PROTECTING THE CONFIDENTIALITY OF PROPRIETARY
INFORMATION RECEIVED BY NIST
Sections
5.06.01
PURPOSE
This subchapter states the policy and procedure for protecting the
proprietary information received by NIST from external organizations or
persons. Proprietary information includes trade secrets, commercial, and
financial information submitted to NIST. Divulging or improperly using
such information without the express permission of the owner is a criminal
violation of the Trade Secrets Act (18 U.S.C. 1905).
5.06.02
SCOPE
a. This subchapter applies to all NIST employees.
b. The provisions of this subchapter are not applicable in instances
where proprietary information is received via a proposal process (e.g.,
ATP, MEPP, procurement, grants, and contracts) for announced competitions
for which special provisions apply.
5.06.03
POLICY
NIST encourages the exchange of scientific and technical information.
However, it is also NIST policy to decline the receipt of proprietary information
unless it is absolutely necessary. If the proprietary information is necessary,
parties must implement a Cooperative Research and Development Agreement
(CRADA) or Non-disclosure Agreement before proprietary information can
be received.
5.06.04
LEGAL AUTHORITY
18 U.S. C. 1905
5.06.05
RESPONSIBILITIES
NIST employees receiving proprietary information are responsible for
knowing whether it is considered proprietary by the provider. Consequently,
NIST employees must request advance notice of the possible disclosure of
an organization's proprietary information if a discussion and/or meeting
is to be held with the organization. If a CRADA or Non-disclosure Agreement
has not been signed, NIST employees should be prepared to decline receipt
of proprietary information (oral or written) and/or exit a meeting if the
organization insists on disclosing such information.
5.06.06
CONDITIONS FOR USE
a. A Non-disclosure Agreement should be in place prior to the receipt
of proprietary information by NIST employees from an external party. A
separate Non-disclosure Agreement is not needed by NIST project team members
to receive proprietary CRADA-related information from a CRADA partner.
The CRADA already provides for the protection of such information.
b. Whenever NIST enters into a non-disclosure agreement, it tries to put limits on what is considered to be proprietary information. For example, the following types of information are often defined as not being proprietary:
(1) Is in NIST's possession before receipt from the discloser;
(2) Is or becomes a matter of public knowledge through no fault of NIST;
(3) Is received by NIST from a third party without a duty of confidentiality;
(4) Is disclosed by the discloser to a third party without a duty of confidentiality on the third party;
(5) Is independently disclosed by NIST with the discloser's prior written approval; or
(6) Is developed independently by NIST without reference to the information
disclosed under the Non-disclosure Agreement.
5.06.07
APPROVAL PROCEDURES
a. The NIST Non-disclosure Agreement for Receipt of Proprietary Information
is available from the NIST Deputy Chief Counsel. If a Non-disclosure Agreement
other than the NIST model Non-disclosure Agreement is used, the NIST Deputy
Chief Counsel must approve before signature.
b. The NIST party(ies) desiring to receive proprietary information from an external party requests two copies of the NIST Non-disclosure Agreement for Receipt of Proprietary Information from the NIST Deputy Chief Counsel, completes the information requested, and signs both copies in the space provided. All NIST recipients must sign the Agreement.
c. The Non-disclosure Agreements are sent by the NIST party(ies) desiring to receive the proprietary information first to their OU Director through their division chief, along with a memorandum answering the "Due Diligence" questions below:
(1) The name of the organization disclosing the confidential information to NIST.
(2) A description of the subject matter to be disclosed with an explanation of why the owner of the information wishes to disclose it to NIST. Also, a description of why it is in the best interest of NIST to receive the proprietary information.
(3) The impact or consequences if NIST decides not to receive the proprietary information.
(4) Whether or not the proprietary information is related to a CRADA.
(5) A statement whether the proprietary information relates to any NIST-owned invention that has not yet been publicly disclosed or a NIST-owned invention that has been disclosed but not yet filed with the U.S. Patent and Trademark Office.
(6) The names of the NIST recipients. No non-NIST employee shall have access to proprietary information without the prior written approval of the NIST Deputy Chief Counsel.
(7) The proposed date of the requested disclosure.
(8) A statement as to whether the standard NIST Non-disclosure Agreement will be used or one provided by the discloser. If the latter, provide written clearance from the NIST Deputy Chief Counsel.
d. The OU Director reviews and signs each non-disclosure Agreement and ensures that the conditions specified herein for use of the Agreement are met.
e. The OU Director sends both copies of the Agreement for signature to the organization providing the proprietary information with instructions to return one fully signed copy.
f. The OU Director sends that copy to the NIST Deputy Chief Counsel and copies are retained by the OU Director, the Chief of the Industrial Partnerships Program, and the recipients of the proprietary information.
g. The division chief retains custody of the disclosed proprietary information which is held under lock and key when not in actual use.