Keeping personal data accurate and up to date (Principle 4)
This section looks at the second of the information standards – the accuracy of personal data.
In brief – what does the Data Protection Act say about accuracy and updating?
The Act says that:
Personal data shall be accurate and, where necessary, kept up to date.
This is the fourth data protection principle. Although this principle sounds straightforward, the law recognises that it may not be practical to double-check the accuracy of every item of personal data you receive. So the Act makes special provision about the accuracy of information that individuals provide about themselves, or that is obtained from third parties.
To comply with these provisions you should:
- take reasonable steps to ensure the accuracy of any personal data you obtain;
- ensure that the source of any personal data is clear;
- carefully consider any challenges to the accuracy of information; and
- consider whether it is necessary to update the information.
In more detail…
- When is personal data “accurate” or “inaccurate”?
- What about records of mistakes?
- Does personal data always have to be up to date?
- How does the general rule that information must be accurate apply to information I compile?
- What about information individuals provide, or which I obtain from third parties?
- What are “reasonable steps”?
- What happens when individuals challenge the accuracy of information?
What about the accuracy of opinions?
When is personal data “accurate” or “inaccurate”?
The Data Protection Act does not define the word “accurate”, but it does say that personal data is inaccurate if it is incorrect or misleading as to any matter of fact. It will usually be obvious whether information is accurate or not. For example, if an individual has moved house from Chester to Wilmslow, a record showing that he currently lives in Chester is obviously inaccurate. But a record showing that he once lived in Chester remains accurate, even though he no longer lives there. You must always be clear about what a record is intended to show.
A journalist builds up a profile of a particular public figure. This includes information derived from rumours circulating on the internet that the individual was once arrested on suspicion of dangerous driving. If the journalist records that the individual was arrested, without qualifying this, he or she is asserting this as an accurate fact. However, if it is clear that the journalist is recording rumours, the record is accurate – the journalist is not asserting that the individual was arrested for this offence.
The Post Office Address File (PAF) contains UK property postal addresses. It is structured to reflect the way the Royal Mail delivers post. So it is common for someone to have a postal address linked to a town in one county (eg Stoke-on-Trent in Staffordshire) even if they actually live in another county (eg Cheshire) and pay council tax to that council. The PAF file is not intended to accurately reflect county boundaries.
What about records of mistakes?
There is often confusion about whether it is appropriate to keep records of things that happened which should not have happened. Individuals understandably don’t want their records to be tarnished by, for example, a penalty or other charge that was later cancelled or refunded. However, the organisation may legitimately wish its records to accurately reflect what actually happened – in this example, that a charge was imposed, and later cancelled or refunded. Keeping a record of a mistake and its correction might also be in the individual’s interests.
A mis-diagnosis of a medical condition continues to be held as part of a patient’s medical records even after the diagnosis is corrected, because it is relevant for the purpose of explaining treatment given to the patient, or to additional health problems.
It is acceptable to keep records of events that happened in error, provided those records are not misleading about the facts. You may need to add a note to a record to clarify that a mistake happened.
An individual finds that, because of an error, their account with their existing energy supplier has been closed and an account opened with a new supplier. Understandably aggrieved, they believe the original account should be reinstated and no record kept of the unauthorised transfer. Although this reaction is understandable, if their existing supplier did close their account, and another supplier opened a new account, then records reflecting what actually happened will be accurate. In such cases it makes sense to ensure that the record clearly shows that an error occurred.
An individual is dismissed for alleged misconduct. An Employment Tribunal finds that the dismissal was unfair and the individual is reinstated. The individual demands that the employer deletes all references to misconduct. However, the record of the dismissal is accurate. The Tribunal’s decision was that the employee should not have been dismissed on those grounds. The employer should ensure its records reflect this.
Does personal data always have to be up to date?
This depends on what the information is used for. If the information is used for a purpose that relies on it remaining current, it should be kept up to date. For example, your employee payroll records should be updated when there is a pay rise. Similarly, records should be updated for customers’ changes of address so that goods are delivered to the correct location.
In other circumstances, it will be equally obvious when information does not need to be updated.
