Express law No. 239

8 October 2015

ANAO releases audit report on confidentiality in procurement

On 30 September the ANAO published its annual audit of Commonwealth entities' compliance with:

The ANAO's audit report, Confidentiality in government contracts, found that there is scope for government entities to improve their reporting and also the way they assess suppliers' claims for confidentiality.

Senate Order Reporting Requirements

Under the Senate Order, each Minister is required to submit, for each Non-Corporate Commonwealth Entity they are responsible for, a list of all contracts entered into with a value at over $100,000 detailing (amongst other things) whether or not such contracts contain confidentiality provisions. Guidance on the application of the Senate Order is provided in Resource Management Guide No. 403: Meeting the Senate Order on Entity Contracts (RMG 43).

The ANAO audited entities' compliance with reporting requirements under the Senate Order by reviewing the contract listings as well as conducting a detailed examination of 101 contracts across 4 Commonwealth entities to determine whether their confidentiality provisions complied with the Confidentiality Policy.

The ANAO found that 84% of entities published contract listings on time, and 72% of entities tabled the Ministers' letters on time. However, only 24% of the entities audited fully met all aspects of the Contract listing requirements. A more detailed focus on reporting may assist entities in this regard – the ANAO found that 'the most common error was the inclusion of contracts that had start or end dates outside the required date range for the 2014 calendar year reporting period'.

The Confidentiality Policy

The Confidentiality Policy sets out government policy on what types of information included in a contract with an external supplier can be considered confidential.

To ensure that confidentiality provisions are used appropriately, the Confidentiality Policy contains a 'Confidentiality Test' that must be applied to a supplier's information to determine if that information should be considered confidential. The Confidentiality Test consists of four criteria:

  1. The information to be protected must be specifically identified.
  2. The information must be commercially 'sensitive'.
  3. Disclosure of the information would cause unreasonable detriment to the owner of the information or another party.
  4. The information was provided under an understanding that it would remain confidential.

In order to assess entities' compliance with the Confidentiality Policy the ANAO audited 101 contracts from 4 entities.

Criterion 1: the information to be protected is specifically identified

The ANAO found that 58% of the contracts it surveyed incorrectly addressed criterion 1 by failing to specifically identify the information in the contract to be treated as confidential.

To address the issues raised by the ANAO, you could consider the following points:

  • Do not accept general descriptions of information such as 'proprietary information', 'trade secrets', 'intellectual property' or even 'pricing'. The description should be specific enough such that the supplier's confidential information can be specifically identified and then managed.
  • Where a transaction uses a template contract with confidentiality provision but no information is specified for that transaction, the contract should not be reported as having a confidentiality provision.
  • The Confidentiality Policy does not apply to information generated as a result of performing the contract, which may be designated as confidential.

Criterion 2 and 3: commercial sensitivity and unreasonable detriment

The ANAO found that 52% of the contracts it surveyed incorrectly addressed criterion 2 and/or criterion 3.

Information that can be considered confidential

The ANAO report provides a number of examples which might satisfy these criteria of confidentiality:

  • pricing information that would reveal a supplier's cost or profit margins
  • unique industrial processes, formulae, product mixes, customer lists, engineering and design drawings and diagrams, and accounting techniques
  • personal information requiring protection under the Privacy Act 1988 (Cth)
  • information of a nature that should be protected on the basis of public interest or under statutory secrecy provisions.

However, the ANAO found that 22 of the 42 contracts that met criteria 1 (ie specifically identified the confidential information) did not meet the Confidentiality Test because the information specified as being confidential was not contained in the contract. For example, 14 of those contracts claimed protection of supplier internal costing/profit information, but those contracts did not in fact contain any pricing information that revealed the suppliers' internal costs or profit margins.

When considering these criteria, you should consider the following:

  • The assessment of whether to accept information as confidential needs to take into account both the interests of the entity and the public interest, as well as the supplier's interests
  • The total contract price should never be confidential, as this needs to be reported
  • Disclosure of aggregated pricing (for example, the annual cost of individual services) is not something that would typically cause unreasonable detriment to the supplier. However, the daily or hourly rates of particular employees or classes of employees might be commercially sensitive and cause detriment to the supplier if disclosed because a competitor might be able to use this information, together with the total contract price, to work out the supplier's approximate cost structures and profit margins.

Criterion 4: confidentiality based on prior understanding

For the purposes of the audit the ANAO made the assumption that where the entity had satisfied Criteria 1, the entity would also have checked that Criteria 4 had been satisfied.

While the ANAO did not separately address this criterion, it does need to be considered by entities. Decisions about what information, if any, is to be treated as confidential under the resulting contract should be based on the supplier's response to the approach to market. If the supplier did not provide the information on the basis it was to remain confidential, you should not ordinarily agree to treat it as confidential after the fact.

Period of confidentiality

The ANAO was also critical of the fact that almost half of the audited contracts stipulated the period of confidentiality as continuing forever.

Under the Confidentiality Policy, information should generally not be kept confidential for an unlimited period. At most, the time period should be in line with entity's records authorities or the general records authorities under the Archives Act 1983 (Cth). Also, commercial detriment is likely to reduce over time, so information should generally remain confidential for only a limited period of time. For example, detailed price information that is disclosed in a contract might have little potential detriment to the supplier once that information is few years old.

ANAO recommendations

One of the ANAO's 3 recommendations was that entities ensure they have appropriate processes in place that are followed when implementing the Confidentiality Policy:

'2. When considering requests to keep information contained in a contract confidential, entities should implement procedures that require:

(a) a case-by-case assessment of supplier requests against the Confidentiality Test; and
(b) adequate documentation of the reasons for agreeing to keep specific information in contracts confidential.'

The ANAO also recommended entities take steps to improve the accuracy of their reporting:

'3. To improve the quality of information on AusTender, the ANAO recommends that entities implement appropriate quality assurance processes upfront at the point of contract creation to confirm the completeness and accuracy of reported contract information.'

Further information

The Department of Finance has published some Case Studies on the application of the Confidentiality Test. In addition, AGS has published Fact sheet 25: Confidentiality considerations for tenders, funding programs and other government initiatives (February 2015) to assist agencies in identifying and protecting confidential information.

AGS specialists can assist entities in all aspects of their procurement processes, including compliance with the Confidentiality Policy.

For further information please contact:

Kenneth Eagle
National Group Manager Commercial
T 03 9242 1290

Tony Beal
Deputy General Counsel Commercial
T 02 6253 7231

Helen Curtis
Senior Executive Lawyer Commercial
T 02 6253 7036

Joseph Cram
Lawyer Commercial
T 02 6253 7070

Important: The material in Express law is
provided to clients as an early, interim view for general
information only, and further analysis on the matter
may be prepared by AGS. The material should not be
relied upon for the purpose of a particular matter.
Please contact AGS before any action or decision is
taken on the basis of any of the material in this message.