On November 7, the Small Business Administration (SBA) released an advanced notice of Policy Directive amendments and a request for comment on revisions to Small Business Innovation Research (SBIR) and Small Business Technology Transfer (STTR) policy. The Policy Directive updates are intended to provide greater clarity on SBIR and STTR data rights.
The Small Business Act1 established that SBIR and STTR awardees retain rights to the data generated in performance of an SBIR or STTR award. Current SBA Policy Directives instruct agencies to protect from disclosure and nongovernmental use all SBIR and STTR technical data developed as part of work performed under a funding agreement — be it Phase I, Phase II, or a Federally funded Phase III — for a period of at least four years, unless the agency obtains permission from the awardee to disclose the data in question.2
The SBA, noting that it has heard from small businesses in the past that agencies administering SBIR and STTR programs have disclosed data to large contractors “in procurement specifications, solicitations, or through reverse engineering” and that government contractors are unaware of the special SBIR/STTR data rights, is seeking comments on the following clarifications:
- The extent to which the awardee owns the data it generates in performance of an award.
- The Government’s obligations to protect SBIR/STTR data from disclosure for at least four years following the delivery of the last deliverable of an SBIR/STTR award.
- During the protection period, the Government’s right to access, review and evaluate SBIR/STTR data, but not to modify the data.
- After the protection period expires, the Government’s right to use and disclose the data solely on behalf of the Government, which means that the Government may use and disclose data for competitive procurements (with non-disclosure agreements) but cannot use the data for commercial (non-governmental) purposes.
- Possible discrepancies between current FAR and agency supplemental regulations and SBA’s SBIR/STTR Policy Directives.
- The feasibility and helpfulness of a short form data rights option (especially for grant agencies). Such a short form would be a simple agreement stating that the Government receives essentially no rights to SBIR/STTR technical data. The simplified data rights option would be for any agency or specific award.3
The issue of data rights has long been a contentious aspect of the SBIR/STTR programs and played a large role in the debate over reauthorization of the SBIR/STTR programs, which culminated in passage of a reauthorization in December 2011 as part of the National Defense Authorization Act. Roundtables held over the years by the Senate Small Business and Entrepreneurship Committee examined and highlighted the problems inherent in how SBIR data rights are treated by federal agencies and prime contractors. As a result of these discussions, the SBIR/STTR Reauthorization Act of 2009 contained language to address Members’ concerns that relevant SBIR and STTR intellectual property protections are not being properly enforced and that this lack of enforcement impacts small businesses’ willingness to participate in the programs. In the Committee Report on the bill, the Committee made its concern clear and inserted language to instruct the Government Accountability Office (GAO) to conduct a study of the programs to determine if federal agencies are adhering to the data rights protections of SBIR awardees and if any clarifications of policy directives are necessary.4
Additionally, in updating the SBIR and STTR Policy Directives following the 2011 reauthorization of the programs, the SBA did not provide specific guidance on data rights. Shortly before the SBA released its original 2012 Policy Directive modifications, the GAO released its findings on data rights protections in the SBIR programs. Noting that the SBA was in the process “of amending the provisions of the SBIR policy directive that pertain to small businesses retaining the rights to data they generate in the performance of an SBIR award for not less than 4 years,”5 The GAO did not make any recommendations in the report as the SBA was currently revising its policies.
As the SBA looks to update its policies, small businesses with a stake in the SBIR and STTR programs should consider their needs for data protection and how the SBA and agencies administering SBIR/STTR programs can further innovation through their data policies.
The SBA is accepting comments on its data rights policy through January 6, 2015 a thttp://www.regulations.gov. Use case number RIN 3245-AG64.