Researchers should ensure that datasets containing identifiable data should not be shared outside of your study team unless relevant consent had been obtained from your research subjects. This would be a direct infringement of PDPA and HBRA requirements. 

If identifiable research data needs to be disclosed or shared (either to external collaborators or service providers), the following must be adhered to:

1. The file must be password-protected or encrypted.
   
2. Transmission via portable media must be done via password-protected or encrypted portable devices. 
   
3. If the research data is in hardcopy format, it must be sent in sealed envelopes and delivered via secured, tracked and signed courier services. 
   
4. The sensitivity of the data and its handling requirements must be communicated to recipients. Where possible, RCAs (or Service Agreements for external vendors) with NDA clauses should be imposed on external parties.