Protecting Proprietary Information

Slides:

Advertisements

Similar presentations

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.

Advertisements

Conflict of Interest, Conflict of Commitment, and Outside Activities UTSA HOP 1.33 Non-covered UTSA staff 1.

ETHICS. Business Conduct  The Agent agrees to conform to all applicable federal, state and local laws in conducting business under this agreement.

IIT Office of General Counsel Education Program Non-Disclosure/Confidentiality Agreements.

© 2013 Sri U-Thong Limited. All rights reserved. This presentation has been prepared by Sri U-Thong Limited and its holding company (collectively, “Sri.

National Science Foundation Division of Science Resources Statistics May The Confidential Information Protection and Statistical Efficiency Act.

HIPAA Privacy Training. 2 HIPAA Background Health Insurance Portability and Accountability Act of 1996 Copyright 2010 MHM Resources LLC.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA Privacy Rule Training

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

The Health Insurance Portability and Accountability Act of 1996– charged the Department of Health and Human Services (DHHS) with creating health information.

HIPAA PRIVACY REQUIREMENTS Dana L. Thrasher Constangy, Brooks & Smith, LLC (205) ; Victoria Nemerson.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

Jill Moore April 2013 HIPAA Update: New Rules, New Challenges.

Health Insurance Portability Accountability Act of 1996 HIPAA for Researchers: IRB Related Issues HSC USC IRB.

FERPA 102 Helpful Guide for Administrators, Security Contacts and Support Staff Prepared by the Office of the Registrar Student Records: Institutional.

Organization Conflict of Interest (OCI) under FAR March 2012.

Conversation on the Chemical Facility Anti-Terrorism Standards (CFATS) and Critical Infrastructure Protection Chemical-Terrorism Vulnerability Information.

Section Four: Employee and Visitor Access Controls Note: All classified markings contained within this presentation are for training purposes only.

Congress and Contractor Personal Conflicts of Interest May 21, 2008 Jon Etherton Etherton and Associates, Inc.

Form I-9 Process An Online Training for Supervisors and Designees Presented by Human Resources Revised November 2009.

National Contract Management Association – Norfolk Chapter Contracting Ground Rules.

UARC TRAINING 24 October 2007 Review of Internal Audit and Advisory Services California Conflict of Interest Laws and Regs Organizational Conflict of Interest.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.

FERPA 101 Student Records: Institutional Responsibility and Student Rights What Every University Employee Should Know Prepared by the Office of the Registrar.

INTERNET and CODE OF CONDUCT

HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.

Protecting your company’s valuable information

HIPAA Health Insurance Portability & Accountability Act of 1996.

[Program Name] ORGANIZATIONAL CONFLICT OF INTEREST TRAINING

DEED WorkForce Center Reception and Resource Area Certification Program Module 2 Unit 1b: WorkForce Center System II Learning Objectives III.

Section Ten: Security Violations and Deviations Note: All classified markings contained within this presentation are for training purposes only.

April 23, Massachusetts’ New Data Security Regulations: Ten Steps To Compliance Amy Crafts

HIPAA Trading Partners, Legal Relationships October 2, 2001 presented by Peter B. Goldstein, Esq. Cap Gemini Ernst & Young, US LLC.

Aerospace Industries Association Intellectual Property Committee Fall 2009 meeting SMC Enabling Clause Holly Emrick Svetz (703)

Export Control Basics James E. Peterson, Ph.D. Associate Vice Chancellor for Research Office of Sponsored Research.

HIPAA PRIVACY AND SECURITY AWARENESS.

Using NIMA Limited Distribution Data & Products Many of NIMA’s data and products are Unclassified Limited Distribution (LIMDIS). These materials are used.

Training Module 11 – Version 1.1 For Internal Use Only Communication Policy ® Corporate Communications, Disclosure and Insider Trading Policy 

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

1 Non-Disclosure Agreements in U.S. Government Procurement Context: Casual Exchanges and Observations Alan Dickson, Esq. Holland & Knight LLP.

1 Information Sharing Environment (ISE) Privacy Guidelines Jane Horvath Chief Privacy and Civil Liberties Officer.

The right item, right place, right time. DLA Privacy Act Code of Fair Information Principles.

FleetBoston Financial HIPAA Privacy Compliance Agnes Bundy Scanlan Managing Director and Chief Privacy Officer FleetBoston Financial.

HIPAA BASIC TRAINING Presented by Anderson Health Information Systems, Inc.

Protecting Data Rights Under DoD Contracts October 14, 2009 NCMA Workshop Cape Canaveral Chapter Keith R. Szeliga Sheppard Mullin Richter & Hampton.

Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.

UARC TRAINING 23 October 2006 Introduction to Internal Audit and Advisory Services California Conflict of Interest Laws and Regs Institutional Conflict.

A Professional Corporation Stinson, Mag & Fizzell (402) Business Associates 101 Jennifer Wolfe Jerram, B.S.N., J.D.

Personal data protection in research projects

For Official Use Only (FOUO) and Similar Designations NPS Security Office

Montgomery College Acceptable Use Policy (AUP). 2 This Acceptable Use Policy (AUP) PowerPoint presentation was developed by the Office of the Information.

