Protecting External Confidential Information
On occasion, Purdue University and a research partner may want to exchange proprietary non-public information related to existing or prospective research (“External Confidential Information”). In these cases, often Purdue will enter into an agreement (“Confidentiality Agreement”) that obligates the university and its personnel (including faculty, staff, students or other individuals obligated to abide by the university's policies and procedures) to use the External Confidential Information only for a specific purpose and not to disclose the information to third parties. When granted access to such information, individuals are expected to safeguard and prevent the unauthorized use, disclosure, dissemination or publication of External Confidential Information. Purdue personnel are expected to diligently comply with the restrictions and protocols specified in the applicable Confidentiality Agreements and to make a good-faith effort to know and apply Purdue's recommended practices found:
- On this page,
- At Secure Purdue: Security Requirements for Handling Information and,
- By the Information Security and Privacy (VII.B.8).
Forms
Personal Acknowledgment Form - Download
NDA Information Sheet - Download
Please download and complete the NDA Information Sheet with Adobe Acrobat. If you prefer to fill out the form with your web browser, save the completed form and attach to an email to spscontr@purdue.edu.
Best Practices for Handling and Safeguarding External Proprietary Information
Primary Recipient Responsibilities
- The Primary Recipient is the individual identified at contract execution who is the control point for access to the External’s Confidential Information.
- The Primary Recipient is responsible for:
- Determining who has a legitimate “need to know”, consistent with the specific purpose for which the External Confidential Information was shared.
- In some cases, the Export Controls Officer will require that personnel with access to External Confidential Information to sign a Personal Acknowledgement Form documenting their responsibilities.
- Ensuring that any contract specific measures are understood and followed.
- Keeping any necessary records (such as summaries of External Confidential Information that is received orally or visually).
Marking and Identification
- When in possession of hard copy confidential documents use cover sheets that appropriately label the document as confidential. Include specific notice of restrictions on the use of the data or information).
- Electronic files containing confidential information should be titled as confidential.
- If received orally or visually and identified at the time of disclosure as confidential, the recipient should summarize in writing and provide that summary to the applicable Primary Recipient.
Proper Use
- Limit use to only the intended purpose.
- External Confidential Information should not be used for design or reverse engineering or any other use but that which was specified without the written permission of the disclosing party.
Determining access and export control implications
- Limit access to only those Purdue personnel who have a legitimate “need to know”, consistent with the specific purpose for which the External Confidential Information was shared.
- Special consideration of the Export Control implications must be given if access is sought for a Foreign Person. Prior to granting access, contact the Export Controls team at exportcontrols@purdue.edu, if this situation occurs.
- Note: External Confidential Information shall not be shared with a non-Purdue person without the approval of the Export Controls Officer, and only after it is determined that such disclosure is authorized by the agreement under which the information was shared. Such disclosure may require an additional agreement binding the new party.
Physical Controls
- Secure physical items (documents, materials, hardware, etc.) that include External Confidential Information at all times when not in use in locked cabinets or rooms with access limited to those with need to know.
Electronic/Digital Controls
- Store electronic files containing External Confidential Information on Purdue owned devices.
- Encrypt electronic files containing External Confidential Information even if the data resides on stationary systems.
- Do not email External Confidential Information “in the clear,” even within the Purdue network. If you need to share files securely, consider using one of the following methods:
Conversation Controls
- When discussing External Confidential Information, make sure that only those Purdue personnel with a need to know and who understand their confidentiality obligations can hear.
- When External Confidential Information is being shared, make the participants aware and remind them of their obligations.
Disposition of External Confidential Information when access is no longer needed
- Ensure that all copies (physical or digital) are destroyed or returned to the disclosing party. Primary Recipient should make sure any disposition requirements in the applicable agreement are also followed.
- When an individual no longer has a need to know the External Confidential Information, the Primary Recipient should ensure both physical and electronic access is terminated.
Special Consideration given to publications or presentations (formal or informal)
- Be aware of any approvals required by a specific project agreement and allow for the required time for the External Party to review the proposed publication or presentation.
- When presenting information formally or informally, give special care to ensure the External Confidential Information is not disclosed.
- For Industry sponsored research, consider if it is necessary to identify the name of sponsor.
- Export Controls
- Policy
- FAQs
- Foreign Talent Recruitment Program
- Definitions
- Controlled Unclassified Information (CUI) and Covered Defense Information (CDI)
- Training
- Publication and/or Dissemination Restrictions
- International Travel
- International Research Collaborations
- Working with Controlled Software
- Using Proprietary and/or Confidential Information
- Conducting Research Outside US
- Working with International Staff and Students
- Hosting International Visitors
- International Shipping
- Guidance Documents
Report Inadvertent Disclosures of External Confidential Information immediately to:
Export Controls Officer:
Elizabeth Wagner
email: exportcontrols@purdue.edu
Telephone: (765) 494-0702
