DBE Program Regulations: Confidentiality of Information

DOT has released Official FAQs on DBE Program Regulations. These questions and answers provide guidance and information for compliance with the provisions under 49 CFR part 26. Like all guidance material, these questions and answers are not, in themselves, legally binding or mandatory, and do not constitute regulations.

How should a recipient respond to a request, under a state freedom of information or open records law, for confidential business information submitted by a DBE? Section 26.67.26.109(a)(2)

  • Particularly in the certification process, firms provide recipients with much financial and other information that applicants may wish to safeguard from disclosure.
  • 109((a)(2) directs recipients, as a general matter, to “safeguard from disclosure to unauthorized persons information that may reasonably be considered to be confidential business information, consistent with Federal, state, and local law.”
  • 67(a)(2)(ii) provides that, with respect to personal financial information submitted in response to the personal net worth statement requirement of 26.67, part 26 specifically intends to pre-empt disclosure under state law. Recipients may not release these records to a third party (other than DOT in some circumstances) without the consent of the submitter.
  • In summary, the effects of part 26 on disclosure of information submitted by applicants for certification and DBEs are the following:
  • Notwithstanding any contrary provision of state law, recipients are prohibited from releasing personal financial information submitted in response to the personal net worth statement requirement of 26.67(a)(2).
  • With respect to other information, the recipient must comply with a state freedom of information or open records law, even if it results in the disclosure of confidential business information about DBEs and applicants.
  • It should be noted that such laws themselves often contain exceptions for certain kinds of confidential business information. Recipients should use such exceptions to the fullest extent permitted by state law to protect from disclosure confidential business information submitted by DBEs or applicants for certification.
  • The Federal Freedom of Information Act and Privacy Act apply only with respect to records in the possession of DOT and other Federal agencies (see 26.109(a)(1)), not records in the possession of state or local government agencies who receive Federal financial assistance.
  • If any provision of Federal law prohibits recipients from disclosing certain records in their possession, then that law would control.

Are recipients and UCP required to keep confidential documents or communications produced in the course of a certification proceeding? Section 26.67, 26.109(a)(2) and 23.11

  • Under the DOT DBE regulation, a recipient or UCP is prohibited from disclosing to any third party, without the submitter’s written consent, a personal net worth statement or supporting documentation. Recipients and UCPs are likewise prohibited from disclosing confidential business information, including applications for DBE certification and supporting information.
  • These prohibitions apply even in the face of a request under a state freedom of information or open records law.
  • In the course of reviewing an application or otherwise considering the eligibility of a firm, the recipient or UCP and its staff may produce documents (e.g., memoranda, evaluations, records, notes, other working papers) that reproduce or refer to the information subject to the disclosure prohibitions of the DOT rule.
  • Any information found in these “work product” documents that reproduces, refers to, or cites information required to be kept confidential by DOT rules is likewise protected from disclosure.
  • In some cases, it could be possible for a recipient or UCP to carefully redact a document so that all references or citations to protected information were blacked out prior to the release of the documents. In other cases, references to protected information may be so pervasive in the document that the entire document cannot be released.
  • Personal information, including PNW or confidential business information that is submitted to a UCP or recipient for DBE program purposes, is protected from disclosure, even if it is simultaneously submitted to the UCP or recipient for another purpose, such as certification in a local minority or women’s business program. The information does not lose its character as protected information under the DBE rules just because it may also be used for another purpose.