DFARS Part 224 - Protection Of Privacy And Freedom Of Information

The DFARS – 2025
The Defense Federal Acquisition Regulation
Supplement
A Complimentary Webinar Series
JSchaus & Associates – Washington DC – hello@Jenniferschaus.com

The DFARS – 2025 - The Defense Federal Acquisition Regulation Supplement
ABOUT THE SERIES:
We’ll cover each PART of THE DFARS
Typically held Wednesdays + Fridays @ 12pm ET
Complimentary + Recorded
VIDEOS Posted on YouTube
https://www.youtube.com/@jenniferschaus/videos
PPTs Posted on SlideShare
https://www.slideshare.net
Sponsor/Advertising Options Available

ABOUT THE SERIES:
WHERE TO REGISTER

ABOUT THE SERIES:

ABOUT US:
Services for FED GOV CONTRACTORS:
Washington DC based;
Professional services for established gov cons:
Market Analysis,
Proposal Writing
GSA Schedules; VA Schedules, FEDLink, etc.
Contract Administration, etc.

DFARS – 2025 - Defense Federal Acquisition Regulation Supplement
Executive Order EO 14240
Consolidating domestic Federal procurement in the General Services
Administration — the agency designed to conduct procurement — will
eliminate waste and duplication, while enabling agencies to focus on their core
mission of delivering the best possible services for the American people.
LET US HELP YOU GET ON THE GSA SCHEDULE – hello@JenniferSchaus.com

ABOUT US:
Services for THOSE SELLING TO FED GOV CONTRACTORS:
Newsletter Advertising
Webinar Sponsorship
Event Sponsorship
Sponsored Content Newsletters + Webinars
Social Media Postings
Video Hosting - YouTube
Ask us for a MEDIA KIT!

MONDAY - JUNE 23 – Gov Con Summer
Soiree
Networking Event at The John F Kennedy
Center
ATTEND or SPONSOR:
https://june2025govcon.eventbrite.co

Marketing TO Federal Contractors?
Digital Advertising Offer
38K+ Newsletter Subscribers
85% Federal Contractors
29% Open Rates (12 Mo Ave)
4% - 12% Click Rates (12 Mo Ave)
--------------------------------
hello@JenniferSchaus.com for details

THANK YOU TO OUR WEBINAR IN KIND SPONSORS

THANK YOU TO OUR WEBINAR PAID SPONSORS

VISIT: https://wrkplan.com
POC: AnitaB@wrkplan.com
SOFTWARE FEATURES:

• Ataira Government
• Cloud Licenses and
Services
• Managed IT Administration
and Security Services
• Business Intelligence, Data
Engineering and Analytics
• Security Assessments,
Hardening, Compliance
• Microsoft Cloud Software for
Government and
Contractors
• Contact Us
• sales@ataira.com
• https://www.ataira.com/Government/Services
UEI: XUNLJXK5RSS5

Reach the government and military community
with your public sector content, thought
leadership, products, services, and more.
Make the Most of Your Expertise
Build trust and
credibility
Boost awareness
of your brand
Elevate your
expertise
Promote your
products or services
Improve SEO
Support content
marketing efforts
with syndication
options
Your complimentary membership allows you to post
your white papers, research reports, datasheets, and
more, for free!
Have the expertise, but not the content? Our team
can help! Please contact
Stephanie.Gravel@govevents.com

THE DFARS – PART 224

DFARS PART #: 224
DFARS PART: Protection Of Privacy And Freedom Of
Information
SPEAKER: Karen Harbaugh
FIRM: Squire Patton Boggs
EMAIL: karen.harbaugh@squirepb.com
TODAYS SPEAKER + TOPIC

DFARS PART #: 224
DFARS PART: Protection Of Privacy And Freedom Of
Information
SPEAKER: Greg Jaeger
EMAIL: greg.jaeger@squirepb.com
TODAYS SPEAKER + TOPIC

DFARS PART 224
Protection Of Privacy And Freedom Of Information

The opinions expressed in today’s webinar and this slide
presentation are those of the presenters and do not
necessarily reflect the views of Squire Patton Boggs (US) LLP,
its clients, or any of its or their respective affiliates. This
presentation is for general information purposes and is not
intended to be and should not be taken as legal advice.
DFARS Part 224: Protection of Privacy and Freedom of
Information

