Principles
- Entities undertaking procurement should be familiar with Australian Government legislation and policies relevant to confidentiality in procurement, including the Privacy Act (1988), the Freedom of Information Act 1982 (FOI Act) and the Australian Government Protective Security Policy Framework.
- Throughout the procurement process, the Australian Government's confidentiality interests must be appropriately protected.
- When planning a procurement, entities should consider the nature of the procurement and whether it is likely to raise confidentiality issues for the Australian Government. Such issues can arise in a number of ways including where:
- potential suppliers need to have access to confidential information in order to understand the procurement and lodge a submission;
- the successful tenderer needs access to confidential information in order to fulfil the requirements of the contract; or
- the information generated as a result of performing the contract is confidential.
- Request documentation, including any draft contract, should reflect the entity's requirements for confidentiality and position on commercially sensitive information as assessed by the entity during the procurement planning process.
- Entities must ensure all submissions are treated as confidential for the duration of the procurement process. Similarly, all submissions must be kept confidential after the award of the contract. However, this does not preclude the reporting on AusTender of data that may have been included in the successful submission that is in turn transferred to the ultimate contract.
- Following the evaluation process, entities need to assess any supplier claims to confidentiality to determine whether the information should be treated as confidential. Entities should not agree to confidentiality clauses in contracts unless an assessment has determined, in accordance with this guidance, that the information to be covered by the clauses is confidential.
- There are two broad types of confidentiality clauses used in contracts:
- general confidentiality clauses, which either restate legislative obligations for confidentiality (such as under the Privacy Act (1988) or a secrecy provision) or set out a general understanding between the parties in relation to how they will deal with information when performing the contract; and
- specific confidentiality clauses, which protect the confidentiality of:
- all or part of the contract itself - such clauses would only be necessary where the contract needs to specify the information that the entity has determined is confidential; or
- information obtained or generated in performing the contract – such clauses can be used to protect commercial information that an entity has determined is confidential or for the protection of Australian Government material. Examples of such clauses include:
- the entity has access to the supplier's confidential intellectual property during the performance of the contract;
- a supplier needs to have access to sensitive security information in order to perform the requirements of the contract;
- new software is created under the contract giving rise to new confidential intellectual property; and;
- the contract is for a consultant to prepare a confidential report which is expected to deal with sensitive public interest issues.
- Confidential information should be managed in accordance with any relevant legislation and confidentiality provisions in the contract. Irrespective of the terms of the contract, disclosure of a supplier's confidential information may be necessary in some cases, for example to a parliamentary committee.
Practice
Procurement Planning
- Entities should consider whether the nature of the procurement may raise confidentiality issues for potential suppliers. Such issues can arise in a number of ways including where:
- potential suppliers include commercially sensitive information as part of a submission;
- the preferred supplier seeks to protect commercially sensitive information contained in the contract; or
- the preferred supplier seeks to protect commercially sensitive information during and after the performance of the contract.
- Where a procurement may give rise to specific claims for confidentiality by potential suppliers, the planning of the procurement should take account of this by:
- managing the extent to which potential suppliers are required to submit commercially sensitive information in their submissions;
- assessing whether any potential claims to confidentiality would be consistent with the requirements of the particular procurement. For example, if an entity is engaging a consultant to write a report that the entity intends to publish or use in other ways, a potential claim for confidentiality by a supplier to protect intellectual property in relation to the report would be inconsistent with the entity's requirements for a published work;
- assessing the longer-term implications of protecting information as confidential. For example, determining whether the information would need to be provided to a third party during a transition to a new supplier; and
- clearly informing potential suppliers, for example in request documentation, of the entity's position in relation to supplier claims for confidentiality.
Approaching the market
- Where the confidentiality interests of the Australian Government need to be protected during an approach to market, entities may:
- require potential suppliers to sign confidentiality undertakings before being given access to confidential information. For more complex procurements it may also be appropriate to consider the use of secure facilities (for example a data room);
- use evaluation criteria to assess the ability of potential suppliers to comply with confidentiality requirements;
- make potential suppliers aware of any legislative requirements that may apply to them if they are awarded the contract; and
- use appropriate contractual provisions and include these in the draft contract issued with the Request for Tender.
