Information is a key asset for all organisations. A great deal of focus is given to ensuring the security of personal information. And privacy statements are used to deliver transparency. Ensuring that personal information is accurate, and kept up to date, is often overlooked.
Principle four simply states:“Personal data shall be accurate and, where necessary, kept up to date.”
Most reply “of course we want accurate information! It means we don’t mail out to people who have moved, are deceased, or no longer want to receive our fundraising and marketing – saving cost, increasing efficiency and helping drive value for money.”
For those providing services to people, it ensures these services are safe and help those in need. For those who have married or divorced, those trying to maintain personal safety, or for someone who is transgender, the accuracy of even the most basic personal information can be critically important.
But the question of how to deliver compliance can be tricky.
The Act does try and help. It gives further guidance, stating that Principle four will not be breached – personal data will not be regarded as inaccurate – if
- the information was accurately recorded at the time – whether it came from the individual themselves or a third party;
- you have taken reasonable steps to ensure the accuracy of the data, and
- an individual has told you they think the data is inaccurate, and you make sure that the data reflects that.
And remember the other Principles…
The accuracy of data and information will be affected by – and affect – your level of compliance with other Principles. For example:
- If you keep information for too long (Principle 5) it is more likely to become inaccurate.
- If data is inaccurate, you still have to handle it securely (Principle 7) – a breach involving inaccurate data is as much a breach as one involving accurate data.