Navigated to

Secrecy for research data

Research data can be classified as secret. Secrecy means that you may not release or in other way reveal information that is classified as secret. You have a duty of professional secrecy if in your work you are given access to information covered by secrecy.


Conduct a secrecy examination

You must always conduct a secrecy examination before sharing research data to assess whether there is information that is classified as secret and whether it is possible to disclose the information. When you share research data, for example with collaborators in a research project or in a repository, it means that you are releasing the information.

What is a secrecy examination?

A secrecy examination is the review that you are required to conduct to decide whether the person or thing that the secrecy is intended to protect could suffer harm or injury if the information is disclosed. In ongoing projects, the principle investigator is normally responsible for conducting the secrecy examination. For completed projects, it may instead be the person responsible for releasing archived documents that is responsible for conducting the secrecy examination, for example the department’s archive coordinator. As the principal investigator, you may need to assist with secrecy examination of archived data, if possible.

More information about secrecy and professional duty of secrecy is available on Aktum (UMU ID required)

Template for documented secrecy examination

When you are going to disclose research data that include information classified (as secret as per Section 7 of the Public Access to Information and Secrecy Ordinance (OSF) or Chapter 24, Section 8 of the Public Access to Information and Secrecy Act (OSL)) to a recipient at a Swedish authority for research purposes, you can use the simplified template to document your secrecy examination. For example, disclosure may take place in the context of a research collaboration or because the recipient wants to reuse research data in new research.

Template for simplified secrecy examination when disclosing research data to another Swedish authority (Mall för förenklad sekretessprövning vid utlämnande av forskningsdata till annan svensk myndighet)

The document is available in Swedish only. If you need an English translation of this document, please notify the legal officers at universitetsjurist@umu.se.

User instructions for the template

Research projects: Indicate the UMU research project from which the research data is being released.

Data to be disclosed include: Tick the relevant type of secrecy. The first option is for research data that is classified as secret as per Section 7 of the OSF. Also indicate here which type of study the current research project falls under, as the provision only applies to research that falls within one of these. The second option is for research data which is classified as secret as per Chapter 24, Section 8 of the Public Access to Information and Secrecy Act. This secrecy classification is typically transferred to Umeå University once we have received the information. A research project can have research data that are covered by secrecy as per both provisions.

Secrecy examinations – conditions: Please contact the central research data support team if all of the listed conditions are not met.

Secrecy examinations – Personal data protection test: tick the measures taken to reduce the risk of harm to the individual. If you are unsure about how to assess the measures in a particular situation, contact the central research data support team.

 

If the data you are going to disclose is covered by other secrecy provisions or if the recipient is not a Swedish authority, you should contact the central research data support team for assistance with the secrecy examination.

What is classified as secret?

For information to be classified as secret, the Public Access to Information and Secrecy Act must support such a designation (2009:400). This means that the information you provide to research subjects must not promise confidentiality or anonymity. You must be honest about what applies. Instead, explain that research data is protected from unauthorised access, thereby creating trust in how the University manages information.

Secrecy when collaborating with companies

If you collaborate with a company in your research, information about the company’s operations, inventions and research results that you may be privy to may be classified as secret. Information may also be considered secret due to intellectual property protection, for example before a patent application is filed.

Non-disclosure agreements

Even though secrecy protection may exist for information that a company provides to the University, the University can never guarantee complete secrecy in an agreement.

Any non-disclosure agreements (NDA) must be signed with the University as a party, not by you as an individual researcher. Contact the University's Legal Affairs Office if you are collaborating with or intend to collaborate with a company that wishes to have an agreement that contains non-disclosure provisions.

Non-disclosure provisions in an agreement can, in addition to violating the principle of public access to information, also mean that you as a researcher waive your right to publish the results, which is why the Legal Affairs Office should always review these agreements.

Read more about research collaboration agreements

Secrecy for personal data in certain research studies

Research data related to an individual’s personal circumstances and that can be attributed to the individual and that arise in certain research projects are classified as secret at Umeå University as per Section 7 of the Public Access to Information and Secrecy Ordinance (OSF). The provision does not cover information about the financial circumstances of an individual. The research studies covered by the provision are:

  • environmental medicine studies;
  • social medicine studies;
  • psychiatric studies;
  • other medical studies;
  • surveys on student backgrounds and on their post-degree choices;
  • sociological studies;
  • psychological studies;
  • education science studies;
  • behavioural science studies; and
  • social science studies.

