What is considered Personal Data?
Personal data (under PDPA) refers to data, whether true or not, about an individual who can be identified (1) from that data; or (2) from that data and other information to which the organisation (or individual) has or is likely to have access.
Individually-Identifiable (under HBRA), in relation to a person's human biological material or health information (HBM/HI), means that the person can be identified (1) from the HBM/HI; or (2) from that HBM/HI and other information to which the person, research institution, tissue bank or other organisation has or is likely to have access.
Note1: When sharing or publishing the research data, researchers should be aware of the disclosure risks stemming from the release of direct identifiers or indirect identifiers in the datasets.
Note2: Datasets which has been anonymised are still considered personal data if a research team has access to the key/linkages to re-identify the data, unless it has been irreversibly-deidentified.
Note3: Personal data collected from research should be classified as "Confidential" under NTU's Data Governance Policy. Refer here for handling requirements of Confidential data.
Examples of Personal Data
|Direct (unique) identifiers||Indirect (Dataset) identifiers |
|Data, which, on its own, constitutes personal data or data that can explicitly identify individuals.|
Note: Researchers are required to remove direct identifiers before any dataset is released unless specific consent has been obtained from the research subjects.
|Dataset that can be used together, or in conjunction with other information, to identify particular individual or a group of individuals. |