Form I-9 Process Training for Supervisors and Designees Developed by Talent Development & Human Resources Revised April 2013.

HIPAA Training Workshop #3 Individual Rights Kaye L. Rankin Rankin Healthcare Consultants, Inc.

1 Changes to Regulations Governing Personal Conflicts of Interest and Organizational Conflicts of Interest Breakout Session # C08 Name: Barbara S. Kinosky,

HIPAA Privacy Rule Training

Nassau Association of School Technologists

Training for Supervisors and Designees

Prepared by Kris Twomey Law Office of Kristopher E. Twomey, P.C.

Wyoming Statutes §§ through

Privacy & Confidentiality

HIPPA/HITECH Act Requirements Under the Business Associate Agreement Between CNI and Military Health Services.

Export Controls – Export Provisions in Research Agreements

An Introduction to Public Records Office of the General Counsel

Red Flags Rule An Introduction County College of Morris

Spencer County Public Schools Responsible Use Policy for Technology and Related Devices Spencer County Public Schools has access to and use of the Internet.

Government Data Practices & Open Meeting Law Overview

Government Data Practices & Open Meeting Law Overview

Export Controls – Export Provisions in Research Agreements

S AMCOM EXPRESS INDUSTRY DAY

Presentation transcript:

Protecting Proprietary Information v. 10/25/2011 Training Brief

Objective: Address the use, handling and reasonable protection and safeguarding of Proprietary Information received either from Industry or Government sources v. 10/25/2011 Training Brief

Proprietary Information Proprietary Information (“PI”) means technical and business information which the transmitting party desires to protect from unauthorized disclosure or use and likely related to a specific topic or program. PI may be in many forms, including designs, concepts, test data, requirements, specifications, hardware, computer software, interfaces, components, processes, materials compositions, costs, written and/or electronic materials, emails, data, viewgraphs, research, or the like. v. 10/25/2011 Training Brief

What is Not PI Generally, the following is not PI: Information available to the public or becomes available to the public through no act or failure to act of the receiving party. Information known to or developed by the receiving party. Information disclosed to the receiving party by a third party having legal right to disclose. Information disclosed with prior written approval of the disclosing party. If in doubt, consultation should occur with the Principal Investigator in coordination with Office of Counsel. v. 10/25/2011 Training Brief

Presentation Topics Background Responsibilities Related to Proprietary Information/Data Organizational/Personal Conflicts of Interest v. 10/25/2011 Training Brief

Background UAHuntsville routinely executes Non-Disclosure Agreements (“NDA”)on behalf of the University and its employees regarding reasonable protection of proprietary information received from industry. Only specific individuals authorized by the Trustees of the University of Alabama System may execute an NDA on behalf of the University of Alabama in Huntsville. FAR § 9.505-4(b) - A contractor that gains access to proprietary information of other companies in performing advisory and assistance services for the Government must agree with the other companies to protect their information from unauthorized use or disclosure for as long as it remains proprietary and refrain from using the information for any purpose other than that for which it was furnished. DFARS § 252.204-7000 – The Contractor shall not release to anyone outside the Contractor’s organization any unclassified information, regardless of medium, pertaining to…the contract or any program related…unless (1) CO has approved; or (2) otherwise in the public domain v. 10/25/2011 Training Brief

Background, (cont’d) UAH Staff Handbook – “An employee may gain access to confidential information…Such information, and the underlying records, should be maintained in confidence by the employee.” (Page 94) Violations of the Alabama Trade Secrets Act may result in personal civil penalties to the disclosing individual. v. 10/25/2011 Training Brief

Access to Proprietary Information Each Principal Investigator shall list and certify team members and office locations for those having access to PI. Relating to PI, each member shall read and agree to be individually bound by the terms and conditions of NDA’s and/or contracts executed by the University. It is the Principal Investigator’s responsibility to ensure that access lists are kept current and accurate. Student (including undergraduate, graduate and postdoctoral) participation shall be limited to situations where no Proprietary Information is shared with a student. v. 10/25/2011 Training Brief

Training Each member shall certify completion of this training regarding protecting PI. This training addresses the importance of (i) maintaining information integrity, and (ii) the requirements, processes and procedures for PI protection. The Principal Investigator is responsible for assuring that team members complete PI protection training. v. 10/25/2011 Training Brief

Handling of PI Marking and Identification – Legend on PI provides specific notice of restrictions on the use of the data or information. PI originally disclosed orally or visually will be protected to the extent the disclosing party summarizes the PI in writing & delivers such to the University within a reasonable time after disclosure. PI will not be used for any purpose than that for which it was furnished as stated in the NDA or contract. v. 10/25/2011 Training Brief

Handling of PI Physical Control of Proprietary Information - PI shall not be released outside of UAHuntsville and only within the University on a ‘need to know’ basis to persons that have been approved by the Principal Investigator. Copy PI only as reasonably necessary to complete the purposes of the NDA or contract. PI hard copy materials shall have cover sheets and must remain within designated containers/files or an access-controlled enclosure. All hard copy PI documents shall be secured within each member’s office prior to the end of each business day. v. 10/25/2011 Training Brief