THE REGULATION:
Subpart 224.1—Protection of Individual Privacy
224.103 Procedures.
(b)(2) DoD rules and regulations are contained in DoDI 5400.11,
DoD Privacy and Civil Liberties Programs; DoD 5400.11-R, Department of
Defense Privacy Program; and DoDM 5400.11, DoD Privacy and Civil Liberties
Programs: Breach Preparedness and Response Plan.
Information

THE REGULATION:
Subpart 224.2—Freedom of Information Act
224.203 Policy.
(a) DoD implementation is in DoDD 5400.7, DoD Freedom of
Information Act Program, and DoD 5400.7-R, DoD Freedom of Information Act
Program.
Information

• DFARS Part 224:
• The Privacy Act of 1974 (Privacy Act) (5 U.S.C. § 552a)
• FAR Part 24 (Protection of Privacy and Freedom of Information)
• The Freedom of Information Act (FOIA)
Information

• The DoD Privacy Program:
• DoD Instruction 5400.11 DoD Privacy and Civil Liberties Program
• DoD 5400.11-R Department of Defense Privacy Program
• DoDM 5400.11, DoD Privacy and Civil Liberties Programs: Breach
Preparedness and Response Plan.
• DoD FOIA Program:
• DoD Directive 5400.7 DoD Freedom of Information Act Program
• DoD Manual 5400.7 DoD Freedom of Information Act Program
Information

The Privacy Act of 1974
• The Privacy Act:
• Regulates the collection, maintenance, and use of personal information
(“PII”) by federal executive agencies and prohibits them from
disseminating such information without an individual’s consent.
Information

Information
The Privacy Act of 1974 (cont.)
• Provides individuals with the right to: (i) access government records
relating to oneself, subject to certain exemptions; (ii) amend
inaccurate, irrelevant, untimely or incomplete records; and (iii) sue the
Government for violations of the statute.
• Requires agencies to ensure (i) the accuracy and relevancy of records,
(ii) that information about individuals is collected directly from the
subject individual to the greatest extent practicable; and (iii) that the
collection of certain types of information, e.g., information regarding
exercise of First Amendment rights, is restricted.

The Privacy Act and Government Contractors
• 5 U.S.C. § 552a (m)(1) provides: “When an agency provides by a contract for the
operation by or on behalf of the agency of a system of records to accomplish
an agency function, the agency shall, consistent with its authority, cause the
requirements of this section to be applied to such system. For purposes of
subsection (i) of this section any such contractor and any employee of such
contractor, if such contract is agreed to on or after the effective date of this
section, shall be considered to be an employee of an agency.
Information

The Privacy Act and Government Contractors (cont.)
• 5 U.S.C. § 552a (i) provides for criminal penalties against “any officer or
employee of an agency” for wrongfully disclosing “individually identifiable
information,” wrongfully requesting or obtaining an individual’s records, or
maintaining a system of records with meeting the notice requirements of the
Act.
• Takeaway: Because Government contractors and their employees are
considered employees of the Government, criminal penalties for privacy
violations are possible.
Information

FAR Part 24 – Protection of Privacy and Freedom of Information
Subpart 24.1 – Protection of Individual Privacy
This Subpart generally provides that “when an agency contracts for the design,
development, or operation of a system of records on individuals on behalf of
the agency to accomplish an agency function the agency must apply the
requirements of the Act to the contractor and its employees working on the
contract.”
Information

Subpart 24.1 – Protection of Individual Privacy (cont.)
The Subpart provides the following relevant definitions:
• Personally identifiable information means information that can be used to
distinguish or trace an individual's identity, either alone or when combined
with other information that is linked or linkable to a specific individual. (See
Office of Management and Budget (OMB) Circular No. A-130, Managing
Federal Information as a Strategic Resource).
Information

Subpart 24.1 – Protection of Individual Privacy (cont.)
• Record means any item, collection, or grouping of information about an
individual that is maintained by an agency, including, but not limited to,
education, financial transactions, medical history, and criminal or employment
history, and that contains the individual’s name, or the identifying number,
symbol, or other identifying particular assigned to the individual, such as a
fingerprint or voiceprint or a photograph.
• System of Records means a group of any records under the control of any
agency from which information is retrieved by the name of the individual or by
some identifying number, symbol, or other identifying particular information
assigned to the individual.
Information

