FAQ Public documents and confidentiality

Below some frequently asked questions regarding public documents and confidentiality are answered. Do not hesitate to contact the Legal Affair's Office if you don't find the answer to your question.

Does your question concern: 

General questions

Disclosure of public documents

Assesment of confidentiality

Public documents and e-mail

Public documents concerning students

Public documents containing personal data

Public documents in research

General Questions

What is a public document?

Any media that include information can be a public document. 'Document' refers to traditional documents as well as photographs, databases, maps, drawings, and audio and video recordings. It is irrelevant whether the document is on paper or in electronic form, e.g. e-mail or information in an IT-system. A document is considered a public document if it has been submitted to, was drawn up by or is in the keeping of a public authority. Umeå University is a public authority.

I have received mail at my home that is related to my work. Is that a public document?

All documents related to your work at the university may be public documents. If you receive mail to your home that contains information related to your work the document is deemed to have been submitted to the university when you receive them. The document must then be handled according to the university's rules and guidelines.


Disclosure of public documents

Does the person requesting a public document have the right to be anonymous?

Yes, the person requesting a public document always has the right to be anonymous. Only if it is need for the assessment of confidentiality you may ask the person requesting the document about their identity.

What are the requirements for a request for access to a public document?

There are no formal requirements on how a request to access a public document should look like. It is enough that the request is precise enough for the university to identify the actual document. The person requesting access doesn't need to know exact information such has title or casenumber. If the request is unclear you can ask the person requesting the document to be more precise.

Do I need to disclose public documents promptly?

Yes, a request for access to public documents must be delt with promptly. It is only if the material that must be processed before being disclosed is extensive that the processing may be prolonged, and never more than a few days.

How do I disclose a public document?

The requesting party may access the public document on site at the university or may acquire a copy of the document. Copies should normally be distributed on paper, not electronically. The university shall charge a fee for copies of public documents that are more extensive than 9 pages.

Do I have to reply in writing to a request for access to a public document?

How a request for access to public documents should be replied to must be determined by the circumstances, among other things how the request was made. A request made by telephone about simple public information should be possible to answer during the conversation.

Is the person accessing a public document on site allowed to take a photo of the document?

Yes, the requesting party may take a photo of the document, for example with their phone.

What do I need to consider when large amounts of public documents are requested?

There are advice on how to act when large amounts of public documents are requested or if the request is frequent. If the requested documents contain personal data you also need to consider the regulatory framework on processing personal data. Read more in the FAQ on personal data (only in Swedish).

Do I have to disclose all documents in a case or a project?

You only need to disclose the documents that are requested and only if they are public and are not covered by confidentiality. If you are uncertain as to what documents are requested you can contact the requesting party and ask them to clarify.

Also you are not required to create a new document with the information that is requested. An exception from this is that compilation of information that can be easily extracted from IT-systems using routine methods must be drawn up and disclosed. That means that the information can be compiled without any notable effort or cost.

Assessment of confidentiality

When do I need to perform an assessment of confidentiality?

An assessment of confidentiality must be done on every occasion when a public document is requested. You cannot refer to previous assessments saying that the information is covered by confidentiality.

Please contact the Legal Affairs Office if you need advice on matters concerning confidentiality.

How do I perform an assessment of confidentiality?

You need to start with identifying if the information is covered by one of the articles in the Swedish Act on Access to Public Documents and Secrecy. The assessment is made based on the requirements set out in the article. As a rule, you must assess whether any natural or legal person suffers damage or harm (psychologically, physically or economically) in the manner described in the paragraph if the information is disclosed. There is a timelimit to confidentiality which is stated in the article. When the information is older than what is stated the confidentiality does not apply.

Read more on the pages on confidentiality and professional secrecy.

The confidentiality may be strong or weak. Strong confidentiality means that the information is confidential unless it is apparent that the information can be disclosed without the person suffering damage or harm. Weak confidentiality means that the information can only be classified if there is reason to believe that the person may suffer damage or harm. Due to this you need to make an assement if damage or harm may occur as described in the article. There are also articles that allows classified information to be disclosed in certain situations.

In a few cases the confidentiality is absolute. This means that the information may never be disclosed. In such cases you do not need to asses if anyone may suffer damage or harm from diclosure.

Step by step assement of confidentiality

1. Is the information classified according to any article in the act on public documents and confidentiality?
If there is no rule on confidentiality the information must be disclosed.

