Data security brochure

proprietary_data_brochure.pdf

Consolidated Consumers' Report (Form 9-4117-MA)

Data security brochure

OMB: 1028-0070

Document [pdf]
Download: pdf | pdf
fied. The response to the FOIA request will be finalized with
the Primary Office of Control and the Office of the Solicitor,
as appropriate.
HOW SHOULD PROPRIETARY INFORMATION BE
MARKED
All proprietary data sent to the USGS from an industry, company, government agency, and so on should be forwarded immediately to the appropriate Primary Office of Control for marking. The cover page, if there is one, and the first and last page of
a proprietary document should be marked conspicuously using
one of the following four wordings: “Proprietary—For U.S.
Government Use Only,” “Company Proprietary Information,”
“Proprietary Data,” or “Proprietary Information.”
HOW SHOULD PROPRIETARY INFORMATION BE
STORED?
Proprietary information should be stored as follows:
• In a secured room with unsecured proprietary information.
A work or storage room that can be locked can be used as a
repository for proprietary information. Within such a room,
proprietary information may be left unsecured, as long as either an individual responsible for the information is present or
the room is locked.
• In a unsecured room with secured proprietary information. If
a secured room is not available, proprietary information can be
stored in an unsecured room, but when left unattended by the
responsible individual, the proprietary data must be secured in
locked containers.

FURTHER INFORMATION
All USGS personnel who have access to proprietary data must
be familiar with the proper handling of such material. The policy
for handling and storing proprietary data is stated in the USGS
Manual chapter “Safeguard and Release of U.S. Geological Survey Data and Information, SM 500.14.” This is available from the
Security Management Office, telephone (703) 648-4467. More
detailed, definitive, hands-on procedures for collecting, monitoring, and handling proprietary data are contained in the USGS
Statistical Standards, which is available from the Statistics and
Information Systems Section, National Minerals Information
Center, telephone (703) 648-4914. Inquiries on proprietary data
received from outside the USGS under a FOIA request are to be
transmitted to the FOIA Officer at Mail Stop 807, or telephone
(703) 648-7196. However, FOIA responses must be made and
approved by the USGS organization that originally collected the
data. The publication of minerals data is based on aggregation
of statistics directly related to the number of companies that respond to USGS canvasses, in addition to a yes-or-no response
to the release of individual company proprietary data where it
appears on USGS canvass forms. Another way to make a request
regarding publication of mineral statistics is to write to:
Chief, Data Collection and Analysis Group
National Minerals Information Center
U.S. Geological Survey
985 National Center
Reston, VA 20192

WHO CONTROLS ACCESS TO PROPRIETARY INFORMATION?

How They Are Protected
at the U.S. Geological Survey
The U.S. Geological Survey (USGS) is the world’s premier
source of information about minerals. The USGS gets the majority of domestic minerals information from thousands of mineral industry companies (domestic producers and consumers)
in written or electronic responses to surveys or in telephone
conversations. This information is supplied by the companies
in response to surveys on a voluntary basis, and much of it is
proprietary in nature. The USGS is required by law to protect
proprietary information from unauthorized disclosure.
WHAT IS PROPRIETARY INFORMATION?
Proprietary information is sensitive, usually commercially
valuable business data, such as geologic findings, production
figures, and consumption projections. Such information is vital
to the USGS mission, and its unauthorized disclosure can cause
irreparable harm to the companies that provided it and to the
USGS’s ability to continue to collect it.
WHAT ARE SOME EXAMPLES?
Proprietary information includes:

Only the Primary Office of Control, the USGS office that receives the proprietary information directly from the originating
source, can release the information to a requesting office. Proprietary information can be released only on a justified needto-know basis. Any office to which proprietary information
is released is designated as a Secondary Office of Control and
must adhere to the same disclosure standards as the Primary
Office of Control. The Secondary Office of Control must return
all existing materials, extracts, and copies to the Primary Office
of Control unless written permission is obtained to dispose of
the material in another manner. A transmittal of sensitive (nonreleasable) proprietary minerals data form filled out and signed
is required to obtain minerals data.

(5)

Proprietary Data

• Any information that is prohibited from release by statute,
such as trade secrets, processes, and operations.
• Information gathered by the USGS under the requirements
of law or for the purpose of evaluating any facet of a resource
program and capable of causing substantial competitive harm
to the subject persons, companies, or corporations. Examples
include information about income, profits, losses, and expenditures.
• All numeric and nonnumeric information provided by an individual company on a USGS canvass form, either paper or electronic, or by telephone or other means in lieu of canvass forms.