FAR Part 24 – Protection of Privacy and Freedom of Information
Subpart 24.1 – Protection of Individual Privacy (Privacy Act)
Under this Subpart, the agency must apply the Privacy Act to the Contractor and
its employees working on the contract if the contracting officer determines a
contract will involve design, development, or operation of system of records on
individuals to accomplish an agency function.
To that end, a contracting officer is required to: Ensure statement of work
specifically identifies the system of records on individuals and the design,
development or operation work to be performed.
Information

Subpart 24.1 – Protection of Individual Privacy (Privacy Act) (cont.)
• Make available to the contractor agency rules and regulations implementing
the Privacy Act.
• Insert in solicitations and contracts:
• FAR 52.224-1, Privacy Act Notification
• FAR 52.224-2, Privacy Act
• Note: There are additional provisions in FAR 24.3 requiring contractors to
provide Privacy Training.
Information

FAR Subpart 24.2 – Freedom of Information Act
• Subpart 24.201: FOIA provides that information is to be made available to the
public by (a) publication in the Federal Register, (b) providing an opportunity
to read and copy documents at convenient locations or (c) upon request,
providing a copy of a reasonably described record.
• Subpart 24.202 prohibits the disclosure of (i) proposals submitted in response
to a competitive solicitation unless set forth or incorporated by reference in a
contract; (ii) FOIA-exempt data obtained pursuant to FAR 15.403-3(b) (where
additional data is needed despite adequate price competition to determine
price reasonableness); or (iii) dispute resolution communications between a
neutral and a party to alternative dispute resolution.
Information

FAR Subpart 24.2 – Freedom of Information Act (cont.)
• Subpart 24.203: Instructs contracting officers on how to respond to requests
for records that may be exempted from mandatory public disclosure and
identifies the exemptions most often applicable: classified information, trade
secrets and confidential commercial or financial information, interagency or
intra-agency memoranda, or personal and medical information pertaining to
an individual. Other exemptions are for agency personnel practices and law
enforcement. Contracting officers are required to comply with agency
implementing regulations and are advised to consult agency FOIA officers.
Information

The Freedom of Information Act (FOIA)
• FOIA, 5 U.S.C. § 552, provides the public the right to request access to records
from any federal agency.
• Federal agencies are required to disclose any information requested under
the FOIA unless it falls under one of nine exemptions.
• Any person (whether a US citizen or not) may request agency records on any
topic, subject to nine exemptions and three exclusions.
Information

The Freedom of Information Act (FOIA) (cont.)
• FOIA Exclusions:
1. Ongoing criminal law enforcement investigation
2. Criminal informant records
3. FBI records relating to foreign intelligence/counter-intelligence, or
terrorism
Information

The DFARS – 2025 - The Defense Federal Acquisition Regulation Supplement (cont.)
Information
FOIA Exemptions
Information classified as secret
for national defense or foreign
policy purposes.
Privileged or confidential trade
secrets, commercial, or financial
information.
Certain records compiled for law
enforcement purposes.
Information solely related to
agency internal personnel rules
and practices.
Inter- or intra-agency memoranda or
letters that would not be available by
law except to another agency in
litigation (e.g., protected by
deliberative process privilege,
attorney-client privilege, or work
product protection).
Information relating to regulation or
supervision of financial institutions.
Information prohibited from
disclosure by another federal
law.
Personnel, medical, or similar files. Geological and geophysical
information and data concerning
wells

DoD Privacy and Civil Liberties Program
• The Defense Privacy, Civil Liberties, and Transparency Division (DPCLTD) is
charged with implementing the DoD Privacy and Civil Liberties programs
through advice, monitoring, official reporting and training.
Information

DoD Privacy and Civil Liberties Program (cont.)
• DoD reported that, from October 1, 2023 to September 30, 2024, the
number of “Privacy and Civil Liberties Reviews” performed broke down as
follows:
Information
Description of Review Number of Reviews
System of Records Notices (SORNs) 4 New, 8 Modified, 23 Rescinded
Exemption Rules 4
Matching Agreements 3
Privacy Breach Reviews 2,195
SSN Justification Memoranda 80
DoD Issuances, Federal Legislation, Testimony, and
Reports
366

