Terms and Conditions
- Understanding what is or is not considered data is important to have a successful procurement.
- Consulting with legal counsel is the best way to ensure the procurement contains the proper amount of terms and conditions.
Key Question: Data rights come up in almost every Agile software development requirement, but what is or is not considered data and where is the information?
The answer to this question comes from FAR 27.401:
- “Data” means recorded information, regardless of form or the media on which it may be recorded.
- The term includes technical data and computer software.
- Recorded information: software and documentation, reports and analysis, books and articles, a video presentation, anything that’s recorded.
- "Data" does not include information incidental to contract administration, such as financial, administrative, cost or pricing or management information.
Key Question: Are there are different types of data, how can I tell them apart?
Custom data means it doesn’t already exist and we’re buying it now.
- The purpose of the acquisition is to have this created for us and could consist of new material, custom code, technical drawings or written outcome of professional services such as reports or analysis.
- A procurement may be a mix of different types of data separate data rights clauses will apply to each.
A procurement may include more than one type of data and could need more than one type of data rights.
- Micro-purchase of a few software licenses is all commercial data
- Large systems integration contract may involve all three types: commercial (e.g., COTS software); custom (enhancements); and Government-furnished (legacy data from prior contract)
- Custom data what the FAR defines as “data first produced in the performance of the contract”
- Written outcome of services: if your contract is for professional services, consulting services, or IT services, always make sure you understand what the output will be and how the Government will need to be able to use or re-use it later.
Example: Army awards T&M order under Schedule 70 for T&M services to customize some dental radiology software did not address the underlying software and the vendor sued for over $1M for licenses to the underlying software.
Pre-existing/Commercial data already exists and we’re buying it now.
- COTS software and documentation
- Vendor databases, reports
- Books, articles, video presentations
For commercial data, beware of “Terms And Conditions” such as license or services agreements (EULAs/TOS/CSAs) which may override the contract. They may also include restrictive terms (e.g., internal use, derivative works, transferability), illegal terms (e.g., indemnities, auto-renewals, disputes). There are special cases for SaaS, PaaS, cloud, etc. because we are buying a service (access) rather than data, but they also come with Ts and Cs, so many of the same considerations apply.
Always check your order of precedence!
Government furnished means it already exists but it's not what we are buying now.
- Content: e.g., Government-generated information that will populate the system we are procuring
- GOTS (Government Off The Shelf): previously developed by or for the Government and Government has full rights
we’re not buying it now because another agency bought it earlier
- No FAR clauses BUT it’s a good idea to create custom clauses to address ownership and custody.
- "Nothing shall be deemed to grant Contractor any right or title to Government Data, unless expressly specified within the contract.”
- “The Contractor shall return all such Government Data to the Contracting Officer by Project End Date or such other date as may be specifically directed by the Contracting Officer in writing.”
Contract to build/enhance a system which is populated with data that is not provided by this contractor but generated by the Government or other parties. E.g.: SAM, FPDS.
- The system is a combination of custom and commercial, but the content within it is neither of those and for purposes of our contract, it’s Government-furnished.
Reprocurement of a SaaS solution built on COTS and customized under a previous contract.
- The new solicitation said the government owns customizations but does not own COTS software.
- The vendor objected because the previous contract stated the government owns the data populating the system (Government-furnished) and “interface extensions” (custom).
- Government does not own COTS software or “functional extensions” (customizations) but has a license to them during the term of the SaaS subscription, which expires at the end of previous contract which resulted in the government paying to renew the license under the new contract.
Government Data Rights
Key Question: If the government pays for the data that means the government owns the data--correct?
No. Most Agile software development buys are protected by copyright law and trade secret law, less commonly by patent law.
Under copyright law, 17 U.S.C. §101 et seq., the author of a “work” owns it from the moment of creation, unless the author licenses some or all of its rights or transfers (assigns) the entire copyright.
- If the author is a contractor, the contractor initially owns the work.
- This is a feature, not a bug. Art. 1, sect. 8, cl. 8 of the U.S. Constitution empowers Congress “to promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writings and discoveries.”
- Copyrightable works are tangible expressions (literary, pictorial, etc.) – not facts or ideas.
- The government cannot own copyright in works created by its employees as part of their job (“government works”) but it can have a copyright assigned to it, e.g., by a contractor.
- FAR and DFARS data rights clauses are pre-negotiated copyright licenses meaning the license is permission to use. We “hold” licenses but we don’t “own” them.
There are different types of 'rights" that could impact a contract.
Means the rights of the Government to use, disclose, reproduce, prepare derivative works, distribute copies to the public, perform publicly and display publicly, in any manner and for any purpose, and to have or permit others to do so.
52.227-14(b)(2): Contractor retains residual rights equal to or broader than the Government’s “unlimited rights”
52.227-14(c)(1)(iii): For software, the Government’s “unlimited rights” do not include the right to distribute copies to the public
- are not ownership
- are often sufficient for most Government purposes
Limited and Restricted Rights Data
Limited rights data means data, other than computer software, that embody trade secrets or are commercial or financial and confidential or privileged, to the extent that such data pertain to items, components, or processes developed at private expense, including minor modifications.
Restricted computer software means computer software developed at private expense and that is a trade secret, is commercial or financial and confidential or privileged, or is copyrighted computer software, including minor modifications of the computer software.
FAR 27.401; 52.227-14(a)
Open Source and Public Domain
Open source software is commercial software with a license (permission) for anyone to change and distribute the source code. Public domain generally refers to works that are not owned by anyone and therefore are not protected by copyright because they are created by Federal employees as part of their job.
Key Question: Generally speaking, how does privacy and disclosure apply to Agile software development?
Agile software development must adhere to existing privacy and disclosure statutory and regulatory requirements.
FAR 1.602-1(b) provides that no contract shall be entered into unless the Contracting Officer ensures that all requirements of law, executive orders, regulations, and all other applicable procedures, including clearances and approvals, have been met. A contract utilizing an Agile software development methodology is no different and must comply with the law. Furthermore, the proper use of such methodology should not increase the risk of privacy issues.
Part 24 of the FAR implements the provisions of the Privacy Act. Contractors and their employees who contract for the design, development, operation, or maintenance of a system of records on individuals, on behalf of the agency to accomplish an agency function, are subject to the civil and criminal provisions of the Privacy Act. Pursuant to FAR 24.103(b)(1), the Contracting Officer will ensure that the contract work statement specifically identifies the system of records on individuals and the design, development, or operation work to be performed. Procurement actions involving the design, development or operation of a system of records as defined by the Privacy Act will contain the Privacy Act Notification and a clause entitled “PRIVACY ACT,” both of which are at FAR 52.224-1 and FAR 52.224-2, respectively.
Additionally, FAR 39.106 states that FAR 52.239-1, Privacy or Security Safeguards or other similar language, is to be included in all procurement actions for information technology which require security of information technology, and/or are for the design, development, or operation of a system of records using Commercial information technology services or support services.