Personal Data

What is considered Personal Data?


Personal data (under PDPA) refers to data, whether true or not, about an individual who can be identified (1) from that data; or (2) from that data and other information to which the organisation (or individual) has or is likely to have access.

Individually-Identifiable (under HBRA), in relation to a person's human biological material or health information (HBM/HI), means that the person can be identified (1) from the HBM/HI; or (2) from that HBM/HI and other information to which the person, research institution, tissue bank or other organisation has or is likely to have access. 

Note1: When sharing or publishing the research data, researchers should be aware of the disclosure risks stemming from the release of direct identifiers or indirect identifiers in the datasets.

Note2: Datasets which has been anonymised are still considered personal data if a research team has access to the key/linkages to re-identify the data, unless it has been irreversibly-deidentified.

Direct (unique) identifiers
Indirect (Dataset) identifiers 
​Data, which, on its own, constitutes personal data or data that can explicitly identify individuals.

Note: Researchers are required to remove direct identifiers before any dataset is released unless specific consent has been obtained from the research subjects.

​Dataset that can be used together, or in conjunction with other information, to identify particular individual or a group of individuals. 
  • ​Full name
  • NRIC Number/ FIN Number/ Passport number
  • Personal mobile/ Telephone number
  • Facial image of an individual (e.g. in a photograph or video recording)
  • Voice of an individual (e.g. in a voice recording)
  • Fingerprint/ Iris image
  • Mailing address
  • Email address
  • Driver's license numbers
  • Vehicle identifiers and serial numbers, including license plate numbers
  • Account numbers/ Medical records numbers/ Insurance policy numbers
  • Certificate/ License numbers (e.g. professional licenses)
  • IP / MAC address
  • Device identifiers and serial numbers
  • Any other unique identifying number, characteristic, or code (this does not include the unique code assigned by the investigator to code the data)

  • ​Gender
  • Initials
  • Age / Age range
  • Birth year / Date of birth
  • Nationality
  • Race / Religion / Ethnicity
  • DNA profile
  • Geographical indicators
    •    Postal code
    •    Place of birth
  • Employment information
    •    Occupation
    •    Place of work
    •    Business telephone number
    •    Business mailing or email address
  • Medical information
    •    Weight / Height
    •    Blood group
    •    Rare disease or treatment
  • Financial information
    •    Annual income
  • Education information