Routines for handling data access requests to data stored with SND CARE

This section describes the workflow for handling data access requests to data shared with restricted access through DORIS, where the principal, being the organization responsible for the data, uses SND CARE for storage and distribution of the data. If the data include personal information, SND acts as the data processor (personuppgiftsbiträde) and handles incoming requests in DORIS on behalf of the principal.

Workflow

A data access request is received by SND (via e-mail to request@snd.se and in DORIS).
SND forwards the request to the e-mail address that the principal has specified as the system address for data access requests in DORIS.
The principal assesses whether the data can be disclosed, following local procedures. SND provides information about the dataset and access to data or documentation files as needed to process the request (contact SND via request@snd.se).
The principal notifies SND by e-mail (to request@snd.se) whether the dataset may be disclosed to the requester or whether the request is denied.

If the request is approved and the data may be disclosed:

SND prepares the files for distribution to the requester and informs them how to download the data.

If the request is denied:

The principal must specify the reason for denial. If the data cannot be disclosed due to secrecy, the principal must state which provision of the Swedish Public Access to Information and Secrecy Act (SFS 2009:400) applies. The principal must also provide details for where the requester can obtain an appealable decision and include any relevant case reference number.
The principal may choose to contact the requester directly rather than through SND. In this case, SND must still be informed that the request was denied and the reason for denial, so that SND can document and close the case in DORIS.
SND documents the information from the principal about the outcome of the assessment (in 4, above) in DORIS.