How should researchers handle and store personal data?
Researchers are reminded of your duty to protect and maintain the confidentiality of personal data, and to adhere to NTU"s SOP for handling and protecting of personal data. This includes the below:
- Anonymise datasets
Minimise working on datasets containing identifiers. Coding of individuals should be used on data files undergoing analysis. The master file containing the identifiers and data linkages should be separated from other data files. [Refer to: Ways to anonymise data.]
- Password protection/ Encryption
Files and documents containing direct identifiers, including master files containing linkages, should be password protected or encrypted.
- Access controls
To protect files containing personal data against unauthorised access, access controls to folders should be set up, and access should be limited only to the team members working on the study. Hardcopy documents should be stored in locked cabinets within access-controlled rooms or offices.
[Note: Confidential documents containing identifiers should not be stored on any non-NTU cloud servers.]
The above are in line with guidance from PDPC.