1370 Export-Controlled Information

Policy Sections

1370.1 Responsibility to Avoid Creating or Receiving Export-Controlled Information

1370.2 Responsibility to Protect Export-Controlled Information in Transmission or Storage

1370.3 Responsibility to Protect Export-Controlled Information from Improper Disclosure to Foreign Nationals

1370.4 Responsibility to Report the Possible Loss, Mishandling, Export, or Disclosure of Export-Controlled Information

This policy applies to all Yale faculty members, staff, students, and trainees who may receive, create, or disclose Information subject to federal export control laws in the course of their research (“Yale Researchers”).

The purpose of this policy is to help Yale Researchers comply with Yale’s policies on openness in research and federal export control laws.  This policy establishes the responsibility of Yale Researchers (i) to avoid, whenever possible, the receipt or creation of Export-Controlled Information that falls outside the exemptions listed below; and (ii) to safeguard Export-Controlled Information in the event that they do create or receive it.

For various reasons, the federal government regulates the export of a broad range of Information, including software, in virtually all fields of science, technology, medicine, and engineering.  Federal regulations apply both to the overseas export of this Information and its disclosure to Foreign Nationals in the United States.  These regulations are primarily captured in the International Traffic in Arms Regulations (“ITAR”) [Title 22 CFR] and Export Administration Regulations (“EAR”) [Title 15 CFR].     

Technical data/Information is generally not subject to export controls if it falls into one of these categories:

• Public Domain: Information which is published (i.e., made available to the public without restrictions on further dissemination) [15 CFR 734.7] and which is generally accessible or available to the public through, for example, sales at newsstands and bookstores, libraries open to the public, patents available at any patent office, unlimited distribution at a conference/seminar generally accessible to the public in the United States [22 CFR 120.11].
• Academic Catalog Course or Associated Teaching Laboratory: General scientific, mathematical, or engineering principles taught in a course or associated teaching laboratory of an academic institution [22 CFR 120.10(b) and 15 CFR 734.3(b)(3)(iii)].
• Fundamental Research: Basic and applied research results in science, engineering, or mathematics, at accredited institutions of higher learning in the U.S. where the resulting Information is ordinarily published and shared broadly in the scientific community and for which the researchers have not accepted restrictions for proprietary or national security reasons.  Proprietary Data is not considered “fundamental research” [22 CFR 120.34(a)8 and 15 CFR 734.8(c)].

The creation or receipt of Export-Controlled Information without an exemption poses as a challenge for academic researchers because serious restrictions attach to the dissemination of such Information, and those restrictions undermine the mission of academic research.  Specifically, export control restrictions on dissemination conflict with Yale’s policies forbidding secret or classified research or restraints on the publication of research (see Faculty Handbook, Sections XX.C.1(b) and (c)).  These restrictions also conflict with Yale’s commitment to maintaining a research enterprise that is open to persons of all nationalities.

Information that is subject to export controls, such as Proprietary Data or U.S. government provided data/Information, may require an export license to send abroad or share with a Foreign National.  An export includes:

• physical export in any form (including international travel with personal devices containing export-controlled data);
• electronic transmission of Export-Controlled Information to a recipient in a foreign location (including saving data on a cloud server that may be located in a foreign country); or
• disclosing technical data/Information with a Foreign National wherever located, including those in the United States (“deemed export”) [15 CFR 734.13 and 22 CFR 120.17].

It should be noted that Personally Identifiable Information (“PII”) is not export controlled but is controlled from disclosure under other regulations.

Export-Controlled Information

Information governed by the Commerce Department’s Export Administration Regulations or the State Department’s International Traffic in Arms Regulations.

Foreign National

(i) A person in the United States who does not have U.S. citizenship, permanent resident status, or a grant of asylum; or (ii) a corporation, association, or other entity not incorporated to do business in the U.S.

Fundamental Research Results

University-generated technical data or Information that is ordinarily published and shared broadly in the academic community, as distinguished from research the results of which are restricted for proprietary reasons or specific U.S. government access and dissemination controls.  University research results will not be considered “fundamental research” if the university or its researchers accept restrictions or approval requirements on the publication of research results or restrictions/approvals on who may access or generate the research results, such as a Foreign National restrictions.  Fundamental Research Results are not subject to export control regulations [22 CFR 120.11(a)(8) and 15 CFR 734.8].

Information

Knowledge, technology, or a combination of the two. Information may be in any tangible or intangible form, such as written or oral communications, blueprints, drawings, photographs, plans, diagrams, models, formulae, tables, engineering designs and specifications, computer-aided design files, manuals or documentation, electronic media or [knowledge] revealed through visual inspection.

