Some data in Synapse contains sensitive information that could potentially harm individuals or groups if misused. In Synapse, this type of data is called controlled access data, and it requires additional protection for who can access it and how it can be used. This additional protection is called conditions for use, which is a set of expectations or requirements that are applied to a dataset.
Conditions for use typically are structured to comply with the terms under which the data were collected or with other human subjects regulations. For example, human ‘-omic’ data may have conditions for use imposed by informed consent requirements, legal contracts, or other privacy requirements. It is also appropriate to add conditions for use to data collected from “vulnerable” populations and to data that could potentially harm individuals or groups if misused. If you have any questions about whether conditions for use should be applied to your data, please contact our Access and Compliance Team (ACT).
You are responsible for determining if the data you would like to contribute is controlled data and therefore requires conditions for use. Carefully consider the specific risks and appropriate protections required before sharing your data on Synapse. If there are no ethical, legal or regulatory reasons to impose conditions for use, the data can be used for any lawful research purpose. We ask that data submitted to Synapse be de-identified or pseudonymized according to local law and regulations (for example, HIPAA or GDPR). Guidance on de-identification according to HIPAA rules can be found here.
Important: Synapse users are responsible for determining the appropriate conditions for use for any data they upload into Synapse. We ask that data submitted to Synapse be de-identified or pseudonymized according to local law and regulations (for example, HIPAA or GDPR).
Conditions for use can be set at the project, folder, file and table level. We recommend grouping files that require the same conditions for use in a dedicated folder within your project. It is important to note that conditions for use cannot be set for Synapse wikis or discussion forums: they are not designed to house data and therefore do not have conditions for use as a feature.
Examples of Conditions for Use
Conditions for use vary broadly. Some examples include:
Specification of what type of research or analysis can be conducted on the data, for example, a data set may only be able to be used for breast cancer research
Specification of who can conduct research with the data set, for example, only researchers at non-profit institutions can use the data for research
Requirement that the data user submit an Intended Data Use statement, Data Use Certificate, or IRB Approval Letter prior to accessing the data.
How to Add Conditions for Use
To upload any data to Synapse, you must become a certified user first. Once you complete the steps to becoming certified, you can upload your data and add conditions for use to limit how your data will be used by others. If you would like to set conditions for use for an entire project, please contact the Synapse Access and Compliance Team (ACT) directly for assistance.
By default, content within a folder or project inherits the conditions for use of the parent folder or project. As with sharing settings, you can set local conditions for use for individual folders, files and tables, but unlike sharing settings, you can only add to the existing parent project/folder’s conditions for use. In other words, all content within a folder or project has, at a minimum, the conditions for use of its parent folder or project, and may have additional local conditions for use as needed. You cannot create a folder, file, or table that has fewer conditions for use than its parent or that has conditions for use that conflict with that of the parent.
To set conditions for use for folders, files, and tables in Synapse, navigate to the item and click the Add Conditions for Use link.
The resulting pop-up window will ask you if the data is sensitive human data that must be protected. If you answer yes, the ACT will reach out to you to assist in setting the appropriate conditions for use. If you answer no, but still feel that your data requires conditions for use, contact the ACT to discuss your needs (firstname.lastname@example.org). Note that once you click the Add Conditions for Use button, your data will no longer be accessible to others until conditions for use have been established with the ACT.
How to Access Data with Conditions for Use
To access data with conditions for use (controlled access data), you must be a registered or certified user, and you must fulfill the conditions for use set by the data contributor. Navigate to the file, folder, or table, then look for the yellow access symbol. Click Request Access to open a dialog box with directions to meet the conditions for use. In many cases, you must read and electronically agree to data-specific terms. Occasionally, access to controlled data requires additional steps, like having your analysis plan approved by an ethics board or IRB.
Warning: Controlled access data may not be redistributed or shared. All users must individually agree to the conditions for use before accessing this type of data. Do not send controlled access data or metadata via email.
Flagging Inappropriate Data Use
If you believe data in Synapse is being shared inconsistently with the associated conditions for use, use the Report Violation flag in the header of the relevant file, folder, or table.
Flagging the data will alert the Access and Compliance Team, and we will contact you for more information. You may also email the Access and Compliance Team at email@example.com directly to report possible incidents.