SD Connect Service Description - Services for Research

Public Detailed service description

Sensitive Data (SD) Connect is a service for collecting and storing sensitive research data during the active phase of a research project. The service allows you to store sensitive research data in the CSC’s cloud storage solution Allas. Data is stored at CSC’s facilities in Finland. SD Connect provides automated encryption, decryption and key management via web browser (for files up to 100 GB) or command line tools. The encryption is done with a strong public-key encryption algorithm and CSC project specific encryption keys. Data in SD Connect can be analysed in the secure virtual computing environment, SD Desktop. SD Connect can serve as a workspace for collaborative research projects, facilitating data collection and sharing. SD Connect, as is, is not suited nor accredited for the secondary use of health and social data, but a restricted version of the SD Desktop service is provided for this purpose.

Users have the option to add their own encryption key pair for encrypting data stored in SD Connect.

Certifications

None.

User content including personal data in the Service

SD Connect is suitable for academic and research use according to CSC General Terms of Use and Policies.

This service is designed to process special categories of personal data. Users must assess whether the service is suitable for their intended purpose. If needed, they may consult their home organization’s data protection officer, legal advisor, or IT security specialist, using the documentation provided below to support their evaluation. Data controllers and their representatives are responsible for ensuring full compliance with European and national data protection regulations. If personal or sensitive data is transferred outside the European Economic Area (EEA), users must ensure a valid legal basis and full compliance with applicable data protection laws.

When users create a CSC project in the MYCSC portal and indicate that personal or sensitive personal data will be processed, they are required to:

review and accept CSC’s Personal Data Processing Agreement (DPA)
accept CSC’s Terms of Use

Additionally, users must complete the Description of processing activity form which captures essential details, including types of data processed, purpose and method of processing, security measures in place, identity of the data controller. This documentation is linked to the CSC project and guides CSC in fulfilling its role as a data processor. Users can update the form later if needed. See here for more information on Technical and Organizational Measures (TOMs) for protection of sensitive data in CSC SD Services.

The Service do not assert ownership or any intellectual property rights to users or customers organizations’ content in the services.

Client’s responsibilities

Users must comply with all applicable CSC’s Terms of Use when using the Service.

The client is responsible for:

Verifying data integrity upon data uploads and downloads from SD Connect, applying additional protections such as pseudonymisation of sensitive personal data
Data management
Command Line tools installation and updates
Handling backups independently, as the SD Connect service does not include backup functionality.
Ensuring information security, including managing and reviewing CSC project members and controlling their access to the secure environment.
Ensuring compliance with all applicable laws and regulations for content processed in SD Connect service
Providing accurate and up to date information in the MyCSC portal

Service producer’s responsibilities

The service producer ensures that the service is available to customers as described in the service description.

The service producer is responsible for producing and developing the Service.

Service producer

CSC – IT Center for Science Ltd.

Service provider