Recent Additions | Contact Us Search: All EPA This Area

• You are here: EPA Home
• Chemical Safety and Pollution Prevention
• Pollution Prevention & Toxics
• Chemical Data Reporting/Inventory Update Reporting
• Frequently Asked Questions (FAQs): 2012 Chemical Data Reporting

Frequently Asked Questions
2012 Chemical Data Reporting

Asserting Confidentiality Claims and Certification Statements

31. General

31.1. What are the restrictions on submitting confidential information under the 2012 CDR?

Information submitted under CDR may be claimed as confidential at the time the Form U is submitted. Submitters must provide upfront substantiation of confidentiality claims for processing and use information as well as for confidentiality claims for site or chemical identity. Confidentiality claims for data elements identified as “not known or reasonably ascertainable by” are not allowed (40 CFR 711.30(b).

31.2. What must generally be considered in making a claim of confidentiality under TSCA?

EPA’s procedures for processing and reviewing confidentiality claims are set forth at 40 CFR part 2, subpart B and 40 CFR 711.30. When claiming information confidential, a submitter must ensure that the information meets the regulatory criteria found at 40 CFR 2.208. Under this regulation, business information is entitled to confidential treatment if:

1. The business has asserted a business confidentiality claim which has not expired by its terms, nor been waived, nor withdrawn;
2. The business has satisfactorily shown that it has taken reasonable measures to protect the confidentiality of the information and that it intends to continue to take such measures;
3. The information is not, and has not been, reasonably obtainable without the business’s consent by other persons (other than governmental bodies) by use of legitimate means (other than discovery based on a showing of special need in a judicial or quasi-judicial proceeding);
4. No statute specifically requires disclosure of the information; and,
5. Either

   1) The business has satisfactorily shown that disclosure of the information is likely to cause substantial harm to the business’s competitive position, or
   2) The information is voluntarily submitted information and its disclosure would be likely to impair the Government’s ability to obtain necessary information in the future.

Additional requirements apply when processing and use information, or the identity of a chemical substance or the site of its manufacture is claimed to be confidential (See 40 CFR711.30).

31.3. How does a submitter make CBI claims and provide the required substantiation in e-CDRweb?

As with past IUR reporting, CBI claims are made for the 2012 CDR by checking a box next to the data element. For those data elements that require upfront substantiation, checking the CBI box automatically triggers the substantiation questions. The answers must be complete and specific to the chemical substance in question.

31.4. Did the Agency install a warning system in the reporting tool to remind submitters to complete required substantiation before submitting Form U?

Yes. The e-CDRweb reporting tool is designed to protect against a company not providing an upfront substantiation when required. When a CBI claim is made and substantiation is required, the reporting tool will open the substantiation question page. Should the submitter choose not to complete the substantiation at that time, or to only partially complete it, the validation portion of the reporting tool will again alert the submitter to the need for substantiation. The tool also includes warnings that information with unsubstantiated CBI claims will be released without further notice to the submitter. See 40 CFR 711.30(e).

31.5. Can information that is “not known or reasonably ascertainable” be claimed as confidential?

No. Entries designated as “not known or reasonably ascertainable” (i.e., “NKRA”) may no longer be claimed as confidential. 40 CFR 711.30(a).

31.6. What are the situations during which the Agency will release CDR information claimed as CBI without further notice to the submitter?

The first situation is the circumstance that a CBI claim is made for the identity of a chemical substance already listed on the non-confidential portion of the Master Inventory File. Any such CBI claims are invalid.

The second is the circumstance that a Form U lacks the certification required under 40 CFR 711.15(b)(1) which requires a certification stating that the submitted information has been completed in compliance with the requirements of this part and that the confidentiality claims made on the Form U are true and correct. The certification must be signed and dated by the authorized official for the submitter company, and provide that person’s name, official title, and e-mail address. Consistent with this regulatory provision, the e-CDRweb reporting tool is designed to entirely block the submission of a Form U lacking an appropriate certification.

The third is the circumstance that a particular CBI claim is not accompanied by the upfront substantiation required under 40 CFR 711.30(b),(c),or (d) (e.g., upfront substantiation of processing and use information).

31.7. Does the Agency contact submitters after it determines the data is non-CBI and releases it as public information?

As described above in answer G.1.6., CBI claims made under the CDR rule must comply with certain procedural provisions in order to be recognized, and if the procedures for asserting a claim are not followed the information may be disclosed without further notification to the submitter. Information properly claimed as confidential may only be declassified pursuant to specific regulatory provisions. EPA has long established procedures for the protection of properly asserted CBI claims and also the review of these claims. Regarding those instances where a substantiation is required for a CBI claim but EPA concluded that it was insufficient, the Agency has procedures in place in 40 CFR part 2, subpart B that provide for notification to the submitter prior to disclosure.

31.8. How will the confidentiality of CDR data submitted electronically to EPA be maintained?

EPA has taken great care to assure the confidentiality of information being transmitted electronically. Data sent through the Internet are double encrypted – first by the eCDR reporting tool, and second by the transmission method. The eCDR reporting tool uses a Federal Information Processing Standards (FIPS) compliant encryption module, the government standard for encryption. Once a file is encrypted by the eCDR reporting tool, only authorized EPA staff can decrypt the file. Because of this, the CDR reporting tool contains several warnings for a submitter to save the file before encrypting it; once the file is encrypted, a submitter will not be able to decrypt the file. During transmission through the Internet to EPA’s Central Data Exchange (CDX), the file is again encrypted using open Secure Socket Layer (SSL) (FIPS 140 certified). This second layer of encryption protects the information while it is being transmitted from the submitter’s desktop to EPA. Once received by EPA’s CDX, the SSL second encryption is removed, but the initial encryption remains. The file is then transmitted from CDX to EPA’s data repository for CDR information. The file remains encrypted until it is received into the CDR data repository, a protected database that exists inside EPA firewalls, at which point it is decrypted by authorized EPA staff.

Top of page

 

Local Navigation

• CDR/IUR Home
• Basic Information
• Frequently Asked Questions
• CDR/IUR Data
• About Submissions
• Confidentiality
• Resources
• Petitions for Partial Exemption

• EPA Home
• Privacy and Security Notice
• Contact Us