S. Senate, the U.S. House of Representatives and the Comptroller
General prior to its publication in today's Federal Register.
G. Unfunded Mandates Reform Act
Title II of the Unfunded Mandates Reform Act of 1995 (UMRA), Pub.
L. 104-4, establishes requirements for Federal agencies to assess the
effects of certain regulatory actions on State, local, and tribal
governments and the private sector, and to seek input from State,
local, and tribal governments on certain regulatory actions. Because
this rule removes rather than adds regulatory requirements, EPA has
determined that this action does not contain a Federal mandate that may
result in expenditures of $100 million or more for State, local, and
tribal governments, in the aggregate, or the private sector in any one
year. Therefore, this action is not subject to the requirements of
sections 202 and 205 of the UMRA. The requirements of sections 203 and
204 of UMRA which relate to regulatory requirements that might
significantly or uniquely affect small governments and to regulatory
proposals that contain a significant Federal intergovernmental mandate,
respectively, also do not apply to today's rule.
List of Subjects in 48 CFR Parts 1535 and 1552
Government procurement.
Therefore, 48 CFR Chapter 15 is amended as set forth below:
1. The authority citations for Parts 1535 and 1552 continue to read
as follows:
Authority: Sec. 205(c), 63 stat. 390, as amended, 40 U.S.C.
486(c).
2. Section 1535.007 is revised to read as follows:
1535.007 Solicitations.
(a) Contracting officers shall insert 48 CFR 1552.235-73, Access to
Federal Insecticide, Fungicide, and Rodenticide Act Confidential
Business Information, in all solicitations when the contracting officer
has determined that EPA may furnish the contractor with confidential
[[Page 38478]]
business information which EPA had obtained from third parties under
the Federal Insecticide, Fungicide, and Rodenticide Act (7 U.S.C. 136
et seq.).
(b) Contracting officers shall insert 48 CFR 1552.235-75, Access to
Toxic Substances Control Act Confidential Business Information, in all
solicitations when the contracting officer has determined that EPA may
furnish the contractor with confidential business information which EPA
had obtained from third parties under the Toxic Substances Control Act
(15 U.S.C. 2601 et seq.).
1552.235-72 and 1552.235-74 [Removed and Reserved]
3. Sections 1552.235-72 and 1552.235-74 are removed and reserved.
4. Section 1552.235-77 is amended by revising the section heading
and clause heading dates to read ``June 1997'' and by revising
paragraph (a)(3) to read as follows:
1552.235-77 Data Security for Federal Insecticide, Fungicide and
Rodenticide Act Confidential Business Information (June 1997)
* * * * *
(a) * * *
(3) Prior to receipt of FIFRA CBI by the Contractor, the Contractor
shall ensure that all employees who will be cleared for access to FIFRA
CBI have been briefed on the handling, control, and security
requirements set forth in the FIFRA Information Security Manual.
* * * * *
5. Section 1552.235-78 is amended by revising the section heading
and clause heading dates to read ``June 1977'' and by revising
paragraph (a)(1) to read as follows:
1552.235-78 Data Security for Toxic Substances Control Act
Confidential Business Information (June 1997)
(a) * * *
(1) The Contractor and Contractor's employees shall follow the
security procedures set forth in the TSCA CBI Security Manual. The
manual may be obtained from the Director, Information Management
Division (IMD), Office of Pollution Prevention and Toxics (OPPT), U.S.
Environmental Protection Agency (EPA), 401 M Street, SW, Washington, DC
20460. Prior to receipt of TSCA CBI by the Contractor, the Contractor
shall ensure that all employees who will be cleared for access to TSCA
CBI have been briefed on the handling, control, and security
requirements set forth in the TSCA CBI Security Manual.
* * * * *
Dated: July 7, 1997.
Betty L. Bailey,
Director, Office of Acquisition Management.
[FR Doc. 97-18971 Filed 7-17-97; 8:45 am]
BILLING CODE 6560-50-P