- You should take all reasonable steps to ensure the personal information you hold is complete, accurate and not misleading as to any matter of fact.
- You should take all reasonable steps to keep the personal information updated, although this will depend on what you are using it for.
- If you discover that personal information is incorrect or misleading, you must take reasonable steps to correct or erase it as soon as possible.
- You must carefully consider any challenges to the completeness, accuracy, not misleading and currency of personal information.
☐ We ensure the completeness, accuracy, not misleading and currency of any personal information we create.
☐ We ensure appropriate internal controls are established to maintain the completeness, accuracy, reliability (not misleading) and currency of any personal information we process.
☐ We have appropriate processes (e.g. internal audit) in place to check the completeness, accuracy, reliability and currency of the information we collect, and we record the source of that information.
☐ We have a process in place to identify when we need to keep the information updated to properly fulfil our purpose, and we update it as necessary.
☐ If we need to keep a record of a mistake, we clearly identify it as a mistake.
☐ Our records clearly identify any matters of opinion, and where appropriate whose opinion it is and any relevant changes to the underlying facts.
☐ We comply with the individual’s right to rectification and carefully consider any challenges to the completeness, accuracy and currency of the personal information.
☐ As a matter of good practice, we keep a note of any challenges to the completeness, accuracy and currency of the personal information.
- What is the information quality condition?
- When is personal information ‘accurate’ or ‘inaccurate’?
- What about records of mistakes?
- What about accuracy of opinions?
- Does personal data always have to be up to date?
- What steps do we need to take to ensure accuracy?
- What should we do if an individual challenges the accuracy of their personal data?
Section 16 says:
“1. A responsible party must take reasonably practicable steps to ensure that the personal information is complete, accurate, not misleading and updated where necessary.
In practice, this means that you must:
- take reasonable steps to ensure the completeness and accuracy of any personal information;
- ensure that the source and status of personal information is clear;
- carefully consider any challenges to the completeness and accuracy of information; and
- consider whether it is necessary to periodically update the information.
You must always be clear about what you intend the record of the personal information to show. What you use it for may affect whether it is accurate or not. For example, just because personal information has changed doesn’t mean that a historical record is inaccurate – but you must be clear that it is a historical record.
If an data subject moves house from City A to City B, a record saying that they currently live in City A will obviously be inaccurate. However, a record saying that the data subject once lived in City A remains accurate, even though they no longer live there.
There is often confusion about whether it is appropriate to keep records of things that happened which should not have happened. Data subjects understandably do not want their records to be tarnished by, for example, a penalty or other charge that was later cancelled or refunded.
However, you may legitimately need your records to accurately reflect the order of events – in this example, that a charge was imposed, but later cancelled or refunded. Keeping a record of the mistake and its correction might also be in the data subject’s best interests.
A misdiagnosis of a medical condition continues to be held as part of a patient’s medical records even after the diagnosis is corrected, because it is relevant for the purpose of explaining treatment given to the patient, or for other health problems.
It is acceptable to keep records of mistakes, provided those records are not misleading about the facts. You may need to add a note to make clear that a mistake was made.
A data subject finds that, because of an error, their account with their existing energy supplier has been closed and an account opened with a new supplier. Understandably aggrieved, they believe the original account should be reinstated and no record kept of the unauthorised transfer. Although this reaction is understandable, if their existing supplier did close their account, and another supplier opened a new account, then records reflecting what actually happened will be accurate. In such cases it makes sense to ensure that the record clearly shows that an error occurred.
A data subject is dismissed for alleged misconduct. An employment tribunal finds that the dismissal was unfair and the individual is reinstated. The data subject demands that the employer deletes all references to misconduct. However, the record of the dismissal is accurate. The Tribunal’s decision was that the employee should not have been dismissed on those grounds. The employer should ensure its records reflect this.
A record of an opinion is not necessarily inaccurate personal information just because the data subject disagrees with it, or it is later proved to be wrong. Opinions are, by their very nature, subjective and not intended to record matters of fact.
However, in order to be accurate, your records must make clear that it is an opinion, and, where appropriate, whose opinion it is. If it becomes clear that an opinion was based on inaccurate information, you should also record this fact in order to ensure your records are not misleading.
An area of particular sensitivity is medical opinion, where doctors routinely record their opinions about possible diagnoses. It is often impossible to conclude with certainty, perhaps until time has passed or tests have been done, whether a patient is suffering from a particular condition. An initial diagnosis (which is an informed opinion) may prove to be incorrect after more extensive examination or further tests. However, if the patient’s records reflect the doctor’s diagnosis at the time, the records are not inaccurate, because they accurately reflect that doctor’s opinion at a particular time. Moreover, the record of the doctor’s initial diagnosis may help those treating the patient later, and in data protection terms is required in order to comply with the ‘adequacy’ element of the data minimisation principle.
If a data subject challenges the accuracy of an opinion, it is good practice to add a note recording the challenge and the reasons behind it.
