Coc Proprietary Data

Proprietary and Technical Data

Proprietary and Technical Data

We must all work to protect Triad’s and the Laboratory’s proprietary, controlled, or sensitive information by marking information with appropriate restrictive legends and storing and distributing such information appropriately. If you have access to information about other Los Alamos National Laboratory staff or personally identifiable information of other individuals, this information should be protected in accordance with Laboratory policy, P204-1, Controlled Unclassified Information.

If you have knowledge of third-party proprietary information, you should ensure that the third-party proprietary information is not brought into The Laboratory or used by the Lab without the third party’s authorization. Questions regarding the status of third-party information should be directed to General Counsel.  

Summary of Policy

Employees may not use or disclose proprietary technical data or privileged information obtained through Triad employment for personal purposes, to gain an unfair advantage in the purchase of goods or services, or for any unauthorized activity.  This requirement is ongoing and generally continues even after an employee leaves the Laboratory. This information includes the following:

  • Unpublished information relating to technological and scientific developments.
  • Planned or proposed changes in program, organization, funding, or personnel assignments.
  • Research and engineering data, engineering drawings and associated lists, specifications, standards, technical reports, and related information.
  • Information about patents or other intellectual property.
  • Subcontractor and supplier bids or proposals.
  • Anticipated materials requirements or pricing action.
  • Knowledge about potential subcontract awards before the official announcement is made.
  • Data or information that is classified as “Controlled Unclassified Information” or “Official Use Only”, “Triad National Security, LLC, Contractor Owned and Proprietary Information”, “Cooperation Research and Development Agreement (CRADA) Protected Information,” or is otherwise marked as in confidence, privileged, proprietary, and/or sensitive.
  • Data or information (including software and/or data models) that has been obtained from a third-party engaged in a CRADA, Work for Others (WFO), or other technology transfer activity.

Do the Right Thing

  • Comply with any applicable nondisclosure agreements
  • Never use company, customer, supplier, or employee proprietary or privileged information other than for its intended business purpose.
  • Do not accept controlled, proprietary, or privileged information you are not authorized to receive and notify your supervisor or manager if you are requested to do so.
  • If you receive information that is not marked but you believe it may be controlled or proprietary, bring it to the attention of the person who gave it to you and follow up if necessary to make sure the information is properly marked and protected.
  • Do not send sensitive data to unattended printers.
  • Avoid discussions  of controlled, proprietary, or privileged information in places where others without a need-to-know might be able to overhear such as in elevators, on planes, or at conferences.

Common Questions

Any worker who has been granted access to matter containing Controlled Unclassified Information  must determine whether it falls within the scope of another worker’s official duties (Lawful Government Purpose) before granting access.  If you are unsure if they are entitled to the information, discuss with your manager.

Personally Identifiable Information (PII) is any information about an individual like Social Security Numbers, place and date of birth, mother’s maiden name, employment information, health information, and biometric records that if not protected adequately, could be used to compromise the identity or otherwise harm an individual.  PII must only be shared with others with a need-to-know for an official business purpose. Any email messages containing PII that leave the Laboratory must be encrypted through approved methods (i.e., Entrust, password protection). Any machine used off site that is not approved for PII processing is not allowed to have PII data on it. LANL is required to report the potential loss or compromise of PII immediately. If you suspect that PII has been lost, compromised, or improperly disclosed, report the suspected loss of PII to the Computer Security Incident Response Team (CSIRT) or the Security Incident Team (SIT). Questions regarding PII should be sent to Information Security Help or to the LANL Privacy Officer at privacy@lanl.gov.

If it is unclear whether certain information is privileged, the best approach is to ask the originator of the information and contact the Office of General Counsel at 667-3766.

Additional Resources: