International Travel Export Control Check-up
When planning business travel, most employees find it necessary to carry a laptop, PDA, tablet or similar data device to stay connected with their office, access the Internet, or work on business documents. When traveling abroad, have these devices in your control at all times. Remove any confidential or sensitive data from your devices prior to travel.
Do the files on your laptop contain:
- student information such as grades, your comments on a student’s work, or any other non-directory information on a student?
- proprietary information, including unpublished research such as drafts of articles, in-progress projects, data sets, or third-party proprietary information?
- University data that cannot be recovered if your computer is lost or stolen?
- personal information such as tax returns, any social security numbers or health record information on you or a family member?
General Travel Tips to Secure Your Data
Before Domestic or International Travel
- Back up your data and leave a copy of your files in a safe and secure location such as your office or a University file server.
- Ensure that your operating system has a strong password or passcode when it boots up.
- Remove all student, personal and proprietary information not required for your travel purpose that is stored on your laptop.
- Password protect and encrypt student, personal and proprietary information required for your travel purpose. Publicly available encryption software is recommended to prevent export control license requirements. Such software must be designed for installation without further substantial support from the supplier.
- Turn off file-sharing and print-sharing.*
- Apply all software patches and updates.*
- Ensure that anti-virus, anti-spyware, and personal firewall software is installed on your laptop.*
- Plan ahead and purchase or install a University sponsored tracking application for your laptop in case it is lost or stolen. If export controlled data is carried, ask your IT tech to install remote data destruction software.
*Check with your Department’s IT support representative if you are unsure how to do this.
International Travel Tips to Secure Your Data and Laptop
International travelers should take extra precautions. Certain information, technology, software, and equipment you take with you may be subject to U.S. export control laws. You must ensure that all the information and software on your laptop can be safely and legally transported to another country.
You will likely needs a license to take a laptop on international travel if it contains any work or data involving projects with:
Foreign National Restrictions
A grant/contract/project that contains a restriction on the use of foreign nationals.Note: For export control regulation purposes, an individual is NOT a foreign national if he/she:
- Is a U.S. citizen;
- Is granted permanent residence (“green card”); or
- Is granted status as a protected person (political asylee)
A grant/contract/project that contains a restriction on the publication or disclosure of results to the public or unapproved parties.
- Note: A sponsor requirement to pre-review a publication without editorial authority (not to exceed about 90 days) is a temporary delay and not a real publication restriction.
- Any restriction that limits publication for a longer period of time or addresses content negates Fundamental Research Exemption.
- Side agreement with the sponsor to delay publication, allow content or pre-approval or limit publication content negates the Fundamental Research Exemption.
Technology Control Plan (TCP)
A TCP may be put in place on a grant/contract/project to control the dissemination of controlled information, data or defense service as defined in the International Traffic in Arms Regulation (ITAR) to foreign persons.
- Warning: While traveling outside the U.S. be sure not to send, access, or have anyone send your email regarding a project restricted by a TCP.
A grant/contract/project that involves information that is not public knowledge (such as test results or trade secrets). The recipient is generally duty bound to desist from making unauthorized use of the proprietary information.
Almost all items controlled under Category 5, Part 2 of the EAR are controlled because they include encryption functionality. Items may be controlled as encryption items even if the encryption is actually performed by the operating system, an external library, a third-party product or a cryptographic processor.
- Examples of encryption exports that require license: open cryptographic interface (OCI), non-retail encryption source or object code, publically available “dual use” encryption code.
- Contact IT Security if your laptop is lost or stolen; or you suspect your laptop, PDA or other electronic equipment has been compromised; temporarily confiscated; tampered with; or if a suspicious incident and/or contact occurred during your travel.
- Check the US Department of State’s website for up-to-date international travel advisories and warnings.
Last updated: 12/16/2019