Confidential Information Guidelines

From time to time, university employees may come to have access to confidential or proprietary information (hereinafter referred to as “CI”). Especially in a university setting — where information normally is distributed freely — it is critical that NC State employees renew their appreciation for reasonable standards of care with respect to the confidential and proprietary information of NC State University, as well as that of third parties.

Responsibilities

Acceptance of CI on behalf of NC State University substantially supplements your obligations as an employee. Acceptance of CI on behalf of the university or as an individual adds significant personal responsibility and liability that you should avoid if at all possible. You are strongly encouraged to avoid receipt of CI except when absolutely necessary for the performance of your duties as a university employee. The basis for the preceding caution is the fact that the university environment is not naturally conducive to maintenance of confidentiality — and to add such obligation in this sort of environment requires substantial care and concern.

Confidential Disclosure Agreements (CDA)

  • If a third party — such as a research sponsor, prospective center member, or similar person or entity — intends to share confidential or proprietary information with you, contact the Office of Research Commercialization to codify the expectations and obligations in a properly executed confidential information or nondisclosure agreement.
  • Forms of contracts that cover confidential information include:
    • Nondisclosure Agreement (NDA)
    • Confidentiality Agreement (CA)
    • Proprietary Information Agreement (PIA)
    • Sponsored Project Agreement (SPA)
  • Only certain officers in the Office of Research Commercialization or SPARCS are authorized to execute contracts that may contain language that addresses confidential information where those agreements intend to bind the university.
  • Agreements should detail how confidential or proprietary information will be shared and how the recipient will know they are in receipt of such information.
  • Agreements should define and limit the institution’s obligations with respect to confidentiality to a reasonable standard of care that the institution would afford to its own confidential or proprietary information.

Standards

If you have confidential information, you are personally responsible for its proper, safe and secure maintenance. Below are some standards, which when coupled with your own controls and oversight and sound ethical behavior, will help you avoid an unintentional breach of confidentiality:

  • Establish and implement a protocol that covers access to CI:
    • Ensure that CI is maintained in a locked filing cabinet and/or under strict password protection if it is electronic media.
    • Define where CI will be stored and avoid moving CI from location to location.
    • Identify who has key/keycard access to the physical space.
    • Establish need to know.
    • Maintain a log of access.
    • Define the disposition of CI – pursuant to your contract if one exists – once it is no longer necessary for you to maintain in your possession.
    • Afford the provider of CI with an opportunity to review materials you have created that may be based in whole or in part upon their CI so they have an opportunity to request modification of your materials to remove their CI.
  • Evaluate your CI protocol periodically and update as necessary.
  • If you suspect CI has been compromised, immediately report the matter to the Office of Research Commercialization or SPARCS for mitigation and response.
  • Perpetually avoid receiving CI and constantly remind your sponsors or third-party collaborators of the limitations of control you have on CI that is shared with you.
  • Do not make unapproved arrangements on CI related to otherwise formalized arrangements (e.g., a sponsored agreement), because such “side-deals” can deteriorate the Fundamental Research Exemption from export controls surrounding your work.
  • Contact the Office of Research Commercialization or SPARCS if you have any questions about your obligations under the confidentiality provisions of any contracts.