From time to time, university employees may come to have access to confidential or proprietary information (hereinafter referred to as “CI”). Especially in a University setting, where information is normally distributed freely, it is critical that NC State employees renew their appreciation for reasonable standards of care with respect to the confidential and proprietary information of NC State University as well as that of third parties.

Acceptance of CI on behalf of the University substantially supplements your obligations as an employee. Acceptance of CI on behalf of the University or as an individual adds significant personal responsibility and liability that you should avoid if at all possible. You are strongly encouraged to AVOID RECEIPT OF CI except when absolutely necessary for performance of your duties as an employee of the University. The basis for the preceding caution is the fact that the University environment is not naturally conducive to maintenance of confidentiality and to add such obligation in such an environment requires substantial care and concern by the steward of such information.

Be aware that:

Standards and Action for Consideration

If you are to come to have confidential information, you are personally responsible for it’s proper, safe and secure maintenance. As such, you may want to consider implementing some reasonable standards for protection and preservation of confidential or proprietary information. Below are some standards, that when coupled with your own controls and oversight and sound ethical behavior will help you avoid unintentional breach of confidentiality:

  1. Establish and implement a protocol that covers access to CI information
    1. Ensure that CI is maintained in a locked filing cabinet and/or under strict password protection if it is electronic media.
    2. Define where CI will be stored and avoid moving CI from location to location.
    3. Identify who has key or card key access to the physical space.
    4. Establish need to know.
    5. Maintain a log of access.
    6. Define the disposition of CI – pursuant to your contract if one exists – once it is no longer necessary for you to maintain in your possession.
    7. Ensure you afford the provider of CI with an opportunity to review materials you have created that may be based in whole or in part upon their CI so that they have an opportunity to request modification of your materials to remove their CI.
  2. Evaluate your CI protocol periodically and update as necessary
  3. If you suspect CI has been compromised, immediately report the matter to the Office of Technology Transfer or the Sponsored Programs and Regulatory Compliance Services for mitigation and response.
  4. Perpetually avoid receiving CI and constantly remind your sponsors or third-party collaborators of the limitations of control you have on CI that is shared with you.
  5. Do not make unapproved arrangements on CI related to otherwise formalized arrangements (such as a sponsored agreement) because such “side-deals” can deteriorate the fundamental research exemption from export controls surrounding your work.
  6. Contact the Office of Technology Transfer or Sponsored Programs and Regulatory Compliance Services if you have any questions about your obligations under confidentiality provisions of any contracts.

Reference Material