[Federal Register Volume 62, Number 138 (Friday, July 18, 1997)]
[Rules and Regulations]
[Pages 38476-38478]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 97-18971]


-----------------------------------------------------------------------

ENVIRONMENTAL PROTECTION AGENCY

48 CFR Parts 1535 and 1552

[FRL-5860-6]


Acquisition Regulation: Removal of Certification Requirements 
Regarding Collection, Use, Access, Treatment, and Disclosure of 
Confidential Business Information (CBI)

AGENCY: Environmental Protection Agency.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Environmental Protection Agency (EPA) is amending the 
Environmental Protection Agency Acquisition Regulation (EPAAR) (48 CFR 
Chapter 15) by removing certification requirements regarding the 
collection, use, access, treatment, and disclosure of confidential 
business information (CBI) which are not specifically imposed by 
statute, and to

[[Page 38477]]

amend CBI clauses to remove such certification requirements.
    Existing contract clauses for the protection of CBI submitted 
pursuant to the Federal Insecticide, Fungicide and Rodenticide Act 
(FIFRA) and the Toxic Substances Control Act (TSCA) are amended to 
mandate that prior to receipt of FIFRA CBI and TSCA CBI by the 
contractor, the contractor will ensure that their employees have read 
and are familiar with the handling, control, and data security 
requirements without the need for a certification. This accomplishes 
the objective of the certifications.

EFFECTIVE: August 18, 1997.

FOR FURTHER INFORMATION CONTACT: Paul Schaffer at (202) 260-9032.

SUPPLEMENTARY INFORMATION:

A. Statutory Authority

    Section 4301(b) of the Clinger-Cohen Act of 1996 (formerly the 
Federal Acquisition Reform Act of 1996--``FARA'') requires agencies to 
remove all non-statutory certifications from their acquisition 
regulation, unless the head of the agency approves a justification for 
the retention of a certification requirement. The basis for the 
justification must be that there is no less burdensome means for 
administering and enforcing the certification requirement.
    The following two non-statutory certification requirements are 
removed:
    1. 48 CFR 1552.235-72 Control and Security of Federal Insecticide, 
Fungicide, and Rodenticide Act (FIFRA) Confidential Business 
Information (Apr 1996).
    2. 48 CFR 1552.235-74 Control and Security of Toxic Substances 
Control Act (TSCA) Confidential Business Information (Apr. 1996).

B. Background

    The proposed rule was published in the Federal Register (61 FR 
55126) on October 24, 1996, providing for a 60-day comment period. 
Interested persons have been afforded an opportunity to participate in 
the making of this rule. Due consideration has been given to the five 
comments received. The following is a summary of each comment received 
and the Agency's disposition of these comments.
    1. Comment: The certification should be retained since there is no 
less burdensome means for administering and enforcing the protection of 
CBI.
    EPA disagrees with this comment. Amending existing contract clauses 
to require that the contractor ensure that its employees have read and 
are familiar with the handling, control, and data security requirements 
is a less burdensome means of achieving such familiarity. The 
contractor would still be bound by the terms of the contract to ensure 
that its employees have read and are familiar with the security 
requirements. Moreover, existing statutory criminal penalties for 
unauthorized disclosure of CBI are unaffected by this change.
    2. Comment: The requirement for a person's signature certifying 
compliance with EPA data security procedures will in fact cause 
individuals to be more aware of and diligent in their adherence to 
EPA's requirements for handling CBI.
    EPA disagrees with this comment. In fact, under both the TSCA and 
FIFRA security manuals, contractor (as well as Federal) employees given 
access to CBI are required to sign an agreement to adhere to those 
procedures.
    3. Comment: The proposed elimination of CBI certifications should 
not be contemplated at this time in light of EPA's potential loss of 
approximately 200 TSCA CBI documents by an Agency contractor.
    EPA disagrees with this comment. The Agency is currently reviewing 
the circumstances surrounding the unaccounted for documents. However, 
the subject of the certification at issue is unrelated to the document 
processing procedures under review.
    4. Comment: The retention of a signed certification by contractors 
will make it easier for EPA to meet its data security goals.
    See response to comment 1.
    5. Comment: Without proper CBI protections, companies will not be 
willing to initiate new product development. EPA has an obligation 
under TSCA and FIFRA to protect CBI.
    EPA, for the reasons discussed in the response to comment 1, does 
not believe that this change will result in the lack of proper 
protection of CBI.
    EPA has not changed the final rule from the proposed rule as a 
result of these comments.

C. Executive Order 12866

    This is not a significant regulatory action for the purposes of 
Executive Order 12866; therefore, no review was required by the Office 
of Information and Regulatory Affairs.

D. Paperwork Reduction Act

    This rule does not contain information collection requirements that 
require the approval of OMB under the Paperwork Reduction Act of 1980 
(44 U.S.C. 3501 et seq.)

