While Cornell understands and supports the need to enter into Non-Disclosure Agreements, there are some export control risks that researchers need to be aware of.

Remember that the Office of Sponsored Programs must sign all Cornell research-related confidentiality agreements, except in limited circumstances.

When receiving confidential information:

  • Per Cornell Policy 4.22, no controlled technology or technical data can reside on Cornell campuses, devices, or servers, unless the Export Control Office (ECO) has provided prior written approval.
    • Remember, the transfer of controlled technology or technical data to a foreign national, even in the U.S., is considered an export and may require a license.
    • Cornell servers and email are not configured to properly secure controlled technology or technical data.
    • If you absolutely need to utilize controlled information, Cornell's ECO will work with you to put a technology control plan in place - to ensure that the information is properly secured and no export violations occur.

When sharing confidential information:

  • Per Cornell Policy 4.22, all Cornell research must be fundamental research - meaning the research results must remain unrestricted.
    • In most cases, it is not appropriate to mark Cornell research as proprietary or confidential. Doing so could cause the research to be rendered controlled, in violation of Cornell policy, and causing a potential export control violation. 
    • If you are seeking to patent an invention, Cornell's Center for Technology Licensing may enter into a non-disclosure agreement for a limited time, in order to protect patentability. 
    • Given Cornell's stance as a fundamental research-only institution, entering into bilateral confidentiality agreements is not advised unless you are sharing something confidential other than research results (ex: personal data, financial data, etc.). 

Best practices:

  • Enter into confidentiality agreements only when it is absolutely necessary. Both the receipt and sharing of confidential information creates liability on behalf of the researchers and the university.
  • Ensure that all research related confidentiality agreements are signed by the appropriate office (OSP in most cases). This protects the researchers, the unit, and the university. OSP grant and contract officers are trained to review agreements for export control concerns.
  • If you ever receive a document marked "export controlled", "EAR", "ITAR", or with a similar marking, contact the ECO immediately.