- Where supplier confidentiality issues may arise, entities can:
- invite potential suppliers with a claim for contractual confidentiality to specify in writing what information they seek to have kept confidential;
- include an evaluation criterion that allows claims for contractual confidentiality to be considered within the assessment of value for money. For example, potential suppliers may have different positions on the protection of intellectual property; and
- include an appropriate confidentiality clause in the draft contract.
- Where confidentiality issues should not arise, or where the entity is not prepared to provide protection for commercially sensitive information after the award of the contract, the entity should:
- clearly state this position in the request documentation and the draft contract; and
- ask potential suppliers to agree in writing that they do not require any information to be kept confidential after the award of the contract.
- Entities should inform potential suppliers that disclosure of information may be required, regardless of any contractual requirements to maintain confidentiality, to parliamentary committees, the Auditor-General, the public under the provisions of the FOI Act (unless exempted) and, if required, the courts. Request documentation and any draft contract should have clauses specifying that entities are required to disclose information in these circumstances.
Handling and evaluating submissions
- When evaluating submissions, it is open to the entity to assess the potential supplier's ability to meet the confidentiality obligations of the Australian Government, in accordance with stated evaluation criteria.
- It is also open to the entity to evaluate submissions having regard to potential suppliers' claims for confidentiality where this is consistent with the stated evaluation criteria. The extent to which potential suppliers seek protection of particular information, such as intellectual property, may impact on the overall cost and risk of the proposal, for example transition and maintenance costs.
Awarding a contract
- The four below criteria comprise the 'Confidentiality Test' which must all be met for a supplier's commercial information to be considered confidential. These are:
- Criterion 1: The information to be protected is specifically identified. A request for inclusion of a provision in a contract that states that all information is confidential does not pass this test. Individual items of information, for example pricing, must be separately considered. However, where an entity contract may be used for future cooperative procurements entities generally should not include provisions that would prevent other Commonwealth agencies from accessing the terms and conditions, including pricing of the contract.
- Criterion 2: The information is commercially ‘sensitive'. The information should not generally be known or ascertainable. The specific information must be commercially ‘sensitive' and it must not already be in the public domain. A request by a potential supplier to maintain the confidentiality of commercial information would need to show that there is an objective basis for the request and demonstrate that the information is sensitive.
- Criterion 3: Disclosure would cause unreasonable detriment to the owner of the information or another party. A potential supplier seeking to maintain confidentiality would normally need to identify a real risk of damage to commercial interests flowing from disclosure which would cause unreasonable detriment. For example, disclosure of internet price lists would not harm the owner, but disclosure of pricing information that reveals a potential supplier's profit margins may be detrimental.
- Criterion 4: The information was provided under an understanding that it would remain confidential. This requires consideration of the circumstances in which the information was provided and a determination of whether there was a mutual, express or implied understanding that confidentiality would be maintained. The terms included in request documentation and in draft contracts will impact on this. For example, a request for tender and draft contract which included specific confidentiality provisions would support an assertion by a potential supplier that the entity has agreed to accept information on the understanding that it would remain confidential.
- Categories of information that may meet the requirements of the Confidentiality Test include:
- internal costing information or information about profit margins;
- proprietary information, for example information about how a particular technical or business solution is to be provided that may compromise the supplier's commercial interests elsewhere, including competing in future tender processes;
- pricing structures (where this information would reveal whether a potential supplier was making a profit or loss on the supply of a particular good or service);
- artistic, literary or cultural secrets. These may include photo shoots, historic manuscripts, or secret indigenous culture; and
- intellectual property including trade secrets and other intellectual property matters where they relate to a potential supplier's competitive position.
- Commercial information that would not generally be considered to be confidential include:
- performance and financial guarantees;
- indemnities;
- the price of an individual item or group of items;
- rebates, liquidated damages and service credits;
- performance measures;
- clauses which describe how intellectual property rights are to be dealt with; and
- payment arrangements.
- When awarding a contract, if the entity decides that information should be kept confidential, appropriate confidentiality clauses should be included in the contract. The contract should also contain appropriate clauses to ensure information can be disclosed to Parliament, its committees or the Auditor-General to comply with accountability obligations.
- The reasons for agreeing to any confidentiality provisions should be documented by the entity.
- If an entity decides that the claimed material does not meet the requirements for confidentiality, the potential supplier must be advised of this and offered the opportunity to withdraw or provide further information in support of the claim for confidentiality. If agreement cannot be reached and a contract cannot be awarded, the entity may need to approach the next preferred potential supplier.