Research data in these studies may be disclosed if the data are pseudonymised or the data are disclosed for other research if it is clear that the data can be disclosed without causing harm to the individual or anyone close to the individual.

Use the secrecy examination template if you intend to share or otherwise disclose research data that is classified as secret as per Section 7 of the OSF to another Swedish higher education institution for research purposes.

In other cases, contact the central research data support team.

Transferred secrecy

Transferred secrecy means that the information is subject to the same secrecy as applies to the source authority.

For research data from statistical registries, such as from Statistics Sweden or the National Board of Health and Welfare, which contain information about the financial circumstances of individuals or which are not part of research as per Section 7 of the Public Access to Information and Secrecy Ordinance, secrecy as per Chapter 24, Section 8 of the Public Access to Information and Secrecy Act, secrecy can instead be transferred to the University from the disclosing authority. Transfer of secrecy as per Chapter 11, Section 3 of the Public Access to Information and Secrecy Act is to be used for research purposes.

Use the simplified secrecy examination template if you intend to share or otherwise disclose research data that is classified as secret as per Chapter 24, Section 8 of the Public Access to Information and Secrecy Act to another Swedish higher education institution for research purposes.

In other cases, contact the central research data support team.

GDPR secrecy

According to Chapter 21, Section 7 of the Public Access to Information and Secrecy Act, official documents containing personal data are classified as secret if, after disclosure, it can be assumed that the recipient will process the personal data in violation of the GDPR, the Swedish Data Protection Act or Section 6 of the Ethical Review Act.

Reviewing whether the personal data may be processed in violation of Section 6 of the Ethical Review Act is only relevant if the document contains sensitive personal data or personal data about violations of the law and is to be used for research.

If you are going to disclose research data containing sensitive personal data or personal data about violations of the law to a recipient who will conduct research, the recipient must have ethical approval, unless the data is classified as secret and therefore cannot be disclosed.

Sharing research data classified as secret

Read more about the situations in which you can share research data that is classified as secret with collaboration partners on the pages about sharing research data in collaborations.

Read more about sharing data classified as secret in a collaboration

Research data in ethically approved research

If you are sharing research data in an ethically approved research project, the recipient must have ethical approval to access the data. If the recipient does not have ethical approval, the information is classified as secret vis-à-vis the recipient.

Read more about sharing research data in ethically approved research

Use secure systems to send research data

If you conclude that research data may be disclosed, the transfer must occur using systems that are approved for the information’s level of protection. For example, you can use the Skyddad bilaga (protected attachment) service to send encrypted files.

Visit Aktum for more information about Skyddad bilaga (protected attachment) (UMU ID required)

You may not publish data classified as secret

Research data with information classified as secret can never be published openly in a repository. However, it is possible to share descriptions (metadata) of research data archived at Umeå University.

Read more about making data accessible

Breach of professional secrecy is punishable

Professional secrecy means that it is a criminal offense to disclose information classified as secret to a third-party, regardless of whether this is done verbally, through the release of an official document or in some other way. If you breach professional secrecy, you could face disciplinary measures or be reported to the police. Professional secrecy applies to employees of the University, but also to others who participate in the University’s organisations on other yet similar basis and are under the University’s management, for example certain consultants and individuals on placement. You are bound by a professional duty of secrecy even after you have left your job or assignment.

More information on professional duty of secrecy and your responsibilities as a researcher

Do you have questions about research data?

The University has a cross-functional team that supports you with research data issues in areas such as archiving, legal affairs, IT support, open data, and information security. You can contact the research data support team using the following form:

Contact the research data support team if you have questions

Latest update: 2025-06-05

Read more about secrecy and professional duty of secrecy

Illustration, two hands writing on a keyboard and a screen showing an unlocked lock.

Sharing information classified as secret

How to share research data with information classified as secret.

Illustration, an agreement and a book

Sharing data in ethically approved research

Collaborations and sharing research data in ethically approved research.

Illustration: a hand holding a rubber in front of a chart.

Good research practice

What is good research practice? Which codes of ethics and legislation apply?