Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Version

Summary

09/01/2022

Added canned email response for Synapse compliance with GDPR

12/28/2021

Updated format to align with policy version tables

12/15/2021

Current version. Added version tracking table.

05/21/12021

Updated

...

Table of Contents

Table of Contents
minLevel1
maxLevel7

...

Tips

  • When replying over emails to issues generated via a Jira ticket, we recommend including the ticket ID (ex: SG-1234) in the email subject so that it’s easy to connect the email thread with the ticket later on. 

  • CC act@sagebionetworks.org on all email correspondence for continuity in case you are out of office and cannot reply to an email.

  • As canned responses get updated, move the original question (row) to the ARCHIVE tab so that we can retain original Q&A.

Canned Emails

Synapse violation 

Hello,

I am reaching out to you on behalf of the Synapse Access and Compliance Team (ACT) regarding the violation you reported. You flagged data on this Synapse page [Link Page] as a violation of the Synapse Terms and Conditions of Use. 

...

We appreciate your dedication to maintaining Synapse's security and compliance.

Thank you,

YOUR NAME, on behalf of the Synapse Access and Compliance Team

YOUR SIGNATURE BLOCK

Request for ACT to add data restriction

Hello,

Thank you for requesting that Conditions for Use be added to the Synapse project: [insert synID/project link]. A temporary lock has been placed on your project so that sensitive data cannot be downloaded by Synapse users.

Can you please provide some information about the data and how you would like data access to be restricted?

Thank you,

YOUR NAME, on behalf of the Synapse Access and Compliance Team

YOUR SIGNATURE BLOCK

Follow-up on a JIRA issue that hasn’t gotten a response (2nd email)

Hello,

I am following up on my previous email about [INSERT REASON; e.g., ‘your request for the addition of data restrictions to content on Synapse’]. If we do not hear from you by [DATE 5-7 days in the future] we will close the issue in our system.

Regards,

YOUR NAME, on behalf of the Synapse Access and Compliance Team

YOUR SIGNATURE BLOCK

Synapse Compliance with GDPR 

Hello,

Thank you for this question. 

Synapse supports compliance with applicable laws and regulations in a shared responsibility model.

Synapse is a data platform hosted on the AWS cloud. When acting as a Data Processor under GDPR, Sage is responsible for securing the data and establishing the appropriate data use governance mechanisms. A combination of technical and organizational security measures, policies, and governance processes are in place to protect the data. Data contributors, acting as Controllers under GDPR, are responsible for the personal data they provide to Synapse.

Synapse's privacy policy describes how we handle personal information on Synapse. Sage's DPO manages and oversees this and other policies that govern platform use and agreements that govern data access.

For more specific information regarding your use case, you can write to us at act@sagebase.org. Our Access and Compliance Team works with contributors to ensure the appropriate data governance structure is in place and in accordance with relevant regulatory frameworks.

Regards,

On behalf of the DPO and Synapse Access & Compliance Team