Video — confidential business information
This video is a general overview on the framework for protecting CBI under AICIS. Learn about what we publish and what you can have protected from publication, and how.
Note: To watch this video in full screen, click on the arrows icon in the bottom right hand corner of the video.
We recommend viewing this page using the latest version of Chrome, Edge, Firefox, Safari or Internet Explorer 11.
If you have trouble hearing the video, watch the video in full screen by clicking on the arrows icon in the bottom right hand corner of the video. If you continue to have issues, contact us.
This video was originally published by NICNAS between April to June 2020 and contains references to the old scheme. We are currently working on updating this video.
This video will provide a general overview on the framework for protecting confidential business information (CBI) under the new industrial chemicals regulatory scheme.
First we’ll talk about what we’ll be publishing under the new scheme, then what you can have protected from publication, and how.
We’ll talk about how that protection, once approved, will be reviewed. Then finally we’ll talk about the limited circumstances in which we can – and might have to – disclose protected CBI.
Before that, though, let’s have a quick look at the overall aims of the new framework for how we treat commercially sensitive information, and how this will change from the old scheme (NICNAS) to the new scheme (AICIS).
In the new scheme we’re aiming to re-balance our treatment of information, so that we publish more information about the risks associated with the introduction and use of industrial chemicals, and less information about the people and businesses introducing and using them. We want to protect information that contains commercial or business details that don’t contribute to the protection of human health or the environment, and publish more meaningful information about chemical risk.
When it comes to the information that does contribute to protecting human health and/or the environment, we want to make that information more accessible. We’ll be doing that through publishing assessment statements and evaluation statements, which will be linked to Listings on our Inventory, which will have all its listings in one place. (There’s a whole separate presentation where you can find more detail about the Inventory in the new scheme).
In keeping with a new scheme that aims for a more risk-proportionate regulatory effort, we are also aiming for a risk-proportionate approach to the disclosure of information.
Now let’s start with ‘What We Publish’ – that is, what kinds of information you can expect us to make publicly available (mainly through our website), under the new scheme.
The next few slides will tell you about information that we will ‘routinely’ publish under AICIS. This generally refers to information that we’re obliged to publish as a legislative requirement under the Industrial Chemicals Act. So, in certain situations, we know that we’re going to be publishing certain information each time.
When you’ve got an introduction of a chemical in the Assessed category, you have to apply to AICIS for us to do a risk assessment before you can introduce. Once we’ve completed our assessment, you’ll get an assessment certificate, and we’ll publish on our website an assessment statement. Each assessment statement will include the chemical’s identity, its end use, a summary of any risks associated with its introduction and use, and any recommendations we consider necessary to manage that risk.
You’ll notice on this slide that ‘chemical identity’ and ‘end use’ are in blue text. That’s because these 2 pieces of information have their own special pathways for protection under our new CBI framework. We’ll come to the details of that later in this presentation.
Unlike NICNAS’s assessment reports, AICIS’s assessment statements will not contain any details about the introducer, and will be a summary of our assessment, generally without the details of the individual studies or data that were given to us for assessment.
When the chemical is listed on the Inventory (5 years after the assessment certificate is given, or earlier by application), the Inventory listing will include a link to the assessment statement (this is a new thing that NICNAS didn’t do). This will provide direct access on the Inventory to information about any post-assessment obligations for introducers of that chemical.
The other thing to note at this point is that the Assessed category under AICIS is quite a bit narrower, and will cover fewer chemical introductions, that what had to be notified and assessed under NICNAS. In the new scheme, only medium and high risk introductions need to be assessed before introduction, which means that the publication of information in assessment statements will also be limited to higher risk introductions.
We will also publish information when we grant a Commercial Evaluation Authorisation. On our website, once again, we will publish the chemical identity and its end use, and this information will remain public for the period of the authorisation. The legislation doesn’t give us a set reporting format; we just have to publish those details.
We won’t publish any details about the introducer; and just like commercial evaluation permits under NICNAS, a commercial evaluation authorisation under AICIS won’t lead to Inventory listing, so there’s no publication requirement there.
