Voglio sapere a riguardo di…

Federal Register / Vol. 86, No. 27 / Thursday, February 11, 2021 / Rules and Regulations
khammond on DSKJM1Z7X2PROD with RULES

unauthorized access to or dissemination of confidential information using a reasonable standard of care, but no less than the same degree of security that the recipient uses to protect its own confidential information or similarly sensitive information.177 In addition, the proposed rule stated that the MLC
and DLC shall each implement and enforce reasonable policies governing the confidentiality of its records.178
The MLC and DLC retained this aspect of the proposed rule in their suggested regulatory text.179 CISAC &
BIEM maintain that the reasonable standard of care requirement is vague and does not constitute a sufficient commitment. 180 As the reasonable standard of care is commonly used in U.S. jurisprudence, and in light of a similar provision governing obligations of SoundExchange, the collective designated to administer the section 114
license, this aspect of the proposed rule is retained without modification.181
The NPRM also sought public comment on whether the regulations should address instances of inadvertent unauthorized disclosure.182 The MLC
contends that the circumstances of such inadvertent disclosures, and the consequences of such disclosure are fact-specific and that it should be afforded flexibility to establish its own policies to permit the MLC to assess the facts and circumstances giving rise to the inadvertent disclosure and determine the most appropriate way to address and remedy such disclosure. 183 Similarly, the DLC
maintains that instances of inadvertent disclosure should be addressed on a case-by-case basis. 184 In light of these 177 85 FR at 22565; see 37 CFR 380.5d SoundExchange and any person authorized to receive Confidential Information from SoundExchange must implement procedures to safeguard against unauthorized access to or dissemination of Confidential Information using a reasonable standard of care, but no less than the same degree of security that the recipient uses to protect its own Confidential Information or similarly sensitive information..
178 85 FR at 22565.
179 See MLC NPRM Comment App. at v; DLC
NPRM Comment Add. at A4.
180 CISAC & BIEM NPRM Comment at 3.
181 See 37 CFR 380.5d The Collective and any person authorized to receive Confidential Information from the Collective must implement procedures to safeguard against unauthorized access to or dissemination of Confidential Information using a reasonable standard of care, but no less than the same degree of security that the recipient uses to protect its own Confidential Information or similarly sensitive information.;
id. at 380.24e similar; id. at 380.34e similar.
182 85 FR at 22566.
183 MLC NPRM Comment at 21.
184 DLC NPRM Comment at 8.

VerDate Sep<11>2014

15:43 Feb 10, 2021

Jkt 253001

comments, the interim rule does not address inadvertent disclosures.
D. Maintenance of Records The proposed rule also provided that any written confidentiality agreements relating to the use or disclosure of confidential information must be maintained and stored by the relevant parties for at least the same amount of time that certain digital music providers are required to maintain records of use pursuant to 17 U.S.C. 115d4Aiv.
At the time of the NPRM, a separate rulemaking proposed a five-year retention period for such records; the Office subsequently adopted a sevenyear period in response to public comments in that proceeding.185
ARM generally supported this aspect of the proposed rule, but suggested an adjustment to require retention for a defined retention period of five years after disclosures cease to be made pursuant to the agreements. 186 ARM
suggests that any confidentiality agreements should be retained until some years after disclosures cease to be made pursuant to it such as when an employment relationship ends or the agreement is replaced by a new agreement. 187 The Office has adopted ARMs suggestion to tie retention requirements of confidentiality agreements to their dates of effectiveness in order to ensure they are retained for an appropriate period of time. The Office has also extended the retention period for two additional years, similar to records requirements imposed on digital music providers.
Accordingly, the interim rule states that any written confidentiality agreements relating to the use or disclosure of confidential information must be maintained and stored by the relevant parties until at least seven years after disclosures cease to be made pursuant to them.
E. Confidentiality Designations The proposed rule did not impose a requirement that confidential information must bear a designation of confidentiality, although the Office noted that the MLC or DLC could presumably impose such a requirement in their own policies.188 No commenters responded to this aspect of the proposed rule, and so the interim rule does not impose a designation of confidentiality requirement.
185 See 37 CFR 210.27m generally requiring digital music providers to retain relevant records for seven years.
186 ARM NPRM Comment at 89, 14.
187 Id. at 9.
188 85 FR at 22565.

PO 00000

Frm 00025

Fmt 4700

Sfmt 4700

9017

Relatedly, the Office asked in the NPRM whether, in addition to a category of Confidential Information, the regulations should provide for a Highly Confidential Information category to provide an additional layer of protection for certain documents and information.189 Neither the MLC nor DLC believe a heightened category of highly confidential information is necessary,190 and ARM does not have strong views as long as the regulations prohibit MLC board and committee members and companies that employ MLC and DLC board members from accessing confidential information of third-party companies including recorded music companies.191 Given these comments, and as noted above because the interim rule precludes the MLC from disclosing sensitive data concerning agreements between sound recording companies and digital music providers to members of the MLCs board of directors or committees or the digital licensee coordinators board of directors or committees, the interim rule does not include a heightened category of Highly Confidential Information.
F. Nondisclosure Agreements The MLC and DLC disagree as to whether DLC representatives on the MLCs board of directors or committees should be required to sign nondisclosure agreements NDAs in their personal capacities. The DLC
initially suggested that only the DLC as an organization should be bound, and not DLC representatives in their personal capacities or as representatives of their employers.192 Instead, the DLC
maintained, confidentiality obligations for the MLC and DLC should operate at an organization-to-organization level, 193 as some companies prohibit DLC representatives from taking on such personal liability for actions taken in the scope of employment. 194 The MLC disagreed, stating that if only the DLC, which lacks assets relatively, is bound by a confidentiality agreement, there would be no recourse against the DLC for breach, and that such a proposal disincentivizes individuals on the MLC Board and committees from protecting confidential information, as 189 Id.

at 22566.
NPRM Comment at 21 The MLC does not believe further heightened restrictions are necessary.; DLC NPRM Comment at 8 DLC
believes it unnecessary to create an additional category of highly confidential . . ..
191 ARM NPRM Comment at 8.
192 DLC Initial NOI Comment at 23.
193 Id.
194 DLC Ex Parte Letter 2 at 6.
190 MLC

E:FRFM11FER1.SGM

11FER1