In CIB No. 10, I reported on a proposed DFARS subpart addressing requirements for safeguarding unclassified DOD information. The rule would apply across the board to all DOD contractors and subcontractors at any tier.
The rule purports to treat unclassified data (vaguely defined) as if it were classified, essentially. This rule has been under considerable fire from industry groups. So the time for comments has been extended until November 30, 2011. This means it could not possibly be implemented before next year.
However, the proposed rule brings to mind the standard advice I give about protecting your proprietary data. Marking does not make it so. That is, proper marking of data is not an automatic protection. Marking is important. See FAR 52.215-1(e) and FAR 15.609(a) for the proper Use and Disclosure of Data legends. But you must go beyond just marking data. You must have policies, procedures and physical protections in place as well. You must actually treat the data as a secret and limit its release and who has access.
Perhaps if we just protected our trade secrets a little better, compliance with the new FAR rule would not be onerous. Most of you, I hope, are way ahead of this curve and already essentially comply with the proposed regulation.