How much weight is actually placed on an opinion is likely to depend on the experience and reliability of the person whose opinion it is, and what they base their opinion on. An opinion formed during a brief meeting will probably be given less weight than one derived from considerable dealings with the data subject. However, this is not really an issue of accuracy. Instead, you need to consider whether the personal information is “adequate” for your purposes, in line with the data minimisation condition.
Note that some records that may appear to be opinions do not contain an opinion at all. For example, many financial institutions use credit scores to help them decide whether to provide credit. A credit score is a number that summarises the historical credit information on a credit report and provides a numerical predictor of the risk involved in granting a data subject credit. Credit scores are based on a statistical analysis of data subjects’ personal information, rather than on a subjective opinion about their creditworthiness. However, you must ensure the accuracy (and adequacy) of the underlying information.
This depends on what you use the information for. If you use the information for a purpose that relies on it remaining current, you should keep it up to date. For example, you should update your employee payroll records when there is a pay rise. Similarly, you should update your records for customers’ changes of address so that goods are delivered to the correct location.
In other cases, it will be equally obvious that you do not need to update information.
A data subject places a one-off order with an organisation. The organisation will probably have good reason to retain a record of the order for a certain period for accounting reasons and because of possible complaints. However, this does not mean that it has to regularly check that the customer is still living at the same address.
You do not need to update personal information if this would defeat the purpose of the processing. For example, if you hold personal information only for statistical, historical or other research reasons, updating the data might defeat that purpose.
In some cases it is reasonable to rely on the data subject to tell you when their personal information has changed, such as when they change address or other contact details. It may be sensible to periodically ask data subjects to update their own details, but you do not need to take extreme measures to ensure your records are up to date, unless there is a corresponding privacy risk which justifies this.
An organisation keeps addresses and contact details of previous customers for marketing purposes. It does not have to use data matching or tracing services to ensure its records are up to date – and it may actually be difficult to show that the processing involved in data matching or tracing for these purposes is fair, lawful and transparent.
However, if a data subject informs the organisation of a new address, it should update its records. And if a mailing is returned with the message ‘not at this address’ marked on the envelope – or any other information comes to light which suggests the address is no longer accurate – the organisation should update its records to indicate that the address is no longer current.
Where you use your own resources to compile personal information about a data subject, then you must make sure the information is correct. You should take particular care if the information could have serious implications for the data subject. If, for example, you give an employee a pay increase on the basis of an annual increment and a performance bonus, then there is no excuse for getting the new salary figure wrong in your payroll records.
It may be impractical to check the accuracy of personal informstion someone else provides. In order to ensure that your records are not inaccurate or misleading in this case, you must:
- accurately record the information provided;
- accurately record the source of the information;
- take reasonable steps in the circumstances to ensure the accuracy of the information; and
- carefully consider any challenges to the accuracy of the information.
What is a ‘reasonable step’ will depend on the circumstances and, in particular, the nature of the personal information and what you will use it for. The more important it is that the personal information is accurate, the greater the effort you should put into ensuring its accuracy. So if you are using the information to make decisions that may significantly affect the data subject concerned or others, you need to put more effort into ensuring accuracy. This may mean you have to get independent confirmation that the information is accurate. For example, employers may need to check the precise details of job applicants’ education, qualifications and work experience if it is essential for that particular role, when they would need to obtain authoritative verification.
An organisation recruiting a driver will want proof that the data subjects they interview are entitled to drive the type of vehicle involved. The fact that an applicant states in his work history that he worked as a Father Christmas in a department store 20 years ago does not need to be checked for this particular job.
If your information source is someone you know to be reliable, or is a well-known organisation, it is usually reasonable to assume that they have given you accurate information. However, in some circumstances you need to double-check – for example if inaccurate information could have serious consequences, or if common sense suggests there may be a mistake.
A business that is closing down recommends a member of staff to another organisation. Assuming the two employers know each other, it may be reasonable for the organisation to which the recommendation is made to accept assurances about the data subject’s work experience at face value. However, if a particular skill or qualification is needed for the new job role, the organisation needs to make appropriate checks.
A data subject sends an email to her mobile phone company requesting that it changes its records about her willingness to receive marketing material. The company amends its records accordingly without making any checks. However, when the customer emails again asking the company to send her bills to a new address, they carry out additional security checks before making the requested change.
Even if you originally took all reasonable steps to ensure the accuracy of the information, if you later get any new information which suggests it may be wrong or misleading, you should reconsider whether it is accurate and take steps to erase, update or correct it in light of that new information as soon as possible.
If this happens, you should consider whether the information is accurate and, if it is not, you should delete or correct it.
Remember that individuals have the absolute right to have incorrect personal information rectified.
Data subjects don’t have the right to erasure just because information is inaccurate. However, the accuracy principle requires you to take all reasonable steps to erase or rectify inaccurate information without delay, and it may be reasonable to erase the information in some cases. If a data subject asks you to delete inaccurate data it is therefore good practice to consider this request.