- Where appropriate, entity should ensure that contract confidentiality provisions do not preclude the provision of contract information to other entities for comparative value for money analysis purposes.
Quality Assurance
- Entities should consider implementing quality assurance mechanisms when assessing suppliers' claims for confidentiality of contractual information to help ensure that confidentiality clauses are used appropriately.
- For example, an entity operating a devolved procurement environment may specify that if a potential supplier requests that information remain confidential, then the line area conducting the procurement should refer the request to a central procurement and/or legal team for review before the contract is executed.
- Entities could also provide guidance and offer training to assist procurers to understand their obligations.
Reporting Confidentiality on AusTender
- Appropriate quality assurance processes should also be implemented prior to uploading contract data on AusTender to ensure the accuracy of reported contract information.
- Further guidance on reporting confidentiality can be found in Resource Management Guide No. 423 Procurement Publishing and Reporting Obligations
Management of contractual information
- Where a supplier's confidential information is required to be disclosed and this is inconsistent with the terms of the contract, written notice should be given to the supplier concerned prior to disclosing the information.
- Depending on the terms of the contract, confidential information may remain confidential for the period of the contract, a period specified in the contract, or as governed by legislation. Confidentiality of information should only be maintained for the length of time that the information remains sensitive. Generally this should not be for an unlimited period.
- Where the sensitivity of confidential information has diminished, entities are open to negotiate with suppliers the removal of confidentiality provisions. If this situation arises, entities should reassess the information based on this guidance.
TIPS
- Even if a procurement process does not involve seeking submissions from potential suppliers, entities should ensure that before potential suppliers provide information, they are made aware of the Australian Government's reporting and disclosure obligations and the entity's position in relation to dealing with commercially sensitive information. This could be done using a draft contract or through other forms of communication with potential suppliers.
- Entities should take care to ensure that when dealing with potential suppliers they do not make representations about maintaining the confidentiality of suppliers' commercial information that are inconsistent with the request documentation or the draft contract.
Tips - Case Studies on the Confidentiality Test
Business/delivery methodology
- A potential supplier has identified as confidential in its submission the specification of how it delivers its services. The potential supplier claims (and the entity agrees) that the methodology has been developed using its 'smart' (original or innovative) solution and disclosure is likely to result in competitors adopting the methodology, diminishing its commercial value and adversely affecting the potential supplier's competitive position in the market. Only the potential supplier and a small number of its employees know the methodology. In the approach to the market, potential suppliers were invited to specify what, if any, information they sought to protect as confidential.
- Assessment of the information against the confidentiality criteria would see:
- Criterion One – Met
- The information is specifically identified, comprising information on the service delivery methodology for the services.
- Criterion Two – Met
- The information has the quality of confidentiality as the information is known only to a small number employees and continuing non-disclosure of the 'smart' methodology provides the potential supplier with a competitive advantage.
- Criterion Three – Met
- Disclosure of the information is likely to adversely impact the potential supplier's commercial interests as its competitors would be able to compete for work either using or adapting the methodology, which would remove the potential supplier's competitive advantage in this area.
- Criterion Four – Met
- Since the entity has invited potential suppliers to specify what information is to be kept confidential and the service delivery methodology has been specified, it appears that the information was provided on the understanding that the information would be kept confidential.
- Accordingly, it would be open to an entity to decide that the service delivery methodology meets the criteria of the Confidentiality Test. If an entity decided that the information should be protected as confidential the entity could agree to include an appropriate confidentiality clause in the contract.
- Criterion One – Met
Service level measures
- Service based contracts may contain measures to reward good service delivery and to reduce payment for poor service delivery. The measures set the levels for a reward/reduction regime.
- A potential supplier requests that service level measures be treated as confidential on the basis that disclosure would enable competitors to estimate its cost structure and therefore damage its commercial interests. The service level measures have been specifically developed for the proposed contract and are not known to anyone except the supplier and the entity. The entity has not made any representations, either in the tender documentation, or verbally, to the effect that the service level measures would be treated as confidential.
- Analysis of the service level measures against the criteria for confidentiality indicates that they do not meet the test:
- Criterion One – Met
- The information identified as confidential is specific in so far as it includes the service level measures in the contract.
- Criterion Two – Not met
- Although the information is not widely known, the supplier's pricing structure could not be estimated by reference to these measures alone. The relevant clause merely sets targets for the supplier.
