Ensuring that technical data is compliant with both export regulations and cybersecurity requires an understanding of what export controlled technical data/technology relate to and how they work together. The two major export control regulations, The International Traffic In Arms Regulations (ITAR) and the Export Administration Regulations (EAR), define controlled technical data/technology differently. Click for the ITAR definition and for the EAR definition.

An effective approach requires incorporating export regulations into cybersecurity protocols. This means the IT architecture needs to embrace not only the encryption requirements and authentication protocols in order to access a company’s systems, files, share drives, but also to analyze what “employees” have access to once they have validly entered their companies domain.

Even though the environment is secure by cybersecurity standards – it may not be “export” compliant.

Example – if a company has export controlled data, which could be cyber security compliant (i.e., encrypted) –  a potential export violation could occur if the person accessing the data (or potentially able to access it) doesn’t have the proper export authority based on their nationality/location. A U.S. company sets up an office in the United Kingdom (U.K.) and hires a U.K. citizen to work in that location. The U.K. citizen then gains access to the company’s server, which has export controlled technical data/technology located on it, another words, the U.K. citizen has not be firewalled out of the location where the controlled data is located. If the employee accessed the data or not (potential access) may constitute a potential export violation.

The recent trend is to have more cybersecurity measures identifying the “export controlled data” – and how it is being identified, controlled, and tracked.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Joanne Rapuano Joanne Rapuano

Joanne Rapuano, a member of the firm’s Business Litigation Practice Group and Manufacturing Industry Group, focuses her practice on international trade and federal regulatory compliance matters, including government enforcement. Ms. Rapuano provides clients with advice on how to comply with federal trade regulations…

Joanne Rapuano, a member of the firm’s Business Litigation Practice Group and Manufacturing Industry Group, focuses her practice on international trade and federal regulatory compliance matters, including government enforcement. Ms. Rapuano provides clients with advice on how to comply with federal trade regulations, including Export Administration Regulations and International Traffic in Arms Regulations. Prior to joining Robinson+Cole, she handled trade compliance matters for United Technologies Corporation and Sikorsky Aircraft Corporation, a Lockheed Martin Company. Ms. Rapuano also advises on U.S. import regulations, the Foreign Corrupt Practices Act, Office of Foreign Assets Control matters, antiboycotting rules, corporate compliance programs, business disputes, and trade association activities. She has broad regulatory experience, including advising organizations with compliance challenges, providing legal advice to foreign companies entering the U.S. market, and conducting internal audits and investigations. In addition to her trade compliance experience, Ms. Rapuano has handled complex commercial and employment litigation for corporate clients. Read her full rc.com bio here.