Privacy Act Data Breach Lawsuits
• Generally, plaintiffs in Privacy Act Data Breach lawsuits must demonstrate
“injury in fact” for purposes of standing. This has led to dismissal of some suits
involving government data breaches. See, e.g., Welborne v. Internal Revenue
Service, 218 F. Supp. 3d 64 (D.D.C. 2016) (Plaintiffs sued IRS based on disclosure
of their personal identifying identification information to third parties as the
result of a cybersecurity breach).
Information

Privacy Act Data Breach Lawsuits (cont.)
• The Supreme Court has ruled that, to plead standing, plaintiffs must allege: (1)
“an injury in fact,” (2) that is “fairly traceable” to the defendant’s alleged actions,
and (3) “likely to be redressed” by a positive judicial outcome for the plaintiff.
Spokeo, Inc. v. Robins, 578 U.S. 330, 338 (2016). More recently, the Supreme
Court also ruled that, in cases where plaintiffs assert “intangible harm,” courts
must consider whether the plaintiff has “identified a close historical or
common-law analog for their asserted injury,” such as “reputational harms,
disclosure of private information, and intrusion upon seclusion.” TransUnion
LLC v. Ramirez, 594 U.S. 413, 424-25 (2021).
Information

Privacy Act Data Breach Lawsuits (cont.)
• Courts nationwide have been using a lack of standing as a basis for dismissing
data breach suits, finding that plaintiffs must prove that they suffered a real,
concrete injury directly linked to the defendant’s actions.
Information

DoD Privacy Program: DoD Instruction 5400.11 DoD Privacy and Civil
Liberties Program
• Section 1.2: Policy. Directs DoD Components to:
(1) Establish and maintain comprehensive privacy and civil liberties programs
that comply with applicable statutory, regulatory and policy requirements, and
develop and evaluate policies, and manage privacy risks;
(2) Comply with the Privacy Act (including its requirements concerning system
of records notices (SORNs)) and all executive orders, Intelligence Directives,
and other applicable guidance to DoD components conducting intelligence
activities;
Information

• DoD Privacy Program: DoD Instruction 5400.11 DoD Privacy and Civil
Liberties Program, Section 1.2: Policy. (cont.):
(3) Limit the creation, collection, use, processing storage, maintenance,
dissemination, and disclosure of PII maintained in a system of records to that
which is legally authorized, relevant, and reasonably deemed necessary to
accomplish a DoD function;
(4) Maintain records with PII per records retention or disposition schedules
approved by the National Archives and Records Administration;
Information

(5) Impose conditions, where appropriate, when sharing PII with other federal
and non-federal agencies or entities that govern the creation, collection, use,
processing, storage, maintenance, dissemination, disclosure, and disposal of
the PII, using written agreements when appropriate;
(6) Maintain procedures to receive, investigate, respond to and redress
complaints from individuals who allege that DoD has violated their privacy and
civil liberties;
Information

(7) In accordance with 42 USC Section 2000ee-1, prohibit reprisals or threats
against individuals filing complaints regarding privacy or civil liberties
violations.
Information

Liberties Program
• Section 5: DoD Rules of Conduct.
• 5.1 General. Provides overview of rules of conduct, and Privacy Act rules for
PII, for DoD personnel involved in designing, developing, operating or
maintaining a system of records containing PII. Requires training for DoD
and contractor personnel as to rules, procedures, and penalties for non-
compliance.
Information

Liberties Program
• Section 5: DoD Rules of Conduct. (cont.)
• 5.2 Fair Information Practice Principles (FIPPs). DoD components are
expected to consider the below FIPPS when evaluating information
systems, processes, programs and activities that affect individual
privacy.
•Access and Amendment – allow individuals to access PII to correct or
amend PII as appropriate
•Accountability – Hold personnel accountable for complying with
FIPPS measures and privacy requirements
Information

Liberties Program
expected to consider the below FIPPS when evaluating information systems,
processes, programs and activities that affect individual privacy.
• Authority – using PII only with the proper authority, and identify this
authority in the appropriate notice
• Minimization – using PII only when it is directly relevant and necessary to
accomplish a legally authorized purpose, and only maintain PII for as
long as is necessary to accomplish the purpose.
Information

