Data Protection

How to Protect Your Data while Traveling Internationally

A number of programs take place through collaborations with different individuals, institutions, and agencies located in different geographical locations around the world.  Oftentimes, these programs will involve international travel where data will either have to be carried to, or accessed from, different parts of the world.

The programs will involve a mix of data collection, analysis, dissemination, and storage. 

It is therefore important to:

• Know how to protect the data and the devices carrying the data from unauthorized access
• Be aware of the various legislations around data collection and storage in the various countries around the world.

Know how to protect your data and devices

The guidance here aims to protect your devices and data from the many potential risks that you may face while traveling. 

Be aware that in some countries, your devices and communication networks may be monitored.

• Before commencing your travel, back up all the information that you are carrying on your device
• If possible, carry only the data required for the program while on travel
• Avoid using public Wi-Fi spots and charging stations, such as in airports and hotels, as network and data security cannot be guaranteed.
• Use strong passwords for your devices and for applications
• Do not log in to web-based systems using public computers or other people’s devices
• Be sure you have Multi-Factor Authentication enabled
• Use VPN access for a secure internet connection when accessing sensitive websites and information systems

After traveling, it is recommended to update passwords and run antivirus and anti-malware scans.

It is recommended that you Contact CITS when back from travel to do a comprehensive check and cleanup of the machine

Be aware of data protection legislations internationally

The primary aim of the legislation around data is to ensure the privacy and security of personal data, which is collected in various programs and activities. 

Important regulations to know for traveling students, faculty, staff, and researchers are the following:

1. The European Union’s General Data Protection Regulations (GDPR-EU) - Governs the use of personally identifiable information obtained in the EEA (European Economic Area - the EU and certain other member countries). The GDPR provides legal rights to people who are in the EEA when their personal data is collected and processed.

2. Health Information Portability and Accountability Act (HIPAA). It establishes standards for protecting and securing Personal Health Information (PHI). 

   HIPAA gives guidance on:

   • Limiting the permissible uses and disclosure of PHI without authorization
   • Giving individuals the right to see and receive copies of their medical and other health records 

Other data protection regulations include:

• NSPM-33 - National Security Presidential Memorandum
• NSPM-33 directs action to strengthen protections of United States Government-supported Research and Development (R&D) against foreign government interference and exploitation.

• Section 889
• Section 889 seeks to mitigate the risks of increased privacy, security, and espionage from using telecommunications equipment and services provided by certain companies by prohibiting the purchase and use of such equipment.

Global Snapshots: Examples of Data Protection Regulations by Country

Data Protection in Costa Rica

Data Protection in Malawi

Data Protection in Zambia

Please contact globalhub@umaryland.edu to find out more about how you may safely access your data. (Especially in sanctioned country)