Another introduction category that can lead to publication is for introducers in the Reported category. If you’re introducing in the Reported category, you’ll have to give AICIS a pre-introduction report. We will only be publishing information about a certain kind of Reported introduction: they’re called ‘internationally assessed’ and this is where you have an introduction that is medium or high risk, but you’re allowed to introduce it without pre-introduction assessment by AICIS if you’ve got a risk assessment from an international body that’s on our list of trusted international risk assessors.
Because these are higher risk introductions compared to the rest of the Reported category, we will publish information about them. We’ll publish the chemical identity and its end use, and the name of the international body that did the risk assessment you’re relying on.
Again, we won’t be publishing details about the introducer. And the information we do publish won’t end up linked to any Inventory listing, because Reported introductions do not end up on the Inventory.
Our Inventory is our most extensive source of public information on industrial chemicals. It is made of listings, and the legislation tells us what we need to include in each listing – also known as the ‘terms’ of the listing.
Terms of each Inventory listing include, first and most obviously, its chemical identity.
If AICIS has assessed the chemical, then the listing will include any ‘defined scope of assessment’, which is essentially the parameters of the risk assessment we’ve done. The defined scope of assessment can include information about the chemical’s end use.
Inventory listings won’t include any details about introducers of the chemical.
Listings will include a link to any assessment statement or evaluation statement AICIS has published in relation to that chemical, and those statements will include the end use of the chemical as it was assessed.
Another activity that AICIS will do, that will lead to publication of information about IC introductions, is Evaluation. Evaluation is AICIS’s way of assessing chemicals on its own initiative, and there’s a whole separate presentation on Evaluations. When it comes to publishing information, we’re obliged to publish an evaluation statement, which can include similar details to what you’d find in an assessment statement – chemical identity, end use, risks associated with that chemical’s introduction and use, and any recommendations we think are needed to manage identified risk.
Evaluation statements won’t contain details about individual introducers.
As mentioned in the previous slide, Inventory listings will include links to any Evaluation statement we publish in relation to that chemical.
So those are the situations where we have to publish information because the legislation says so. And in those situations we’ve just covered, the main pieces of information you might want protected as confidential business information, or CBI, are chemical identity and end use – and the details of how you can get those protected is what we’ll come to in a moment.
However, there are other situations where we might want to publish information, that might include details about chemical introductions besides chemical identity and end use. For example, under our legislative objective to provide information about managing risks arising from the introduction and use of ICs, we might publish fact sheets or other kinds of reports about ICs in Australia.
Additionally, assessment statements and evaluation statements, as well as containing chemical identity and end use, may also include other commercially sensitive information, such as details of introduction volumes and end use concentrations. We’d be particularly inclined to publish such information if we think it’s necessary to communicate in relation to risks associated with the introduction.
Having gone through the different situations and ways that we will or might be publishing information under AICIS, let’s now look at how you can apply to have your commercially sensitive information protected from public view.
If you have seen the presentation called ‘NICNAS to AICIS’, you will hopefully recall that there are some things that won’t change much, and some things that will be quite different in the new scheme. Well, the protection of confidential business information is one area that’s changing quite substantially in the new scheme.
AICIS will have 2 different pathways to get CBI protection for your commercial information.
On the left half of this slide is what we’ll call ‘routine CBI’, which refers to the kind of information that we’ll routinely want to publish, as per the previous slides, and that introducers will most often want to have protected. Specifically, this pathway is for protection of chemical identity and end use information, in situations where AICIS would otherwise be publishing it under legislative requirements.
If you think back to the previous few slides, they described situations where an introducer has applied for something, or given us a report, for their introduction. So the publication of CBI is related to these other processes – to applications for assessment certificates or authorisations, applications to vary a certificate or authorisation, applications to vary the Inventory, or pre-introduction reports.
In these situations, we have specific means of protecting that information. We won’t hide it away completely. What we can do is create a generalised, or masked, version of that information, which we’ll publish instead. So, for chemical identity, we can create an AICIS Approved Chemical Name (an AACN), and publish that instead of the full chemical name. For end use, we can create a Generalised End Use (a GEU) and publish that instead of the full details of your end use.