Liberties Program
expected to consider the below FIPPS when evaluating information
systems, processes, programs and activities that affect individual privacy.
• Quality and Integrity – using PII in a manner to ensure fairness to the
individual
• Individual Participation - Involve the individual in the process of using PII
to the extent practicable; address privacy-related complaints/inquiries
Information

DoD Privacy Program: DoD Instruction 5400.11 DoD Privacy and Civil Liberties
Program
expected to consider the below FIPPS when evaluating information systems,
processes, programs and activities that affect individual privacy.
• Purpose Specification and Use Limitation – specify the purpose for which PII
is collected, and use only for that purpose.
• Security – establish PII safeguards that are commensurate with the risk to
PII
• Transparency – Be transparent about information policies and practices
Information

DoD Privacy Program: DoD 5400.11-R Department of Defense Privacy
Program - This document sets forth detailed definitions, guidance, and
procedures for the following areas of the DoD Privacy Program:
• Systems of Records
• Collecting Personal Information
Information

DoD Privacy Program: DoD 5400.11-R Department of Defense
Privacy Program (cont.). -
•Access by Individuals
•Disclosure of Personal Information to Other Agencies and Third Parties
•Exemptions (Access exemptions, General exemptions, specific exemptions)
•Publication and Training Requirements
•Reports and Inspections
•Privacy Act Violations
•Computer Matching Programs
Information

DoDM 5400.11, DoD Privacy and Civil Liberties Programs: Breach
Preparedness and Response Plan.
SECTION 7: PREPARING FOR A BREACH
• Assigns responsibilities and provides procedures for preparing for and
responding to known or suspected breaches of PII.
Information

Preparedness and Response Plan - SECTION 7: PREPARING FOR A BREACH
(cont.)
• Requires Contracting Officers to ensure that contracts will include terms
requiring, among other things: (1) contractors to cooperate with and
exchange information with DoD officials to effectively report and manage
a suspected or confirmed breach; (2) contractors and subcontractors (at
any tier) to properly safeguard and encrypt PII in accordance with OMB
Circular No. A-130 and other applicable policies and to comply with all
DoD-specific policies for protecting PII; and (3) regular training for
contractors and subcontractors (at any tier) on how to identify and report
a breach.
Information

Preparedness and Response Plan - SECTION 7: PREPARING FOR A
BREACH (cont.)
• Requires the inclusion, where appropriate, of numerous privacy
related FAR and DFARS clauses, such as (1) DFARS 252.204-7012,
Safeguarding Covered Defense Information and Cyber Incident
Reporting (December 2019), (2) DFARS 252.204-7008, Compliance
with Safeguarding Covered Defense Information Controls (October
2016), (3) FAR 52.224-1 Privacy Act Notification (April 1984), and (4)
FAR 52.224-2 Privacy Act (April 1984).
Information

• The DoD FOIA Program - In its FY 2024 FOIA report, DoD reported the
following statistics:
• 61,858 requests received, a 2.9 percent increase from FY 2023 (60,109)
• 57,662 requests processed, a 3.4 percent increase from FY 2023
(55,731)
• 21,436 backlogged requests, a 7.8 percent increase from the end of FY
2023 (19,882)
Information

• The DoD FOIA Program - In its FY 2024 FOIA report, DoD reported the following
statistics:
• 1105 appeals received, only three fewer than it received in FY 2023 (1108)
• 1105 appeals processed, a 12.8 percent decrease from FY 2023 (1247)
• 607 backlogged appeals, down 17.5 percent from the end of FY 2023 (736)
• Average responses time for processed perfected requests was 30.3 days for
simple requests and 199.7 days for complex requests
• $104.9 million in total processing and litigation-related costs, a 16.5 percent
increase from the $90 million in total costs incurred in FY 2023
Information

DoD FOIA Program: DoD Directive 5400.7 DoD Freedom of Information
Act Program
• Section 1.2. Policy. The DoD FOIA Program:
a. While remaining consistent with DoD’s responsibility to protect national
security and other sensitive information, promotes transparency and
accountability by:
1) Adopting a presumption in favor of disclosure in all release
decisions involving FOIA.
2) Responding Promptly to FOIA requests in a spirit of cooperation.
Information

