ACT Addresses Different Synapse 'Flags' Reported by Users

Synapse has flags that users can select to contact the ACT. This How-to addresses how the ACT responds to these.

Instructions

There are two flags people can select to contact the ACT about a file in Synapse.

Request for ACT to add data restriction

A user selects this if they have created a project and would like the ACT to review the project and add appropriate access restrictions. 

1. These currently go to Amy Truong as Jira issues. She responds to the person asking for more information. Often the person accidentally selected this/was testing the system and the Jira issue is closed. If they do want to have conditions added, Amy asks for access to the project and asks them to complete the data hosting questionnaire.
2. After the questionnaire is returned, If there are questions about the data there is a back and forth email. Amy often brings Christine in to review the content and verify it is fine to add any conditions.
3. Amy/Christine provide guidance around settings (e.g. if the project should remain private) and review any conditions the person would like to add (e.g. citations/acknowledgements/uses)
4. Appropriate conditions are added
5. Any terms of use are added to the ACT Conditions for Use Synapse wiki

 Request for ACT to review data

People are supposed to use this to flag sensitive data as being posted inappropriately. The directions state: By creating this issue, I wish to alert the Synapse Access and Compliance Team that this data is posted inappropriately because...

1. These currently go to Amy Truong. She reviews the Jira issue and responds with questions. Most are not relevant/inappropriate use of the flag: 
   1. Mistake/testing - Amy closes the issue
   2. The person has a non-urgent question - Amy refers them to the discussion board
   3. In both cases Amy just closes the issue
2. If information is relevant and data is inappropriately posted she:
   1. Contacts the Sage person involved in the project
   2. Asks them to review the file/information the user reported
   3. Has a Sage person lock the file/make changes
   4. Contacts Xa to pull a list of everyone who downloaded the file/s in question
   5. Determines who should not have had access to the files
   6. Emails those users asking them to delete the file/s
   7. Documents what happened in the Violations spreadsheet

Related articles

• Page:
  Speeding up final migration by removing counts
• Page:
  Validate Synapse Jira Issues
• Page:
  Configuring Tables to Allow Anonymous "View" Access
• Page:
  Aspera Transfer to EC2
• Page:
  Adding new properties and secrets to Synapse