Safeguarding Confidential Information
There are multiple ways in which confidentiality terms can be agreed to by UTA. They can exist within agreements for sponsored research, purchase of instruments or services, licenses, material transfer, collaboration etc. or they can be the purpose of a standalone agreement such as a Non-Disclosure Agreement (NDA). The following offices or administrative functions are authorized to review, negotiate, and execute these agreements by an authorized official:
Purpose / Agreement Type
Office to Review
Discussions involving Sponsored Projects
Other Research - Discussions related to research collaborations
Discussions related to licensing/commercialization/Intellectual Property
Other (Not Research) – Purchase of equipment or services, collaborations, MOU’s
Confidential information can be owned and maintained by UTA or received from, and owned by, an external party. NDAs or confidentiality terms in agreements help to identify and define the confidential information subject to the agreement and govern the exchange of the confidential information between the parties and the responsibility of each party to prevent inappropriate disclosure. UTA faculty and staff (including graduate students and undergraduate students employed by UTA) possessing confidential information, whether owned by UTA or received from a third party, have a personal responsibility to know and understand confidentiality terms and to safeguard such confidential information.
This guidance, along with NDA FAQs, is intended to assist UTA faculty and staff in safeguarding sensitive research data and confidential information. Additional requirements may apply while traveling abroad or for specific foreign research collaborations (see last bullet point on Foreign Influence).
NEVER SIGN AN AGREEMENT YOURSELF
- FIRST, NEVER SIGN AN AGREEMENT YOURSELF: This is for your and UTA’s protection. There is no such thing as a “standard” NDA that an outside third party (such as a vendor or prospective sponsor) will give you. Additionally, only authorized UTA officials that have a written delegation of signature authority from the President can execute agreements on behalf of UTA. Nearly all faculty and staff are not authorized to sign an NDA or an agreement that binds the institution. However, the offices above will coordinate with employees to review and approve content or confidentiality terms as part of the negotiation process.
UNDERSTAND CONFIDENTIALITY MARKING
- Make sure you clearly understand what information is confidential pursuant to particular agreement terms and what will not be.
- UTA conforms all confidentiality clauses to require all confidential information from a discloser to be clearly marked as confidential. Specifically, (i) written or tangible confidential information provided by a discloser must be labeled “confidential” or equivalent (such as “proprietary”, or “secret”), and (ii) information communicated any other way (such as verbally or visually) by a discloser, must be identified as confidential at time of disclosure and reduced to writing within 30 days of the disclosure with a written summary.
PROTECT YOUR ABILITY TO PUBLISH
- Make sure that the requested confidentiality obligations will not make it difficult for you to publish the results of your research, or will not affect other research or academic work you may be doing. Watch out especially for impact on students. As an educational institution, UTA cannot and will not risk a student losing the ability to complete and publish a dissertation, thesis, or other academic work needed for a degree. We may agree to certain redactions in publications for protecting confidential information owned by a third party, however, the students, faculty and PI must clearly understand and accept these before agreeing to receive confidential information with such limitations.
SECURE PHYSICAL AND ELECTRONIC PROTECTION
- Make sure you have, or have requested and will have in place before receiving confidential information, the needed and appropriate means to maintain confidential information. Confidentiality means you and your team must actually keep disclosed confidential information protected and not generally available to other personnel or the public. There are physical protections (such as lab doors with limited card reader or keyed access, locked file cabinets, or having conversations behind closed doors) and electronic (digital) protections (such as password protected computers or email encryption). Keep your own notes and print-outs, and digital or electronic content, and tangible marked materials, confidential to the extent they contain confidential information. If you share laboratory facilities, or have laboratory facilities open to others, store confidential material away in a secure location, with access limited to authorized personnel only. Your computer and IT system (information received and stored electronically) must use customary security measures, including encryption if allowed or required by UTA policy.
Equipment maintained by UTA’s Office of Information Technology (OIT) is typically compliant, but sometimes additional measures are required depending on circumstances. Contact OIT if you have IT questions, at email@example.com or https://www.uta.edu/oit. Send particular security questions to Information Security Office (ISO) at firstname.lastname@example.org or visit https://www.uta.edu/security.
RESPECT SHARING AND USE LIMITS
- Share confidential information only on a need-to-know basis. Mark and maintain received and disclosed confidential information as “confidential”. Tell UTA recipients what is confidential before sharing. Do not share outside UTA.
- Respect use limits. Only use the confidential information for the purpose that is specified in the NDA, and not for any other purpose. If you discover that confidential information has been accessed by an unauthorized person, you must immediately notify the UTA authorized official who signed the NDA so that proper notification can be provided to the party who disclosed to you.
- Note that confidentiality obligations continue after a project or an agreement expires, commonly for years. Most often at UTA, confidentiality obligations continue for 1 to 2 years after expiration of the agreement. In some cases, obligations to maintain confidentiality could continue for as long as 3 to 5 years, or rarely, more, if project needs require.
EXPORT CONTROL MAY BE ADDITIONALLY NEEDED
- Note that confidentiality terms typically only allow exchange of confidential information that is NOT export controlled. While non-confidential information, and nearly all confidential information, disclosed to UTA generally is not subject to export controls, if a discloser proposes information may be (or will be) export controlled, you will need a Technology Control Plan (TCP) finalized and in place, and signed by all who will receive, BEFORE receipt of any export-controlled information. Contact Regulatory Services for export control compliance. Your TCP likely will contain additional instructions beyond those commonly used for confidentiality. Receiving export-controlled information without an export control compliance plan in place, could cause you or members of your team, to violate criminal law.