Handling of PI Digital Environment Protections – PI stored in electronic form on disk, tape, or other storage media constitutes PI in permanent form. All digital documents will retain original markings. The computer systems and tools employed by UAHuntsville operate on University-owned and operated networks, which afford firewall, intrusion, and vulnerability management. All users must have University issued computer accounts and conduct all work upon University owned computers. All PI data that is generated shall be stored in segregated, access controlled data drives and databases. Electronic control of PI will be the responsibility of the Principal Investigator. v. 10/25/2011 Training Brief

Handling of PI Outside of controlled University work space – PI must be stored in a locked room, drawer, filing cabinet, briefcase or other storage device so that access by unauthorized individuals is prevented when untended by the member. Long term work (5+ days) outside of ‘official’ work spaces require advance written approval from the Principal Investigator. Extended ‘off site’ possession (30+ days) requires a written Memorandum For Record with appropriate details as approved by the Principal Investigator. MFR shall be retained by the Principal Investigator v. 10/25/2011 Training Brief

Handling of PI Transmission or Dissemination – External electronic transmissions of PI via email, telephone or video teleconferencing shall be received only by those persons approved by the Principal Investigator after each has executed an NDA and received PI protection training. Appropriate Markings or Legends shall be displayed in/on/during the transmission of PI and certifications from recipients should be obtained. v. 10/25/2011 Training Brief

Inadvertent Disclosure of PI Discovery will be reported to the Principal Investigator within 24 hours and fully documented regarding details of disclosure. Principal Investigator to provide a complete disclosure to the Vice President of Research or his designee within five (5) business days of the disclosure. Principal Investigator will immediately retrieve the PI from the unauthorized individual(s) and obtain a certification from the individual(s) that all PI (and copies, if any) have been returned to the Principal Investigator. v. 10/25/2011 Training Brief

Return or Destroy Obligations at Termination – Depending upon the terms of the NDA or contract, the receiving party will use reasonable efforts to destroy all received PI (in whatever form), including copies, then in its possession or control; or Use reasonable efforts to return all such PI to the disclosing party. v. 10/25/2011 Training Brief

Continuing Obligation Limitations on Use or Disclosure – Most NDA’s and contracts contain a continuing obligation on the part of the receiving party to hold the PI in confidence for a period of years…some as long as 5 years. PI may not be used for design or reverse engineering or any other use without the written permission of the disclosing party. v. 10/25/2011 Training Brief

Additional Requirements Classified Information is handled, marked and used in accordance with the National Industrial Security Program Operating Manual (NISPOM) and any other applicable laws or regulations. Export Controlled Information is handled in compliance with export control laws and regulations. Proprietary Information agreements do not supersede these laws or regulations. v. 10/25/2011 Training Brief

Conflicts of Interest An Organizational Conflict of Interest is the existence of a set of circumstances in which a contractor may be unable to render impartial advice to the government, or might have impaired objectivity in performing contracted work; or may obtain an unfair competitive advantage in the marketplace when competing for government offered work where that unfair advantage is obtained during performance of a government contract. This unfair advantage can be introduced when the contractor sets the ‘ground rules’ of procurement thereby biasing future competition. v. 10/25/2011 Training Brief

Conflicts of Interest, cont’d Broad categories of OCI can be drawn from the foregoing. Those involving PI are: Unequal Access which provides unfair competitive advantage when a contractor obtains information not generally available to other competitors where such information would assist them in winning the contract over competitors. Biased Ground Rules most often come into play when the contractor is writing the SOW, performing systems engineering, or providing technical direction efforts. v. 10/25/2011 Training Brief

Employee Obligations Regarding Preventing OCI Retain a copy of each NDA and maintain a personal catalogue of NDA’s. Before commencing work on activity involving Government contract support (whether indirect or direct), review personal NDA catalogue to ascertain previous access to non-public information regarding the same or related subject matter as the proposed work. Notify Office of Sponsored Programs regarding any detected relationship between proposed work and past activity. In the event of questions, err on the side of disclosure and contact OSP and Office of University Compliance. v. 10/25/2011 Training Brief

Violations & Enforcement Any violation of the NDA’s and/or contractual provisions shall be reported to the Principal Investigator and Vice President of Research or his designee. Appropriate administrative action up to and potentially including termination of the violating party’s privilege to access PI may be taken by the Principal Investigator or Vice President for Research in the event of violations by the Principal Investigator. v. 10/25/2011 Training Brief

Conclusion UAHuntsville is committed to… Integrity, Abide by any and all restrictions regarding confidential and proprietary data, Respect all restrictive legends. v. 10/25/2011 Training Brief

Questions Office of Sponsored Programs Gloria Greene, VBRH 256-824-2657 or Office of University Compliance Michael Bryan, VBRH 256-824-6845 Office of Counsel John O. Cates, Esq. 256-824-6633 v. 10/25/2011 Training Brief