Policy

 EXPORT CONTROL POLICY

The University of Arizona, as outlined in its Export Control Policy, is committed to complying with U.S. export controls laws and regulations that apply to its activities, including the International Traffic in Arms Regulations (ITAR), the Export Administration Regulations (EAR), and the Office of Foreign Assets Control (OFAC) regulations.

All individuals affiliated with the University who work with, or have access to, export-controlled technical data, information, materials and equipment are required to be familiar with and fulfill the requirements of the U.S. export controls laws and regulations by following applicable University policies and procedures. The Export Control team maintains an Export Control Manual which outlines roles and responsibilities and export control procedures.

  University Leadership Commitment

INTERNATIONAL TRAVEL WITH UNIVERSITY COMPUTERS & DATA

Travel outside the U.S. or its territories with electronic devices[1] presents risks, including:

  1. Loss or theft of devices and data;
  2. Device infiltration or malware compromising sensitive information; and
  3. Violations of federal regulations.

To reduce data and identity theft risks, the University recommends that individuals traveling abroad take a loaner or “clean” laptop (i.e., only basic operating systems). Colleges are responsible for developing procedures to provide loaner devices.

Before traveling abroad with an electronic device issued or purchased by the University of Arizona, refer to this chart for guidance. The below regulations also apply to personal devices when accessing university data.

International Destinations

 

Data Transported or Accessed

 

Device Requirements and Recommendations
Highly Sanctioned Countries Any university data

REQUIRED: Laptops cannot have data. Travel with a loaner or clean laptop.

A federal license is likely required; contact Export Control for assistance.

 
Other Heightened Risk Countries

Sponsored research data

 

HIPAA/PHI data

REQUIRED: Laptops cannot have sponsored research data. Travel with a clean laptop.

 

Check with HIPAA Privacy Program for guidance or exceptions.
Other University data (i.e., not sponsored research or export controlled) RECOMMENDED: Laptop without university data.
All Countries Export-controlled data REQUIRED: Do NOT travel with or access export-controlled data; Check with Export Control for guidance and export authorizations.

Several countries restrict the import of encrypted devices and software and in some cases the export of encryption software requires U.S. government authorization. This includes the use of DUO in certain countries. Consult with Export Control at export@arizona.edu.

[1] Electronic Devices:  Electronic devices are defined as any device which processes or stores data, including but not limited to desktop computers, laptop computers, mobile phones, tablet computers, e-readers, and storage devices such as flash drives.