Personal Data

What is considered Personal Data?

 

Personal data (under PDPA) refers to data, whether true or not, about an individual who can be identified (1) from that data; or (2) from that data and other information to which the organisation (or individual) has or is likely to have access.

Individually-Identifiable (under HBRA), in relation to a person's human biological material or health information (HBM/HI), means that the person can be identified (1) from the HBM/HI; or (2) from that HBM/HI and other information to which the person, research institution, tissue bank or other organisation has or is likely to have access. 

Note1: When sharing or publishing the research data, researchers should be aware of the disclosure risks stemming from the release of direct identifiers or indirect identifiers in the datasets.

Note2: Datasets which has been anonymised are still considered personal data if a research team has access to the key/linkages to re-identify the data, unless it has been irreversibly-deidentified.

Note3: Personal data collected from research should be classified as "Confidential" under NTU's Data Governance Policy. Refer here for handling requirements of Confidential data. 

 

Examples of Personal Data

Direct (unique) identifiers
Indirect (Dataset) identifiers 
​Data, which, on its own, constitutes personal data or data that can explicitly identify individuals.

Note: Researchers are required to remove direct identifiers before any dataset is released unless specific consent has been obtained from the research subjects.

​Dataset that can be used together, or in conjunction with other information, to identify particular individual or a group of individuals. 
  • ​Full name
  • NRIC Number/ FIN Number/ Passport number
  • Personal mobile/ Telephone number
  • Facial image of an individual (e.g. in a photograph or video recording)
  • Voice of an individual (e.g. in a voice recording)
  • Fingerprint/ Iris image
  • Mailing address
  • Email address
  • Driver's license numbers
  • Vehicle identifiers and serial numbers, including license plate numbers
  • Account numbers/ Medical records numbers/ Insurance policy numbers
  • Certificate/ License numbers (e.g. professional licenses)
  • IP / MAC address
  • Device identifiers and serial numbers
  • Any other unique identifying number, characteristic, or code (this does not include the unique code assigned by the investigator to code the data)

  • ​Gender
  • Initials
  • Age / Age range
  • Birth year / Date of birth
  • Nationality
  • Race / Religion / Ethnicity
  • DNA profile
  • Geographical indicators
    •    Postal code
    •    Place of birth
  • Employment information
    •    Occupation
    •    Place of work
    •    Business telephone number
    •    Business mailing or email address
  • Medical information
    •    Weight / Height
    •    Blood group
    •    Rare disease or treatment
  • Financial information
    •    Annual income
  • Education information