DoD FOIA Program: DoD Directive 5400.7 DoD Freedom of Information
Act Program
• Section 1.2. Policy. The DoD FOIA Program (cont.):
b. In accordance with the procedures established by Part 286 of Title 32
Code of Federal Regulations and DoD Manual 5400.07, provides DoD
records requested by members of the public, unless those records are
exempt from disclosure in accordance with Section (b) of FOIA.
c. Works with Office of Government Information Services to resolve
disputes between requesters and DoD.
Information

DoD FOIA Program: DoD Manual 5400.7 DoD Freedom of Information
Act Program
• Adopts the policy that the public has a right to access agency records
concerning U.S. Government activities, and states that requests by
members of the public for agency records must not be withheld in whole
or in part unless FOIA exempts the record in whole or in part. Citing 32
C.F.R. Part 286.
Information

DoD FOIA Program: DoD Manual 5400.7 DoD Freedom of Information Act
Program (cont.)
• Provides access information for individuals seeking DoD records such as the
DoD FOIA Handbook
(http://open.defense.gov/Transparency/FOIA/FOIAHandbook.aspx ), and
addresses/contact particulars for FOIA Requester Service Centers (RSC), noting
they are available at the FOIA.gov Website,
http://www.foia.gov/reportmakerequest.html.
• Identifies the DoD Components having separate FOIA offices and separate
appellate authority, as well as Components that have their own programs but
use the appellate authority for the OSD/JS, and Components that do not have
their own programs but have their FOIA requests processed by OSD/JS.
Information

DoD FOIA Program: DoD Manual 5400.7 DoD Freedom of
Information Act Program
• Section 3.9. Relationship Between the FOIA and the Privacy Act.
Discusses those situations where requesters seek documents about
themselves in and/or outside a Privacy Act system, and how release
decisions can be made pursuant to the Privacy Act and/or FOIA.
Information

Act Program (cont.)
• Section 4. FOIA Libraries. Provides for establishment of certain DoD
Component records in FOIA libraries available online for public access.
Section 4.2 advises the DoD FOIA Program Components to consider
enhancing their FOIA libraries with search engines and document
categories to provide the public easier access.
Information

Program (cont.)
• Section 5.1. Exemptions. Discusses the nine FOIA exemptions and
DoD’s procedures for applying them. For more detailed explanations,
refers DoD Components to the Department of Justice Guide to the
Freedom of Information Act (http://www.usdoj.gov/oip/foiaguide.html).
In particular, section 5.2(d) discusses the commercial/financial
exemption, and states that when DoD Components receive FOIA
requests for information that could be protected by this exemption, they
will notify the submitter of the information in accordance with the
procedures in 32 CFR 286.10 (Confidential Commercial Information).
Information

Program (cont.)
• Section 6. FOIA Request Processing. Describes DoD’s procedures for tracking
and promptly acting on FOIA requests from private parties, local or state
government officials, foreign governments, and Congress. Section 6.2(b)
discusses the “unusual circumstances” (as defined by FOIA) that prevent DoD
from making a final determination within the 20-working day statutory time
limit. Section 6.3 discusses the reasons for denying a FOIA request, other than
exemptions, such as “not an agency record,” “records not reasonably described,”
and “litigation.”
Information

Program
5.2(d) Exemption 4. Pursuant to Section (b)(4) of the FOIA, certain non-
government financial information is exempt from disclosure.
(1)This exemption protects:
(a) Trade secrets; or
(b) Information that is: Commercial or financial; obtained from a person or
entity outside of the U.S. Government; and privileged or confidential.
Information

Program
5.2(d) Exemption 4. (cont.):
(2) Commercial or financial information that is voluntarily submitted to the U.S.
Government, absent any exercised authority prescribing criteria for submission,
may be categorically protected, provided it is not customarily disclosed to the
public by the submitter. Examples of exercised authorities prescribing criteria for
submission include statutes, Executive orders, regulations, invitations for bids,
requests for proposals, and contracts. DoD Components should analyze
submission of information pursuant to these authorities in accordance with Part
286 of Title 32, CFR.
Information