The pathway to get an AACN or a GEU, generally requires an application for CBI protection at the same time as the related application or report – that is, AICIS has to receive the CBI application at the same we receive, say, the assessment certificate application, or the pre-introduction report.
Turning now to the right half of the slide, there’s a separate pathway for CBI protection of other information. This can be just about any kind information you might give to AICIS. It’s for situations where AICIS doesn’t have to publish the information, but we might decide we need to in order to protect human health or the environment. So rather than having you make a CBI application when you give us the information, you can just ‘flag’ the information as being of a confidential nature, and then if we think that we might want to publish it, then we’ll send you a notice that will invite you to apply for CBI protection. If we approve such an application, you can get an AACN or a GEU if you’re protecting chemical identity or end use; or, if it’s information of another kind, then the outcome is that we simply won’t publish it.
Here’s some initial detail on what a CBI application, made in conjunction with a ‘related application’ (such as an assessment certificate) will involve. There’s plenty more details in guidance on our website.
One important point to note first is that you don’t have to be an introducer to apply for CBI. An introducer CAN apply for CBI, and so can other people who have a commercial interest in the information, such as a supplier. You do, though, have to co-ordinate your efforts so that, for example, any CBI application gets made at the same time as the related assessment certificate application – our IT system will help you with this.
When it comes to the content of the application, this is where things get more familiar, more similar to the way NICNAS does things. The new scheme retains the same ‘statutory test’ for approving CBI. This is the test that balances any commercial prejudice that might come about were the information published, with any public interest in its publication. You have to give us evidence and reasons demonstrating the commercial prejudice you are likely to suffer should we disclose the chemical’s full name or end use, and you may also give us reasons and evidence as to why this outweighs any public interest in its disclosure.
Once we receive a CBI application, we can consult with ‘prescribed bodies’ – these are risk manager agencies that are listed in our Rules – to get their advice on whether and how much disclosure is needed in order for them to effectively manage any risks associated with that introduction and use.
If your CBI application is approved, then you will get either an AACN or a GEU, which will essentially mask, or provide a generalised version of, the chemical identity or end use. The statutory test is designed to ensure that the level of masking is proportionate to the risk profile of the introduction.
If you have approval for an AACN or a GEU, this will be reviewed every 5 years, and we’ll come to more detail on CBI review a little bit later.
Now here’s some more detail on the ‘other’ pathway, for flagging ‘other’ CBI. If you’re giving information to AICIS, on anything, at any time, from anywhere, you can ‘flag’ it as information that you’d want to think about protecting if we decided we might want to publish it.
So this is for any situation other than the ones we’ve just been through. It could be, say, an assessment certificate application, with the information other than identity and end use. It could be if you respond to a ‘call for information’ with details about your use of a chemical. It could be if you give us information when we ask for it as part of an audit, or some other monitoring or enforcement activity.
The main requirement is that you flag the information ‘at the same time as the information is given’ to AICIS – those words are direct from the legislation. But let’s be clear: you’re most certainly NOT making a CBI application at that point. We haven’t even thought about publishing it, so no-one needs to think about its confidentiality just yet.
However, if that day comes that we think, actually, this is information that is worth publishing in order to protect human health or the environment, then first we have to send you a notice, saying as much, and giving you time to apply for CBI protection if you want to.
If you don’t want to, then after the deadline passes (at least 20 working days), we’ll go ahead and publish. If you do put in a CBI application, then we don’t publish anything until the application has been finalised.
If your application is approved, then you can get an AACN or GEU if it’s identity or end use you’re protecting; or if it’s other kinds of information, then we simply can’t publish it at all. For those other kinds of information that we don’t publish at all, we also won’t be reviewing the CBI protection later on, as we do for AACNs and GEUs.
CBI Review is something that we’ve mentioned a few times now. Let’s see more about what that is and how it happens.
The central point is that CBI protection of chemical identity or end use is never forever; it will get re-examined at regular intervals.
As per the previous slide though, if you have CBI protection of ‘other’ information, other than identity or end use, then that protection isn’t going to reviewed in the future. It’s AACNs and GEUs that get reviewed, at least every 5 years.
