International Travel
Guidance for Faculty, Staff and Trainees Traveling Internationally with UIC Generated and Owned Data and/or UIC Owned Equipment
The Vice Chancellor for Research, on August 14, 2020, released guidance reminding researchers data generated at or on behalf of UIC is owned by the University of Illinois Chicago. That guidance highlights the need for a risk-based approach to traveling with UIC-owned data and equipment, highlighted below.
UIC requires travel that is not purely personal to be pre-approved by the unit head (Department Head, Center Director, Dean, or similar UEO) whether the travel is UI Travel, UI Travel paid exempt from the gift ban, or outside activity travel.
UIC has loaner laptops and loaner mobile phones available for faculty and staff traveling internationally on university business.
A one page resource guide and 5-minute video are available with recommendations for international travel, although this will be updated soon. Because violations of export controls, including inadvertent failures to comply, may result in severe criminal and civil penalties both for individual faculty, staff, and students, as well as for the University of Illinois at Chicago as an institution, the OVCR and UIC recommends certain actions when traveling internationally with UIC-owned data or equipment. Additional resources and specific scenarios can be found below and also found on the Office of Research Data Initiatives and Information (ORDI2) site.
If you are unsure where to seek pre-approval for and where to report international travel, we have developed an online travel tool to help.
Traveling with Data and Equipment
Recommendations for before you travel internationally:
- Required
- Seek pre-approval of your international travel (unless purely personal/vacation) with the Office of Global Engagement International Travel Safety Portal (UIC Business), University Ethics and Compliance (UIC activity paid by an outside entity), and/or UIC Research – COI (outside activities). If you are unsure where to seek pre-approval for and where to report international travel, we have developed an online travel tool to help.
- If UIC business, follow the International Travel Safety Policy. Enrolling your UIC business travel will result in free travel insurance covering your travel.
- If purely personal travel that you will pay for out of pocket, there is no reason to seek pre-approval.
- Inform your unit (Department, College, Center, or other) of your travel.
- Only copies of data should be transported, domestically or internationally. Original UIC-owned data should be retained on campus or in UIC supported cloud storage.
- Understand the security required for your data, specifically do you work with human subject identifiable information, export controlled information, data under a confidentiality agreement, data related to intellectual property, etc.
- Seek pre-approval of your international travel (unless purely personal/vacation) with the Office of Global Engagement International Travel Safety Portal (UIC Business), University Ethics and Compliance (UIC activity paid by an outside entity), and/or UIC Research – COI (outside activities). If you are unsure where to seek pre-approval for and where to report international travel, we have developed an online travel tool to help.
- Recommended
- Inform your unit (Department, College, Center, or other) information technology/computer support group.
- Confirm that any devices that will travel are backed up.
- Update software, including installing encryption and utilizing VPN on all hardware that will travel, including laptops, tablets, iPads, and mobile phones.
- Consult the Export Control Compliance Officer for training on Export Controls, including but not limited to the ‘tools of the trade’ exception, time limits, restricted party screening with Visual Compliance, the Office of Foreign Assets Control (OFAC) administration of and enforcement of U.S. trade and economic sanctions.
- Request a letter template from the Office of Research Integrity, to be signed by your Department Head or next level Administrator if you are a Department Head or above. The letter template should be completed by the traveller and placed on UIC letterhead by the Department Head or next level Administrator. Full instructions will be given with the letter template. The letter can be provided to anyone who questions the traveler regarding the UIC-owned data and equipment. The letter is not mandated but is suggested to demonstrated that you are traveling with the knowledge of the University and that data is a copy of the original data that is retained by the University.
Recommendations while you are traveling internationally:
- Required
- Do not access secure or high-risk UIC systems or export controlled projects.
- Recommended
- Practice physical security, including securing devices, while traveling.
- Do not use public USB chargers or non-secure WiFi.
- Do not re-use USB devices after inserting into public computers, unless they have been ‘decontaminated’ by a qualified computer security group.
