Background
Synapse allows the option of user anonymity. Email addresses are hidden. Completing ones user profile (name, title, organization, bio) is completely optional. However to allow to access certain sensitive data we must have more complete information about the user requesting access. It will be the job of the Synapse Access and Compilance Team to "verify" a user, based on reviewing information beyond that needed to create an account in Synapse. The approach is:
...
Problem
Sage has determined that key data donors will not share data unless that those accessing the data electronically (1) have provided verifiable identity information and (2) are open to the public about who they are. Sage has further determined that valid researchers are willing to meet these terms if the verification process is not unduly burdensome or requires divulging sensitive personal and/or financial information. The process has to introduce an appropriate level of friction to obtaining access to data and be reasonably (if not perfectly) able to differentiate between valid researchers and others.
Currently Synapse allows anonymous account creation. Synapse does support "tier 3" access restrictions which can be used to require would-be data accessors to submit documentation justifying data access to the Synapse Access and Compliance Team (ACT). This mechanism could be used to submit identity verification information. However, since identity verification and openness is a common requirement for many data sets, it would be helpful (both to researchers and the ACT) if each user would only have to do this process once to meet the access requirements for many data sets.
Synapse allows users to complete a user profile but the information may be changed at any time. If identity openness is a requirement for data access we must ensure that it continue (that accounts not be anonymized) while users have access to the donated data.
Approach
We propose the following process for identity verification and openness:
(1) The Synapse user must obtain a pdf copy of either
1. a letter from a signing official at their organization on letterhead;
2. a notarized letter attesting to the person's identity;
3. a copy of a professional license and web address to verify (for example, a photocopy of my genetic counseling license and a link to the Ohio State Medical Board website);
4. some other document agreed to by the researcher and the ACT.
(2) The user must completely fill out their Synapse user profile, including name, organization, location (including country).
(3) The user must create and link to an ORCID account.
(4) The user notifies the ACT that they are ready for review.
(5) An ACT member reviews (a) the uploaded document, (b) the user profile, (c) the ORCID profile, for completeness and consistency. (E.g. the same name, organization and location must be used in all three places.) If deemed acceptable the information (i.e. the pdf, the contents of the user profile and the ORCID ID) is saved for future review. The ACT marks the user as "verified."
(6) Synapse displays some or all of this verification information on the page for the verified user. Thus, even if the user modifies their user profile, their identity openness persists.
(7) When later approving "tier 3" data access requests the ACT checks whether the requesting user has been verified.
Notes
In the proposed approach there's no batching of verification. there's no dashboard to show who is / isn't verified. The information for each user is on a page in Synapse. The work list is the ACT email inbox.
...