Annex on the Protection of
A. GENERAL PRINCIPALS FOR THE HANDLING OF CONFIDENTIAL INFORMATION
- 1. The obligation to protect confidential information shall pertain to the verification of both civil and military activities and facilities. Pursuant to the general obligations set forth in Article VIII, the Organization shall:
- (a) Require only the minimum amount of information and data necessary for the timely and efficient carrying out of its responsibilities under this Convention;
- (b) Take the necessary measures to ensure that inspectors and other staff members of the Technical Secretariat meet the highest standards of efficiency, competence, and integrity;
- (c) Develop agreements and regulations to implement the provisions of this Convention and shall specify as precisely as possible the information to which the Organization shall be given access by a State Party.
- 2. The Director-General shall have the primary responsibility for ensuring the protection of confidential information. The Director-General shall establish a stringent regime governing the handling of confidential information by the Technical Secretariat, and in doing so, shall observe the following guidelines:
- (a) Information shall be considered confidential if:
- (i) It is so designated by the State Party from which the information was obtained and to which the information refers; or
- (ii) In the judgement of the Director-General, its unauthorized disclosure could reasonably be expected to cause damage to the State Party to which it refers or to the mechanisms for implementation of this Convention;
- (b) All data and documents obtained by the Technical Secretariat shall be evaluated by the appropriate unit of the Technical Secretariat in order to establish whether they contain confidential information. Data required by States Parties to be assured of the continued compliance with this Convention by other States Parties shall be routinely provided to them. Such data shall encompass:
- (i) The initial and annual reports and declarations provided by States Parties under Articles III, IV, V and VI, in accordance with the provisions set forth in the Verification Annex;
- (ii) General reports on the results and effectiveness of verification activities; and
- (iii) Information to be supplied to all States Parties in accordance with the provisions of this Convention;
- (c) No information obtained by the Organization in connection with the implementation of this Convention shall be published or otherwise released, except, as follows:
- (i) General information on the implementation of this Convention may be compiled and released publicly in accordance with the decisions of the Conference or the Executive Council;
- (ii) Any information may be released with the express consent of the State Party to which the information refers;
- (iii) Information classified as confidential shall be released by the Organization only through procedures which ensure that the release of information only occurs in strict conformity with the needs of this Convention. Such procedures shall be considered and approved by the Conference pursuant to Article VIII, paragraph 21 (i);
- (d) The level of sensitivity of confidential data or documents shall be established, based on criteria to be applied uniformly in order to ensure their appropriate handling and protection. For this purpose, a classification system shall be introduced, which by taking account of relevant work undertaken in the preparation of this Convention shall provide for clear criteria ensuring the inclusion of information into appropriate categories of confidentiality and the justified durability of the confidential nature of information. While providing for the necessary flexibility in its implementation the classification system shall protect the rights of States Parties providing confidential information. A classification system shall be considered and approved by the Conference pursuant to Article VIII, paragraph 21 (i);
- (e) Confidential information shall be stored securely at the premises of the Organization. Some data or documents may also be stored with the National Authority of a State Party. Sensitive information, including, inter alia, photographs, plans and other documents required only for the inspection of a specific facility may be kept under lock and key at this facility;
- (f) To the greatest extent consistent with the effective implementation of the verification provisions of this Convention, information shall be handled and stored by the Technical Secretariat in a form that precludes direct identification of the facility to which it pertains;
- (g) The amount of confidential information removed from a facility shall be kept to th minimum necessary for the timely and effective implementation of the verification provisions of this Convention; and
- (h) Access to confidential information shall be regulated in accordance with its classification. The dissemination of confidential information within the Organization shall be strictly on a need-to-know basis.
- 3. The Director-General shall report annually to the Conference on the implementation of the regime governing the handling of confidential information by the Technical Secretariat.
- 4. Each State Party shall treat information which it receives from the Organization in accordance with the level of confidentiality established for that information. Upon request, a State Party shall provide details on the handling of information provided to it by the Organization.