This has not yet been a big problem at the University of Rochester, but it could become major problem. Consider the following hypothetical situation: a person is working on a project for company A (e.g., a manufacturer of film) and another person is working for company B (e.g., a manufacturer of copiers). Company A and B have a great deal of overlapping interest. Suppose the first person fails to protect his files that contain proprietary information from a project for company A, the other person looks at this data, realizes it is very useful and will save company B and his project for them an enormous amount of time and money, and he sends that data to his project lead at company B. Could the person working for company A be in trouble? Possibly. Could the person working for company B be in trouble? Possibly. Will company A be hesitant to have researchers still at the university? Probably.
While not exactly a trade secret or proprietary information, transmitting certain types of software (generally encryption engines) outside of the U.S. (and possibly importing certain types of software) constitutes a violation of the Federal ITAR regulations. The previously mentioned software for generating digital signatures and encrypting files ( PGP) is an example of this. PGP is considered a munition by the Federal government. Transmitting PGP outside of the U.S. is the equivalent of trading arms to a foreign government or organization without a license. Likewise, it is illegal to give PGP to anyone who is not a U.S. citizen (Foreign nationals working or studying in the U.S. with a visa may use PGP). Failure to observe these regulations can make your life quite miserable.