Recommendations for when you return from traveling internationally:
- Required
- Disclose the travel in UIC Research – COI if the travel was part of an outside activity.
- Recommneded
- Change/update passwords for any systems you accesed to secure your devices and UIC systems.
- Return any data or software that you have removed from your system for travel.
- Inform your unit (Department, College, Center, or other) and information technology/computer support group of your return, as appropriate.
- Save any new data that you generated while traveling to a UIC system and back up your system once you are confident that there are no issues.
Risk-Based Decision Making on Traveling with UIC-Owned Data and/or Equipment
By choosing a risk group, a researcher can make informed decisions in regards to traveling with UIC-owned data and/or equipment. The US Department of State Travel Advisories is one way to assess the risk of a given country or specific city or region, but the U.S. Department of Treasury, Office of Foreign Assets Control (OFAC) , Export Administration Regulations (EAR), and International Traffic in Arms Regulations (ITAR).
Low Risk
| Before you leave | While traveling | When you return |
|---|---|---|
| Follow the basic requirements and recommendations described above. | Follow the basic requirements and recommendations described above. | Follow the basic requirements and recommendations described above. |
Increased Risk
| Before you leave | While you travel | When you return |
|---|---|---|
| (a) Remove unnecessary data and software, and access data through secure cloud-based (e.g. Box, OneDrive) storage, if necessary or (b) request (>2 weeks) a 'loaner' laptop from your Department, College, Technology Solutions, or the OVCR with only necessary data and programs installed. | Only the strength of the recommendations increases with this level of the risk. | (a) Re-install removed data and software as needed or (b) return 'loaner' laptop after transferring any saved work. |
| Remove TouchID/Face log in on devices where active. | Reinstall TouchID/Face log in on any devices where they were removed. | |
| If you suspect tampering or could not physically secure your device, notify your College/Department IT and have machine imaged to extract any new data before restoring back up. |
contact
For questions about an Export Control license, contact uicexport@uic.edu.
High Risk (e.g. Turkey)
| Before you leave | While you travel | When you return |
|---|---|---|
| a) Remove all data and software, and access data through secure cloud-based (e.g. Box, OneDrive) storage or (b) request (>2 weeks) a 'loaner' laptop from your Department, College, Technology Solutions, or the OVCR with only necessary data and programs installed. | Do not access secure, sensitive, or export-controlled project data.Be safe physically while traveling | Have machine imaged to extract any new data. |
| Remove TouchID/Face log in on devices where active. | (a) 'Scrub' laptop and recover from backup or (b) return 'loaner' laptop after transferring any saved work. | |
| Confirm no restricted or export controlled data on any device (patient data, IP). | Reinstall TouchID/Face log in on any devices where they were removed. | |
| Email presentations to a local individual for presentations. | ||
| Contact the UIC Export Controls Compliance Officer as soon as possible regarding possible export licenses or documentation, for travel, presentation and any materials or software that you are carrying with you: Approval is not guaranteed. |
contact
For questions about an Export Control license, contact uicexport@uic.edu.
Sanctioned Country (e.g., Iran)
| Before you leave | While you travel | When you return |
|---|---|---|
| Contact the UIC Export Controls Compliance Officer as soon as possible regarding necessary export licenses or documentation, for travel, presentation and any materials or software that you are carrying with you: Approval is not guaranteed. | Do not access secure, sensitive, or export-controlled project data. | Have machine imaged to extract any new data. |
| a) Remove all data and software, and access data through secure cloud-based (e.g. Box, OneDrive) storage or (b) request (>2 weeks) a 'loaner' laptop from your Department, College, Technology Solutions, or the OVCR with only necessary data and programs installed. | (a) 'Scrub' laptop and recover from backup or (b) return 'loaner' laptop after transferring any saved work. | |
| Confirm only information and software outlined in the license are on device, once the license is approved. | Reinstall TouchID/Face log in on any devices where they were removed. | |
| Email presentations to a local individual for presentations. |
contact
For questions about an Export Control license, contact uicexport@uic.edu.
Travel News