E. Regulatory Flexibility Act

    EPA certifies that this rule does not exert a significant economic 
impact on a substantial number of small entities, pursuant to the 
requirements of the Regulatory Flexibility Act (5 U.S.C. 601 et seq.). 
This rule imposes no reporting, record-keeping, or any compliance 
costs. Therefore, no regulatory flexibility analysis was prepared.

F. Submission to Congress and the General Accounting Office

    This action is not a major rule as defined by 5 U.S.C. 804(2). 
Pursuant to 5 U.S.C. 801(a)(1)(A), EPA submitted this action to the 
U.S. Senate, the U.S. House of Representatives and the Comptroller 
General prior to its publication in today's Federal Register.

G. Unfunded Mandates Reform Act

    Title II of the Unfunded Mandates Reform Act of 1995 (UMRA), Pub. 
L. 104-4, establishes requirements for Federal agencies to assess the 
effects of certain regulatory actions on State, local, and tribal 
governments and the private sector, and to seek input from State, 
local, and tribal governments on certain regulatory actions. Because 
this rule removes rather than adds regulatory requirements, EPA has 
determined that this action does not contain a Federal mandate that may 
result in expenditures of $100 million or more for State, local, and 
tribal governments, in the aggregate, or the private sector in any one 
year. Therefore, this action is not subject to the requirements of 
sections 202 and 205 of the UMRA. The requirements of sections 203 and 
204 of UMRA which relate to regulatory requirements that might 
significantly or uniquely affect small governments and to regulatory 
proposals that contain a significant Federal intergovernmental mandate, 
respectively, also do not apply to today's rule.

List of Subjects in 48 CFR Parts 1535 and 1552

    Government procurement.

    Therefore, 48 CFR Chapter 15 is amended as set forth below:
    1. The authority citations for Parts 1535 and 1552 continue to read 
as follows:

    Authority: Sec. 205(c), 63 stat. 390, as amended, 40 U.S.C. 
486(c).

    2. Section 1535.007 is revised to read as follows:


1535.007  Solicitations.

    (a) Contracting officers shall insert 48 CFR 1552.235-73, Access to 
Federal Insecticide, Fungicide, and Rodenticide Act Confidential 
Business Information, in all solicitations when the contracting officer 
has determined that EPA may furnish the contractor with confidential

[[Page 38478]]

business information which EPA had obtained from third parties under 
the Federal Insecticide, Fungicide, and Rodenticide Act (7 U.S.C. 136 
et seq.).
    (b) Contracting officers shall insert 48 CFR 1552.235-75, Access to 
Toxic Substances Control Act Confidential Business Information, in all 
solicitations when the contracting officer has determined that EPA may 
furnish the contractor with confidential business information which EPA 
had obtained from third parties under the Toxic Substances Control Act 
(15 U.S.C. 2601 et seq.).


1552.235-72 and 1552.235-74  [Removed and Reserved]

    3. Sections 1552.235-72 and 1552.235-74 are removed and reserved.
    4. Section 1552.235-77 is amended by revising the section heading 
and clause heading dates to read ``June 1997'' and by revising 
paragraph (a)(3) to read as follows:


1552.235-77  Data Security for Federal Insecticide, Fungicide and 
Rodenticide Act Confidential Business Information (June 1997)

* * * * *
    (a) * * *
    (3) Prior to receipt of FIFRA CBI by the Contractor, the Contractor 
shall ensure that all employees who will be cleared for access to FIFRA 
CBI have been briefed on the handling, control, and security 
requirements set forth in the FIFRA Information Security Manual.
* * * * *
    5. Section 1552.235-78 is amended by revising the section heading 
and clause heading dates to read ``June 1977'' and by revising 
paragraph (a)(1) to read as follows:


1552.235-78  Data Security for Toxic Substances Control Act 
Confidential Business Information (June 1997)

    (a) * * *
    (1) The Contractor and Contractor's employees shall follow the 
security procedures set forth in the TSCA CBI Security Manual. The 
manual may be obtained from the Director, Information Management 
Division (IMD), Office of Pollution Prevention and Toxics (OPPT), U.S. 
Environmental Protection Agency (EPA), 401 M Street, SW, Washington, DC 
20460. Prior to receipt of TSCA CBI by the Contractor, the Contractor 
shall ensure that all employees who will be cleared for access to TSCA 
CBI have been briefed on the handling, control, and security 
requirements set forth in the TSCA CBI Security Manual.
* * * * *
    Dated: July 7, 1997.
Betty L. Bailey,
Director, Office of Acquisition Management.
[FR Doc. 97-18971 Filed 7-17-97; 8:45 am]
BILLING CODE 6560-50-P