(a) Contractor data repositories may be established when permitted by agency procedures. The contractual instrument establishing the data repository must require, as a minimum, the data repository management contractor to—

Ask a legal question, get an answer ASAP!
Click here to chat with a lawyer about your rights.

(1) Establish and maintain adequate procedures for protecting technical data delivered to or stored at the repository from unauthorized release or disclosure;

(2) Establish and maintain adequate procedures for controlling the release or disclosure of technical data from the repository to third parties consistent with the Government’s rights in such data;

(3) When required by the contracting officer, deliver data to the Government on paper or in other specified media;

(4) Be responsible for maintaining the currency of data delivered directly by Government contractors or subcontractors to the repository;

(5) Obtain use and non-disclosure agreements (see 227.7103-7) from all persons to whom government purpose rights data is released or disclosed; and

(6) Indemnify the Government from any liability to data owners or licensors resulting from, or as a consequence of, a release or disclosure of technical data made by the data repository contractor or its officers, employees, agents, or representatives.

(b) If the contractor is or will be the data repository manager, the contractor’s data management and distribution responsibilities must be identified in the contract or the contract must reference the agreement between the Government and the contractor that establishes those responsibilities.

(c) If the contractor is not and will not be the data repository manager, do not require a contractor or subcontractor to deliver technical data marked with limited rights legends to a data repository managed by another contractor unless the contractor or subcontractor who has asserted limited rights agrees to release the data to the repository or has authorized, in writing, the Government to do so.

(d) Repository procedures may provide for the acceptance, delivery, and subsequent distribution of technical data in storage media other than paper, including direct electronic exchange of data between two computers. The procedures must provide for the identification of any portions of the data provided with restrictive legends, when appropriate. The acceptance criteria must be consistent with the authorized delivery format.