International Travel
Guidance for Faculty, Staff and Trainees Traveling Internationally with UIC Generated and Owned Data and/or UIC Owned Equipment
The Vice Chancellor for Research, on August 14, 2020, released guidance reminding researchers data generated at or on behalf of UIC is owned by the University of Illinois Chicago. That guidance highlights the need for a risk-based approach to traveling with UIC-owned data and equipment, highlighted below. Additional resources and specific scenarios can also be found on the Office of Research Data Initiatives and Information (ORDI2) site.
A one page resource guide and 5-minute video are available with recommendations for international travel, although this will be updated soon. Because violations of export controls, including inadvertent failures to comply, may result in severe criminal and civil penalties both for individual faculty, staff, and students, as well as for the University of Illinois at Chicago as an institution, the OVCR and UIC recommends certain actions when traveling internationally with UIC-owned data or equipment.
If you are unsure where to seek pre-approval for and where to report international travel, we have developed an online travel tool to help.
Traveling with Data and Equipment
Recommendations for before you travel internationally:
- Inform your unit (Department, College, Center, or other) of your travel and information technology/computer support group.
- Confirm that any devices that will travel are backed up.
- Only copies of data should be transported, domestically or internationally. Original UIC-owned data should be retained on campus or in UIC supported cloud storage.
- Update software, including installing encryption and utilizing VPN on all hardware that will travel, including laptops, tablets, iPads, and mobile phones.
- Understand the security required for your data, specifically do you work with human subject identifiable information, export controlled information, data under a confidentiality agreement, data related to intellectual property, etc.
- Consult the Export Control Compliance Officer for training on Export Controls, including but not limited to the ‘tools of the trade’ exception, time limits, restricted party screening with Visual Compliance, the Office of Foreign Assets Control (OFAC) administration of and enforcement of U.S. trade and economic sanctions.
- Register with the Office of Global Engagement Travel Roster and follow the International Travel Safety Policy. Enrolling your UIC business travel will result in free travel insurance covering your travel.
- Request a letter template from the Office of Research Integrity, to be signed by your Department Head or next level Administrator if you are a Department Head or above. The letter template should be completed by the traveller and placed on UIC letterhead by the Department Head or next level Administrator. Full instructions will be given with the letter template. The letter can be provided to anyone who questions the traveler regarding the UIC-owned data and equipment. The letter is not mandated but is suggested to demonstrated that you are traveling with the knowledge of the University and that data is a copy of the original data that is retained by the University.
Recommendations while you are traveling internationally:
- Practice physical security, including securing devices, while traveling.
- Do not use public USB chargers or non-secure WiFi.
- Do not re-use USB devices after inserting into public computers, unless they have been ‘decontaminated’ by a qualified computer security group.
- Do not access secure or high-risk UIC systems or export controlled projects.
Recommendations for when you return from traveling internationally:
- Change/update passwords for any systems you accesed to secure your devices and UIC systems.
- Return any data or software that you have removed from your system for travel.
- Inform your unit (Department, College, Center, or other) of your travel and information technology/computer support group of your return, as appropriate.
- Save any new data that you generated while traveling to a UIC system and back up your system once you are confident that there are no issues.
Risk-Based Decision Making on Traveling with UIC-Owned Data and/or Equipment
By choosing a risk group, a researcher can make informed decisions in regards to traveling with UIC-owned data and/or equipment. The US Department of State Travel Advisories is one way to assess the risk of a given country or specific city or region, but the U.S. Department of Treasury, Office of Foreign Assets Control (OFAC) , Export Administration Regulations (EAR), and International Traffic in Arms Regulations (ITAR). However, current (2020-2021) pandemic health related travel recommendations are that travel be restricted. UIC currently requires pre-approval for domestic and international travel.
Low Risk
| Before you leave | While traveling | When you return |
|---|---|---|
| Follow the basic recommendations described above. | Follow the basic recommendations described above. | Follow the basic recommendations described above. |
Increased Risk
| Before you leave | While you travel | When you return |
|---|---|---|
| (a) Remove unnecessary data and software, and access data through secure cloud-based (e.g. Box, OneDrive) storage, if necessary or (b) request (>2 weeks) a 'loaner' laptop from your Department, College, Technology Solutions, or the OVCR with only necessary data and programs installed. | Only the strength of the recommendations increases with this level of the risk. | (a) Re-install removed data and software as needed or (b) return 'loaner' laptop after transferring any saved work. |
| Remove TouchID/Face log in on devices where active. | Reinstall TouchID/Face log in on any devices where they were removed. | |
| If you suspect tampering or could not physically secure your device, notify your College/Department IT and have machine imaged to extract any new data before restoring back up. |
High Risk (e.g. Turkey)
| Before you leave | While you travel | When you return |
|---|---|---|
| a) Remove all data and software, and access data through secure cloud-based (e.g. Box, OneDrive) storage or (b) request (>2 weeks) a 'loaner' laptop from your Department, College, Technology Solutions, or the OVCR with only necessary data and programs installed. | Do not access secure, sensitive, or export-controlled project data.Be safe physically while traveling | Have machine imaged to extract any new data. |
| Remove TouchID/Face log in on devices where active. | (a) 'Scrub' laptop and recover from backup or (b) return 'loaner' laptop after transferring any saved work. | |
| Confirm no restricted or export controlled data on any device (patient data, IP). | Reinstall TouchID/Face log in on any devices where they were removed. | |
| Email presentations to a local individual for presentations. | ||
| Contact the UIC Export Controls Compliance Officer as soon as possible regarding possible export licenses or documentation, for travel, presentation and any materials or software that you are carrying with you: Approval is not guaranteed. |
contact
For questions about an Export Control license, contact uicexport@uic.edu.
Sanctioned Country (e.g., Iran)
| Before you leave | While you travel | When you return |
|---|---|---|
| Contact the UIC Export Controls Compliance Officer as soon as possible regarding necessary export licenses or documentation, for travel, presentation and any materials or software that you are carrying with you: Approval is not guaranteed. | Do not access secure, sensitive, or export-controlled project data. | Have machine imaged to extract any new data. |
| a) Remove all data and software, and access data through secure cloud-based (e.g. Box, OneDrive) storage or (b) request (>2 weeks) a 'loaner' laptop from your Department, College, Technology Solutions, or the OVCR with only necessary data and programs installed. | (a) 'Scrub' laptop and recover from backup or (b) return 'loaner' laptop after transferring any saved work. | |
| Confirm only information and software outlined in the license are on device, once the license is approved. | Reinstall TouchID/Face log in on any devices where they were removed. | |
| Email presentations to a local individual for presentations. |
contact
For questions about an Export Control license, contact uicexport@uic.edu.
Travel News
