Keeping Secrets: Laws Protecting Confidential Business Information Are Open to Interpretation
By Keller and Heckman LLP’s Packaging Practice Group
The U.S. Food and Drug Administration, like all federal agencies, is required under the Freedom of Information Act (FOIA) -- and, more specifically, Exemption 4 of that statute -- to protect from disclosure trade secret and confidential commercial and financial information.1 This statutory obligation is further reflected in FDA's public information regulations found in Part 20 of Title 21 of the Code of Federal Regulations.
With respect to the submission of Food Contact Notifications (FCNs) for substances used in packaging materials, FDA has stated, in its administrative guidance document, that at the completion of FDA's 120-day review period the information in an FCN, including all information incorporated by reference, that is not trade secret and confidential commercial information, will be made publicly available.
FDA recommends that a notifier submit an additional copy of its notification that identifies those portions that the notifier considers to be trade secret or confidential business information. However, while marking information in a submission to FDA as "Trade Secret --Confidential Commercial Information" may trigger FDA's review of that information for its disclosure status, it does not require the agency to treat it as exempt from public disclosure.2
Duty to Notify?
As the FCN program continues to evolve, FDA is increasingly requesting more detailed information regarding the impurity profile of substances being reviewed for clearance. In particular, the agency has requested, in some cases, a complete analytical report substantiating the presence of the impurities and their anticipated maximum level in the food-contact substance. FDA requests that information about impurities be reported in the same manner, and be of the same quality, as the migration study conducted for the food-contact substance itself. In addition, a submitter is asked to address the safety of each impurity to the extent that the food-contact substance is covered, including exposure and toxicity.
Data on impurities is often intricately tied to the highly confidential manufacturing process, as well as the raw materials that make up the food-contact substance. Therefore, a FOIA reviewer who reveals impurity data as part of the safety data that is typically releasable in an FCN could reveal highly sensitive trade secret information regarding the manufacturing process.
Given the continuing development of information requested by the agency in FCNs, the FDA would be well advised to review its policy surrounding the information released in FOIA copies of FCNs.
One significant question upon which the agency and industry disagree concerns FDA's duty to notify the submitter of an FCN when the agency disagrees with a claim of confidentiality. At a "stakeholders' workshop" on the FCN process held in October 2002, the agency acknowledged that the issue is handled in varying ways: some consumer safety officers (CSOs) do not contact the notifier when they disagree with a claim of confidentiality and decline to redact the information in the FOIA copy; other CSOs make it a standard practice to contact the notifier, putting them on notice that the material will be included in the FOIA copy and providing them an opportunity to respond.
It is our opinion that if the material claimed as confidential is considered to be disclosable information by the agency, the agency should notify the submitter of its decision prior to releasing the information, in order to allow the owner of the information to seek judicial relief. Not affording a company or individual this opportunity could have detrimental effects on both the submitter and the FDA itself.
From a notifier's standpoint, this practice is troubling, and raises the possibility of public disclosures that could be very harmful to the notifier's business interests. From the agency's perspective, a policy allowing for the release of sensitive material could, as a side effect, spur reluctance on the part of manufacturers to submit the kind of complete and candid notification or petition the agency seeks.3 This, of course, could result in the quality and credibility of the FDA submission system becoming compromised and unreliable.
Consequences Could Be Considerable
FDA's hit-or-miss policy of notifying submitters is particularly surprising in light of a pending $1.3 billion case that has been filed against the agency for its unlawful publication of trade secrets and confidences on the Internet.
On March 26, 2002, Jerome Stevens Pharmaceuticals (JSP) filed a claim under the Torts Claim Act against FDA alleging that FDA acted in violation of the Food, Drug, and Cosmetic Act, the Federal Trade Secrets Act, and FDA's own regulations when it posted trade secrets and confidences on its Web site that were contained in JSP's Oct. 19, 1999, New Drug Application. The information was available on the FDA's Web site from Aug. 22, 2000, to Jan. 23, 2001, without notice to, or approval from JSP, and despite protests from the company.
JSP's application was for a unique thyroid drug, the first of its kind to obtain FDA approval for marketing. There are approximately 13 million people in the United States who are diagnosed with a thyroid disease that could potentially benefit from JSP's drug and, therefore, there exists substantial business interest in, and competition in relation to these types of drugs. On Oct. 2, 2002, JSP filed suit against FDA in the U.S. District Court for the District of Columbia when FDA failed to act on the tort claim filing.