2. If the information is classified is there any other article that allows the information to be disclosed in the specific situation?
You must determine if there is any exceptions to the confidentiality that apply, such as consent from the person that the information considers or disclosure to certain public authorities. If there are no such exception you might need to request more information from therequesting party to make a full assessment of confidentiality. To help you with the assessment you may ask two questions:

  • Who is requesting the information?
  • What is the information going to be used for?

Note that these questions may only be asked as an exception when needed for the assessment of confidentiality.

3. If the document as a whole is classified you may not disclose it. If only part of the document is calssified you need to erase those parts before disclosure.

Erasing can for example be made through printing the document and thereafter marking the classified information with black colour so the information cannot be read.

4. Inform the requesting party that they have the right to a formal refusal decision.

You must inform the requesting party about your assessment and the reason why the information is not disclosed. You must also inform the requesting party that they are entitled to a formal decision that can be appealed to the Administrative Court of Appeal.

5. If a formal decision is requested it must be taken according to the university's rule of decision making and delegation procedure.



Public documents and e-mail

Am I allowed to send public documents by e-mail?

The main rule at Umeå University is that copies of public documents are disclosed on paper only. If the document contains personal data the disclosure must always be made on paper unless special circumstances apply, for example when the requesting party is a researcher at another institution of higher education that will use the information for research purposes.

If the documents are sent electronically, you must ensure that the transmission can be made with sufficient security and that they are received by the correct recipient.

Do I have to disclose my e-mail inbox?

Incoming and dispatched e-mails to and from senders or recipients outside of the university are commonly considered public documents and must be disclosed after an assessment of confidentiality if requested. Internal e-mails on the other hand are not considered public documents unless they are part of a closed case. Neither are private e-mails that are sent to your umu e-mail address considered public documents. However, it is recommended not to use the unversity's e-mailsystem for private messages.

Do I have to disclose my e-mail log?

E-mail logs and so called cookies (files that contain information on what websites you have visited) are considered public documents.


Public documents concerning students

Do I have to disclose a list of all students at a specific course or programme?

Yes, who has been admitted to, studies or has studied at a course or programme is considered public information. You are adviced to ensure that you do not disclose more information than requested. If for example only name and e-mail address has been requested you should refrain from also disclosing the student's social security number or address even if this information is also considered public information. Read more in the FAQ on personal data (only in Swedish).


Public documents containing personal data

Can social security numbers (personnummer) be disclosed?

Social security numbers can normally be disclosed if there is no rule of confidentiality that apply. If a request for personal data is extensive an assessment according to the rules on personal data processing must be performed. Read more in the FAQ on personal data (only in Swedish).

Public documents in research

Can I bring research data and other documents to my new workplace when I change employer?

Research data are public documents. The original data may not be removed from Umeå University and brought to your new employer. You can request a copy of the documents. In such cases an assessment of confidentiality is always made before disclosure. Remember that you may not perform the assessment of confidentiality for documents that you have requested yourself. In most cases there are rules of exception from confidentiality when information is requested for research purposes.

If you are employed as a teacher at the university you own the right to result that arise from your performance of your work obligations according to the teachers exemption. One copy of the result must be archived at the university.

The journal where I wish to publish my research require me to disclose the data that my publication is based on. Am I allowed to disclose the data to the journal?

Before you disclose your data to the journal or a repository you need to asses whether any of the information is covered by confidentiality or consists of personal data. If you assess that the data is covered by confidentiality it may not be disclosed to the journal or repository. Read more on the pages about disclosing public documents and confidentiality and professional secrecy.

How do I access public documents from other public authorities for my research?

Contact the public authority, region or similar that have the documents that you are interested in. The request must be done as a representative of the university. If you request the information as a representative of the university it is often possible to receive the information as a whole with the same protection of confidentiality as at the disclosing authority, so called transferred confidentiality. The disclosing authority usually do not charge any fee when disclosing the information to the university.

If you are employed at both Umeå university and the disclosing authority (i.e. Region Västerbotten) you are not allowed to handle disclosure of public documents both as a requesting party and as a representative of the disclosing authority.

Also remember that private e-mail servers do not have the same level of security as the university's system and that e-mailing to a private e-mail address may be considered breach of the professional secrecy which is why you must make requests of public documents needed for your work from your umu.se e-mail address.

Contact information

Contact the Legal Affairs Office on 

Elisabeth Mach