Skip to Main Content

Research Data Management

What is Sensitive Data

According to the Australian Research Data Commons (ARDC), Sensitive Data are "data that can be used to identify an individual, species, object, process, or location that introduces a risk of discrimination, harm, or unwanted attention. Under law and the research ethics governance of most institutions, sensitive data cannot typically be shared in this form, with few exceptions."

Sensitive data can be information that is protected against unwarranted disclosure. It can include but not limited to personal data, proprietary data and other restricted or confidential Data that should be protected from unauthorised access.


If you are conducting a human research study, in accordance to the University’s guidelines, you are required to apply for an IRB approval. An ethical review by the Institutional Review Board is required for the protection of the rights, safety and welfare of human research subjects.

NUS-IRB: Guidelines for Human Biomedical Research (HBR)

"All human biomedical research conducted in Singapore is governed by the Human Biomedical Research Act (HBRA) 2015, which mandates that any proposed human biomedical research should undergo review and be approved or exempted by an Institutional Review Board (IRB)."

NUS-IRB: Guidelines for Social, Behavioural and Educational Research (SBER)

"All research conducted by NUS staff involving the use of HUMAN subjects, tissues, or personal data must be reviewed and approved by the NUS Institutional Review Board (NUS-IRB) BEFORE they are conducted."

Types of Sensitive Data

Personal Data: Data, whether true or not, about an individual who can be identified from that data; or from that data and other information to which the organisation has or is likely to have access.

Personal data in Singapore is protected under the Personal Data Protection Act 2012 (PDPA). When sharing or publishing your research data, you should be aware of the disclosure risks stemming from the release of direct identifiers or indirect identifiers in your dataset.

Direct Identifiers

Variables containing information that can explicitly identify particular individuals or units. You are recommended to remove direct identifiers before you release your dataset.


  • Name/ Initials
  • Mailing address
  • Phone number
  • Email address
  • Identity card
  • Social Security numbers
  • Biometric data
  • Driver's license numbers
  • Vehicle identifiers
Indirect Identifiers

Variables that can be used together or in conjunction with other information to identify particular individuals or units.


  • Gender
  • Race/ Ethnicity
  • Birth year or age
  • Place of birth
  • Rare disease or treatment
  • Occupation
  • Annual income
  • Postal code

Proprietary Data: Data, including any and all Intellectual Property and any rights thereof (whether registered and/or unregistered), know-how, trade secrets, whether written, oral, pictorial or in other tangible form, which gives competitive advantage to its owner. It may also include data generated or used under a restricted research funding agreement with industry partners.

Sharing Sensitive Information

According to the Publishing Sensitive Data Guide developed by the Australian Research Data Commons (ARDC), researchers should pay attention to the following four important aspects from the beginning of research to share sensitive and confidential data ethically and legally:

  • Including provision for data sharing when gaining informed consent
  • Protecting people's identities by anonymising data where needed
  • Considering controlling access to data
  • Applying an appropriate licence


When and How to Publish and Share Sensitive Data - A Decision Tree

Click here to read the tips and advice provided by the Australian National Data Service (ANDS) for publishing and sharing sensitive information.