Act Program
5.2(d) Exemption 4. (cont.):
(3) Commercial or financial information that is not voluntarily provided to
the U.S. Government is considered “confidential” for Exemption 4 if its
disclosure is likely to: (a) Impair the U.S. Government’s ability to obtain
necessary information in the future (known as the “impairment prong”); (b)
Harm an identifiable private or governmental interest; or (c) Cause
substantial harm to the competitive position of the person providing the
information.
Information

Program
5.2(d) Exemption 4 (cont.):
(4) Examples of information that may be protected by Exemption 4 include:
(a) Commercial or financial information received in connection with loans,
bids, contracts, or proposals. (b) Statistical data and commercial or financial
information concerning contract performance, income, profits, losses, and
expenditures. (c) Personal statements given during inspections,
investigations, or audits.
Information

Program
5.2(d) Exemption 4 (cont.): (d) Financial data provided by private employers in
connection with locality wage surveys that are used to fix and adjust pay
schedules applicable to the prevailing wage rate of DoD employees. (e) Scientific
and manufacturing processes or developments concerning technical or scientific
data or other information submitted with applications for research grants or
with a report while research is in progress. (f) Technical or scientific data
developed by a contractor or subcontractor exclusively at private expense, or
developed in part with federal funds and in part at private expense[]. (g)
Information copyrighted pursuant to Section 106 of Title 17, U.S.C., if release of
copyrighted material otherwise meets the standards of Exemption 4.
Information

Program
5.2(d) Exemption 4 (cont.): (5) When the DoD Components receive FOIA
requests for information that could be protected by this exemption, they will
notify the submitter of the information in accordance with the procedures in
Subpart 286.10 of Title 32, CFR. (Confidential Commercial Information” The
DoD Component shall promptly provide written notice to the submitter of
confidential commercial information (specifying a reasonable time in which
to respond) whenever records containing such information are requested
under the FOIA if the DoD Component determines that it may be required to
disclose the records, provided:
Information

Act Program
5.2(d) Exemption 4 (cont.):
(i) The requested information has been designated in good faith by the
submitter as information considered protected from disclosure under
Exemption 4; or
(ii) The DoD Component has a reason to believe that the requested
information may be protected from disclosure under Exemption 4, but
has not yet determined whether the information is protected from
disclosure.
Information

DoD FOIA Program: Exemption 4 and Food Marketing v. Argus Leader
• In its 2019 decision in Food Marketing v. Argus Leader the Supreme
Court overturned the pre-existing “substantial competitive harm” test
for Exemption 4 purposes. See Exemption 4, Section 5.2(d)(3)(c)
above. In Argus, the Supreme Court held: "At least where commercial
or financial information is both customarily and actually treated as
private by its owner and provided to the government under an
assurance of privacy, the information is 'confidential' within the
meaning of Exemption 4." Food Mktg. Inst. v. Argus Leader Media, 139
S. Ct. 2356, 2366 (2019) (emphasis added).
Information

• This new test is not reflected in DoDM 5400.7 but has been determined by
the Department of Justice to consist of two conditions to determine if
information is "confidential” for purposes of Exemption 4. Those conditions
are:
 Whether the information is “customarily kept private, or at least closely
held, by the person imparting it.“ (this requirement must be met)
 Whether the “party receiving it provides some assurance that it will
remain secret." (this requirement might be deemed necessary)
Office of Information Policy | Exemption 4 after the Supreme Court's Ruling
in Food Marketing Institute v. Argus Leader Media
Information

THANK YOU For Attending!
QUESTIONS?
Please Contact Our Speaker:
SPEAKER: Karen Harbaugh
EMAIL: karen.harbaugh@squirepb.com

Please subscribe to our YouTube Channel
for Gov Con Content Uploads
including THESE WEBINARS!
https://www.youtube.com/@jenniferschaus/videos

Thank You For Attending!
The DFARS – 2025
The Defense Federal Acquisition Regulation
Supplement
A Complimentary Webinar Series

DFARS Part 224 - Protection Of Privacy And Freedom Of Information

More Related Content

Similar to DFARS Part 224 - Protection Of Privacy And Freedom Of Information

More from JSchaus & Associates

Recently uploaded

DFARS Part 224 - Protection Of Privacy And Freedom Of Information