Skip Navigation
Search
Office for Research and Innovation
Office of Research Security
HomeResearch Data Protections and SecurityExport Controlled Data

Export Controlled Data

What is Export Controlled Data? 

Certain technical data, technology, software, and/or information that is not in the public domain (or freely publishable) and is restricted from being exported from the United States to foreign countries or foreign persons (even within the U.S.) without specific authorization.  

Office of Research Security - Export Control Compliance Guidance Documents

What are the applicable regulations for export controlled data? 

The following set of regulations are designed to protect national security, prevent the proliferation of weapons of mass destruction, safeguard U.S. intellectual property, and enforce economic and trade sanctions.

  • International Traffic in Arms Regulations (ITAR)

  • Export Administration Regulations (EAR)

  • Department of Energy (DoE) Regulations

How could a researcher receive export controlled data? 

From Industry:  Whenever a researcher is a party to  any kind of confidentiality agreement with industry (e.g. a Non-Disclosure Agreement), there is a potential for the transfer of export controlled data to SBU.  Depending on the sector the industrial partner operates in, the technical and proprietary data they may wish to dislose to SBU researchers could be subject to export controls restrictions.  The Office of Research Security (ORS) works very closely with Intellectual Property Partners (IPP) to identify which agreeements could lead to the transfer to SBU of such data and will work with effected researchers to safeguard them appropriately.

From the Government:  A researcher may receive export controlled data from the federal government or a federal government prime contractor when conducting CONTRACT work for the federal government.  Such data will very likely also be marked or otherwise identified as Controlled Unclassified Information (CUI).  See here for the requirements and restrictions for working with CUI.  

What must a researcher do if they receive export controlled data? 

Contact the Office of Research Security (ORS) as soon as you believe you may have a need to access such data.  All export controlled data to be received at SBU must be managed and safeguarded appropriately to ensure:

1.)  It is not inadvertantly dislosed to or accessed by non-authorized individuals who are not U.S. persons, and

2.)  Any applicable cyber/IT security standards required by law, regulation, or contract can be adhered to institutionally 

ORS will work with you and other SBU stakeholders to implement a Technology Control Plan to accomplish the above and remain compliant with applicable regulations.