Proprietary Data

Instances in the conduct of research where a researcher, institution or company decide to restrict or protect the release or publication of “technology” or “software” contained in research results. Once a decision is made to maintain such “technology” or “software” as restricted or proprietary, the “technology” or “software” (if within the scope of § 734.3(a)) becomes subject to the EAR.

Yale Researcher

Any Yale faculty member, student, trainee, or staff member who may create or receive Export-Controlled Information in the course of their Yale employment, studies, or training.

Yale strongly discourages the acceptance of any Export-Controlled Information by Yale Researchers for reasons stated in this policy.  In the rare circumstances when it is necessary to accept such Information, Yale Researchers may do so only through an agreement negotiated and signed by the Office of Sponsored Projects (“OSP”) or Yale Ventures, in consultation with the Director of Export Controls.

Because export control laws are complex and the range of Information covered by the regulations is broad and growing, it may be difficult for Yale Researchers to identify the circumstances that cause research Information to lose its exemption from export control laws.  The most likely of these circumstances is the acceptance by a Yale Researcher of contractual restrictions or required approvals on the dissemination of research results or the participation of Foreign Nationals.  For this reason, confidentiality or non-disclosure agreements relating to research may be negotiated and signed only by OSP or Yale Ventures, in consultation with the Director of Export Controls, and Yale Researchers must inform the Director of Export Controls whenever a sponsor or other party asks that they restrict the disclosure of Information created or received in relation to their research.

The Director of Export Controls will advise Yale Researchers on how to conduct research in a way that is consistent with Yale’s policies on openness in research and avoids inadvertently creating or receiving Export-Controlled Information.

Yale Researchers may not transmit Export-Controlled Information by email (even from one yale.edu address to another) because email service companies may store email and attachments on computers located in foreign countries or may give employees who are Foreign Nationals access to customer email. 

Yale Researchers and employees may electronically store Export-Controlled Information only on computers owned by Yale and located on the Yale campus because companies that provide electronic storage and transmission services may store Information on computers located in foreign countries or may give employees who are Foreign Nationals access to customer Information.

Yale Researchers may not store Export-Controlled Information on portable electronic devices or media because they are easily lost or stolen. 

Paper files that contain Export-Controlled Information must be kept in a locked cabinet when not in use because they are easily lost or stolen. 

Yale Researchers may not carry Export-Controlled Information outside the United States in any form without first obtaining the advice of the Director of Export Controls, who will determine whether a U.S. government license must be obtained.

Detailed security requirements for the storage and transmission of Export-Controlled Information can be found at the Office of Research Administration.

Yale Researchers may not disclose or convey Export-Controlled Information to Foreign Nationals (including Yale students, faculty, staff, and post-doctoral researchers) orally, by allowing visual inspection of the Information, or by allowing a Foreign National to practice or apply the Information under a Yale Researcher’s guidance without first obtaining the advice of the Director of Export Controls, who will determine whether a U.S. government license must be obtained.

Any Yale faculty member, student, trainee, or staff member who believes that any of the following events may have occurred must immediately report his or her concerns to the Director of Export Controls:

• Export-Controlled Information or a device storing such Information has been lost or stolen;
• Export-Controlled Information has been transmitted by email, stored on a computer that is not owned by Yale and located on the Yale campus, or stored on a portable device or medium;
• Export-Controlled Information has been carried or sent outside the United States without first obtaining the advice of the Director of Export Controls; or
• Export-Controlled Information has been disclosed or conveyed to a Foreign National without first obtaining the advice of the Director of Export Controls. 

Office of Export Controls

• Provide advice regarding any agreement accepting Export-Controlled Information.
• Provide advice regarding any non-disclosure or confidentiality agreement regarding scientific research.
• Provide advice regarding the disclosure of Export-Controlled Information to Foreign Nationals.
• Receive reports of the loss, mishandling, export, or disclosure of Export-Controlled Information.

Office of the General Counsel

• Provide advice regarding compliance with export control laws.

Office of Sponsored Projects (“OSP”)

• Negotiate and sign agreements accepting Export-Controlled Information.
• Negotiate and sign non-disclosure or confidentiality agreements regarding scientific research.

Yale Ventures

• Negotiate and sign agreements accepting Export-Controlled Information.
• Negotiate and sign non-disclosure or confidentiality agreements regarding scientific research.

Chief Information Security Officer

• Provide advice regarding security requirements for the storage and transmission of Export-Controlled Information.