In our new framework, a CBI approval will last for a maximum of 5 years, before needing to be reviewed. It might also need to reviewed earlier than that, if we do an evaluation that concludes CBI review is necessary, in light of identified risks associated with the chemical’s introduction or use.
When we do a CBI review, we send notices to a few different people. Each of these people, by dint of getting that notice, acquires the right to apply for continued CBI protection. Those people include:
- all the holders of the original CBI approval
- someone that a CBI approval holder told us should be receiving this notice
- any introducer who’s made a genuine enquiry about a CBI-protected listing on our Inventory
- any holder of another certificate, authorisation or evaluation statement that includes this AACN or GEU
- and any holders of other CBI approvals in relation to the same chemical.
Any of these people can make an application for continued CBI protection; or none of them can, in which case the approval lapses and we publish the full details.
If you get a CBI review notice, and you apply for continued CBI protection, you’ll need to give us reasons and evidence as to why your commercial harm continues to outweigh the public interest in disclosure of the chemical’s full name or end use.
When deciding an application, we’ll be focusing on changes since the approval or last review was done, so we don’t necessarily have to go over everything we did last time. We’ll be looking at how the balance might have changed, whether your potential commercial prejudice may have lessened – for example, now that the chemical’s been in use for 5 years, more people know about it, or competitors have already joined the field – or the public interest in disclosure may have heightened – for example, there may be increasing public concern around a class of chemicals that includes this one.
All along, we’ve been talking about protecting CBI by publishing a different version, or by not publishing it at all. That is, once CBI is approved, we don’t disclose the original information.
However, it’s important to note that there are circumstances where we can, and sometimes must, disclose that information. We’ll go over those circumstances now.
Trust us, we’re from the government. No really – under our legislation, AICIS officers are called ‘entrusted persons’. Whether or not you think that’s a fair description, it does have consequences for our behaviour around protected confidential business information.
AICIS officers, being ‘entrusted persons’, can’t disclose protected information – because if they do, it’s an offence.
This means we can’t disclose any chemical name, or details about an end use, or ‘other’ information, that’s been approved for CBI protection.
We also can’t disclose any information that’s been ‘flagged’ for possible future CBI application, even though it hasn’t been through a CBI approval process yet.
Like everything, there are exceptions to these rules. There are situations where we will disclose CBI, but only as authorised by our legislation, or by another Commonwealth law.
What are these situations? Excellent question.
We can disclose CBI while exercising powers, functions or duties under our legislation. For example, if we have to consult with a risk manager agency about an application, for example to get their advice on whether a risk can be managed, we can disclose CBI if necessary to get that advice.
We can disclose CBI to certain other bodies to assist them in exercising their powers, functions or duties. These bodies are specified in our Rules, and they are other Commonwealth entities, State and Territory agencies with responsibility for public health, the environment, or worker health and safety. It also includes certain international bodies, namely the European Chemical Agency, and the bodies responsible for protecting public health and the environment from the risks of ICs in Canada, New Zealand and the United States.
To protect CBI as far as possible, the provisions in our legislation that create offences for officers who disclose CBI, will transfer across to anyone to whom we disclose CBI. So, if we disclose CBI to an officer at another agency, and they disclose it in an unauthorised way, they will commit an offence under our legislation.
Here are the rest of the circumstances in which we can, or in some cases must, disclose CBI.
If an introducer genuinely wants to introduce a chemical and can’t find it on our Inventory, they can ask us whether it’s on there with CBI protection (which stops them from finding it through a search of publicly available information). If the chemical is on our Inventory, we can tell them that, and we can disclose CBI if that’s necessary for their safe introduction and use.
We can disclose CBI for the purpose of law enforcement, and to a court or tribunal if required.
The ED can disclose CBI if it’s necessary to reduce a serious risk to public health or the environment.
And finally, we can disclose CBI it it’s become publicly available, or to the person it came from or to whom it relates, or with the consent of the person who gave it to us in the first place.
That might seem like a lot of opportunities for disclosure, but that is the complete list.
That you for your attention. We hope this has helped you understand the new scheme, and how we’re going to get there. For further information, including guidance material and links to our legislation, please visit our website.