(6)

(1)

This includes information used only for internal processing.
WHAT DETERMINES HOW PROPRIETARY DATA
ARE TREATED?
Proprietary canvass forms. USGS canvass forms contain a
proprietary data banner that describes the treatment of the company data collected. Forms include questions to determine if
proprietary data may be released under certain conditions.
Disclosure analysis. Before specific statistics can be published,
a determination must be made as to whether the publication
would result in the disclosure of proprietary data. Three mandatory steps must be followed and the results reviewed to ensure proper protection of proprietary data:
1. The Rule of Three. There must be three or more companies
contributing to an aggregated statistic in order to publish that
statistic; if fewer than three companies contribute to a mineral
statistic, all must respond “yes” to the proprietary disclosure
statement on the survey form for those data to be published.
2. The Dominant Company Principle. If the minerals statistic
under consideration meets the “Rule of Three,” and no one
company contributes more than 75 percent of the total, and no
two companies contribute more than 90 percent, then the figure
can be published, depending on responses to disclosure statements.
3. Review of Tables. Publication tables must be reviewed to
ensure that totals that have been withheld to prevent disclosure
of individual company proprietary data cannot be calculated
from other data in the table. Additional totals in the table may
be designated as withheld to avoid this kind of disclosure.
WHAT HAPPENS IF PROPRIETARY DATA ARE DISCLOSED TO UNAUTHORIZED INDIVIDUALS?
All USGS facilities are required to conform to strict security
standards for proprietary information. Stringent action may be
taken against any USGS employee who improperly discloses
proprietary data. Under title 18, section 1905 of the U.S. Code,
such disclosure is a Federal offense with penalties including
a fine of more than $1,000, imprisonment for not more than 1
year, or both, and removal from employment.
WHO IS RESPONSIBLE FOR PROTECTION OF PROPRIETARY DATA?
Heads of Organizations at headquarters and in the field are responsible for ensuring that offices under their jurisdiction ad-

(2)

here to the regulations for proprietary data, maintaining secure
facilities, and designating Proprietary Information Custodians.
The USGS Security Officer is responsible for developing USGS
security policy for the protection of proprietary information,
evaluating compliance with that policy, providing guidance and
assistance to USGS personnel concerning the security of proprietary information, and issuing refresher bulletins and memoranda to maintain employee awareness of the importance of appropriate handling of proprietary information.
The USGS Information Resources Security Administrator is responsible for ensuring that adequate safeguards are established
to protect all automated proprietary information from damage,
destruction, alteration, or misappropriation.
The Proprietary Information Custodian is responsible for ensuring that proprietary information is handled in a way that protects
against unauthorized disclosure, security procedures are adequate, disclosure analysis has been performed and appropriate
marking of tabulations and other documents has been accomplished, transmittal of proprietary information is to authorized
recipients only, and the recipients are given explicit instructions
on the handling and disposition of the documents and the applicable penalties for unauthorized disclosure.
Supervisors are responsible for ensuring that proprietary data
released to their organization are safeguarded according to
USGS regulations. Supervisors must see to it that all employees
are provided the written guidance in the USGS Manual chapter
“Safeguard and Release of U.S. Geological Survey Data and Information, SM 500.14,” and the USGS Statistical Standards, that
subordinates understand their responsibilities for safeguarding
proprietary information and applicable penalties under Federal
law, that proprietary information received or generated by their
organization is marked correctly, and that employees directly
involved receive refresher training periodically.
Individual USGS employees are responsible for the security of
proprietary information in their physical custody and for handling such material in accordance with USGS regulations.
Contracting Officers are responsible for ensuring that proprietary information security standards, requirements, and procedures are incorporated into contractual agreements where
contractors will be handling proprietary information. Security
policy applies equally to USGS contractors and subcontractors.
Contracting Officer’s Technical Representatives are responsible
for advising contracting officers of the need to address the handling of proprietary information in contract documentation and
any associated contractor-related security problems.

(3)

Contractors with access to USGS proprietary information are
responsible for designating an employee as a security supervisor for proprietary information, limiting the number of contract
employees that require access to the proprietary information to
the minimum necessary, and ensuring that contract employees
understand their responsibilities for safeguarding proprietary
information and the applicable penalties under Federal law.
IS PROPRIETARY INFORMATION COVERED BY THE
FREEDOM OF INFORMATION ACT (FOIA)?
Yes, but there are bases for exempting some proprietary information from responses to FOIA requests.
WHAT KINDS OF PROPRIETARY DATA ARE EXEMPT
FROM FOIA REQUESTS?
The law lists nine exemptions that can serve as a basis for withholding information from a FOIA request. Two are particularly
applicable to proprietary records received by the USGS:
• Exemption (b) (4) protects trade secrets and commercial or
financial information that was obtained from a person and is
privileged or of a confidential nature.
• Exemption (b) (9) protects geologic and geophysical information, including ore reserve information and maps, that was
obtained from a person and is privileged or of a confidential
nature.
WHERE CAN WE GET HELP IN HANDLING FOIA REQUESTS?
The FOIA Officer provides advice, assistance, and coordination
for the administrative processing of responses to FOIA requests
by the responsible program offices and the Office of the Solicitor, as appropriate. USGS offices that have records responsive
to a request, including proprietary data, must submit a tentative
response and copies of the records to the FOIA Officer.
WHAT SHOULD BE INCLUDED IN A TENTATIVE RESPONSE TO A FOIA REQUEST?
A tentative response to a FOIA request should include the identity of the party with proprietary interest in the information; the
identification of any records that may be exempt from disclosure; and the basis for any proposed exemption and whether the
exemptions are mandatory or discretionary and, if discretionary, whether to withhold or release the records. Any portions of
the records that can be reasonably segregated must be identi-

(4)


File Typeapplication/pdf
File Modified2017-02-24
File Created2010-10-18

© 2024 OMB.report | Privacy Policy