- Criterion Three – Not met
- Disclosure of the service level measures is unlikely to cause unreasonable detriment to the supplier, taking into account the conclusions in the previous point.
- Criterion Four – Not met
- A mutual understanding of confidentiality of the service level measures does not exist at this point.
- Whilst the service level measures in this simplified example would not be confidential based on the above analysis, agencies should be conscious that the quantum of financial imposts or rewards raises similar issues to those applicable to pricing information. For example, contracts that provide for profit to be at risk or shared depending on performance may disclose the supplier's underlying cost structure.
- Criterion One – Met
Pricing information
- Each request for confidentiality of pricing information should be considered on its merits.
- Generally, the fact that disclosing pricing information would make life more difficult for the supplier is not sufficient reason. For example, a potential supplier may claim confidentiality on the basis that it does not want its competitors to know its prices. However, transparency of such information could, potentially, lead to increased competition and better value for money outcomes for the Government.
- The examples below focus on assessing whether individual elements of a pricing methodology would be confidential. Although a specific element may be assessed as not meeting the confidentiality criteria, the complete methodology may nevertheless warrant protection if it meets the test for confidentiality, for example because it provides sufficient information to make a reasonable estimate of a supplier's profit margin.
Total price
- In contract negotiations, a potential supplier of human resource services asks an agency to maintain the total price of a proposed contract as confidential on the basis that release of the information would enable its competitors to estimate future bids by the organisation. In previous discussions with the potential supplier, the agency indicated that the Australian Government is required to report the contract price on AusTender. The request for tender also highlighted this requirement.
- Analysis of the request indicates that the claim does not meet the test for confidentiality:
- Criterion One – Met
- The information identified as confidential is specific, being the total price of the contract.
- Criterion Two – Not met
- The total price does not have the quality of confidentiality after a contract is signed. Despite the potential supplier's claim, the information is not commercially sensitive in a contract because it does not provide sufficient detail to enable competitors in the market to determine the potential supplier's cost structures and profit margins.
- Criterion Three – Not met
- Disclosure of the total price would not damage the service supplier's commercial interests given the issues raised in the previous point. In relation to the potential supplier's claims, future bids by the organisation would need to address the statement of requirements, which may involve the provision of different services, service levels, and possibly, use of different service delivery methods. Accordingly, disclosure of the total price in this case is unlikely to provide sufficient information for the potential supplier's competitors to determine the likely price of future bids by the supplier.
- Criterion Four – Not met
- An understanding of confidentiality does not exist between the agency and potential service supplier at this point.
- Based on this analysis, it would generally not be appropriate for an entity to agree to a request to maintain confidentiality as not all of the criteria have been met.
- Criterion One – Met
Price of individual items or groups of items
- While prices for individual items or groups of items of property or services would not generally be confidential, there may be some exceptions. Confidentiality would not be appropriate if the pricing information is generally known. However, if individual prices for items forming part of the contractual requirements would disclose underlying costs and profit on that item or other commercially sensitive information such as special discounts, (see below), a potential supplier may legitimately claim that the information is confidential.
- A simple example of a case where a unit price would not be confidential is where a potential supplier has advertised the price that will be charged in a catalogue:
- Criterion One – Met
- The information identified as confidential is specific information.
- Criterion Two – Not met
- The information on the price of the item is publicly advertised and, as such, non‑disclosure would not provide the potential supplier with any ongoing benefit.
- Criterion Three – Not met
- Disclosure of the information is unlikely to adversely affect the commercial interests of the potential supplier, as the price is already publicly available.
- Criterion Four – Not met
- In the absence of any explicit agreement that the unit price would be maintained as confidential, there would not be a mutual understanding of confidentiality.
- Based on this analysis, it would not be appropriate for an agency to agree to a request to maintain confidentiality as the criteria have not been met.
- Criterion One – Met
Discounts
- A potential supplier may claim confidentiality of pricing information for reasons other than those discussed above. For example, it may be providing the entity with a considerable discount. The potential supplier may properly seek confidentiality of the discount information if it can establish that it would suffer unreasonable detriment if the level of discount offered were disclosed. For example, the potential supplier may be able to demonstrate that its financial interests would be prejudiced if its other customers were to know of and seek similar levels of discount as those available to the entity, or that disclosure of discount information would enable competitors to determine the actual cost of the property or services.
- As discounts may or may not be confidential, depending on the circumstances, entities should consider requests to maintain confidentiality of such information on a case-by-case basis.