In the past, most complaints against FDA relating to FOIA requests alleged that the agency was too conservative in what it considered to be releasable information. Citizen groups have occasionally argued that information withheld from the public regarding drug testing and the like should have been made available for public review. In the food additive area, we are not aware of any complaints against the agency for being too conservative in its response to FOIA requests.
In short, if there is information in a submission that has been claimed as confidential and the reviewer is unsure of the confidential nature of the information, then the submitter should be contacted in advance of disclosure. To avoid inadvertent disclosure of confidential material, reviewers responding to FOIA requests should use as a guide the "sanitized," or redacted copy of the submission that accompanies each filing, which is recommended in FDA's Administrative Guidelines (Section V, May 2002).
Mistaken disclosures can be devastating to a manufacturer and, as JSP's case illustrates, can be legally actionable by the submitter. Plaintiffs can seek civil penalties in the form of injunctive relief and/or compensatory monetary relief (see 5 U.S.C. § 552a(g) (The Privacy Act of 1974)) and criminal penalties in the form of misdemeanor charges and fines up to $5000 (see 5 U.S.C. § 552a(i)(1)) against the agency and its officers.
In addition, under 18 U.S.C. § 1905, which covers disclosure of confidential information by public officers or employees, any employee who makes known, in any manner, or to any extent not authorized by law any information coming to him in the course of his employment shall be fined not more than $1000, or imprisoned not more than one year, or both; and shall be removed from office or employment.
Confidentiality Concerns Span the Globe
Interest in governmental transparency and access to public records has increased over the last few decades, especially with the advent of new information technologies and the growing use of the Internet. Consequently, many countries have adopted public information laws similar to the FOIA law in the United States.
For example, Canada's 1983 Access to Information Act provides for public disclosure of records, but exempts:
- (1) information submitted as part of an application that contains trade secrets;
(2) confidential scientific, technical commercial or financial information that is treated as confidential by the applicant in a consistent manner;
(3) information that, if disclosed, could reasonably be expected to result in material financial loss or gain, or negatively affect the competitive position of the applicant; and
(4) information that, if disclosed, could reasonably be expected to interfere with contractual obligations or negotiations of the applicant.4
Similarly, Australia's Freedom of Information Act of 1982 and Japan's recently enacted information disclosure law exempt trade secret and commercially valuable information from public disclosure.5
Some countries, including Scotland and the United Kingdom, have passed freedom of information legislation, but implementation of these laws is still pending. Others, including some in Central and South America, are currently considering laws governing access to information but have not yet enacted legislation.
When dealing with countries that have not codified legal protections for commercially valuable information, it is advisable for submitters to put confidentiality agreements in place. Similar protection should be sought when dealing with entities that may fall outside the requirements of freedom of information statutes, such as national testing laboratories or local consultants. If agents or regulatory bodies are unwilling to enter into formal non-disclosure agreements, assurance letters may be another way to document a request for confidential treatment. And, of course, trade secret information should be sanitized from submissions whenever possible.
In conclusion, submitters of information to government agencies must be very cognizant of the statutory protections -- or lack thereof --with regard to confidential business information. Marking information as proprietary in many instances may not be enough to trigger statutory requirements to withhold data from public disclosure. In this area, a little legal research can go a long way in preventing damaging disclosures and safeguarding valuable commercial data.
FOOTNOTES
15 U.S.C. § 552(b)(4).
221 C.F.R. § 20.27.
3The U.S. District Court for the District of Columbia, in Public Citizen v. FDA, 539 F. Supp. 1320 (May 11, 1982), based its decision on the confidential nature of information on a two-pronged test: (1) would disclosure of the information impair the government's ability to obtain necessary information in the future, and (2) would the disclosure cause substantial harm to the competitive position of the person who submitted the information. The same court, in Public Citizen v. FDA, 964 F. Supp. 413 (Feb. 24, 1997), used the same two-pronged test to make a determination that information was privileged and not to be disclosed under FOIA. In both cases, Public Citizen was seeking test data that was developed to support a drug or medical device innovation.
4Access to Information Act, 1980-1-82-83.c. 111, Sch. 1" 1".
5With regard to the Japanese law enacted in April 2001, apparently statutory protections for confidential commercial information are only extended to mandatory submissions to the government, (and not voluntary) at this time.