An individual places a one-off order with an organisation. The organisation will probably have good reason to retain a record of the order for a certain period for accounting reasons and because of possible complaints. However, this does not mean that it has to regularly check that the customer is still living at the same address.
How does the general rule that information must be accurate apply to information I compile?
Where you use your own resources to compile personal data about an individual, then you must make sure the information is correct. You should take particular care if the information could have serious implications for the individual. If, for example, you give an employee a pay increase on the basis of an annual increment and a performance bonus, then there is no excuse for getting the new salary figure wrong in your payroll records.
The exception to the rule – what does the Act say about information individuals provide about themselves, or which I obtain from third parties?
It may be impractical to check the accuracy of personal data someone else provides. In recognition of this, the Act says that even if you are holding inaccurate personal data, you will not be considered to have breached the fourth data protection principle as long as:
- you have accurately recorded information provided by the individual concerned, or by another individual or organisation;
- you have taken reasonable steps in the circumstances to ensure the accuracy of the information; and
- if the individual has challenged the accuracy of the information, this is clear to those accessing it.
This will depend on the circumstances and, in particular, the nature of the personal data and what it will be used for. The more important it is that the personal data is accurate, the greater the effort you should put into ensuring its accuracy. So if you will be using the data in making decisions that may significantly affect the individual concerned or others, you will need to put more effort into ensuring accuracy. This may mean you have to get independent confirmation that the data is accurate. For example, most employers will only need to check the precise details of job applicants’ education, qualifications and work experience if it is essential for that particular role, when they would need to obtain authoritative verification.
An organisation recruiting a driver will want proof that the individuals they interview are entitled to drive the type of vehicle involved. The fact that an applicant states in his work history that he worked as a Father Christmas in a department store 20 years ago will not need to be checked for this particular job.
If your information source is someone you know to be reliable, or is a well-known organisation, it will usually be reasonable to assume that they have given you accurate information. However, in some circumstances you will need to double-check – for example if inaccurate information could have serious consequences, or if common sense suggests there may be a mistake.
A business that is closing down recommends a member of staff to another organisation. Assuming the two employers know each other, it may be reasonable for the organisation to whom the recommendation is made to accept assurances about the individual’s work experience at face value. However, if a particular skill or qualification is needed for the new job role, the organisation would need to make appropriate checks.
An individual sends an email to her mobile phone company requesting that it changes its records about her willingness to receive marketing material. The company amends its records accordingly without making any checks. However, when the customer emails again asking the company to send her bills to a new address, they carry out additional security checks before making the requested change.
What happens when individuals challenge the accuracy of information held about them?
If this happens, you should consider whether the information is accurate and, if it is not, you should delete or correct it. Sometimes the individual may be able to provide convincing documentary evidence that, for example, a date of birth has been recorded incorrectly. In other circumstances, you may need to make some checks yourself.
When an individual tells a credit reference agency its record of a particular account is wrong, the agency will usually have to contact the lender concerned to confirm that the record is accurate. If the lender satisfies the credit reference agency that the record is correct then the agency can retain it. However, if the agency is not satisfied that the record is accurate, it should amend or remove it. The credit reference agency will mark the record as being in dispute while the lender looks into the matter but it must tell the individual whether it has amended or removed the record within 28 days of receiving the challenge.
Where the accuracy of a record has been challenged by the individual it relates to, it is good practice to mark the record as being in dispute (as in the above example). You are not legally obliged to do this – so, if you are satisfied that a record is correct, you need not flag it as having been challenged. However, in the case of credit reference agency records, it is accepted industry practice that disputed information should be flagged. In any event, the advantage of flagging a disputed record is that (as long as the other conditions are satisfied) it avoids you breaching the fourth data protection principle if the information does turn out to be inaccurate.
If an individual is not satisfied that you have taken appropriate action to keep their personal data accurate, they may apply to the court for an order that you rectify, block, erase or destroy the inaccurate information.
What about the accuracy of opinions?
We have already considered the adequacy of opinions, but questions also arise as to the accuracy of an opinion.
An expression of an opinion about an individual is classed as their personal data. Two people may have very different opinions about the ability or personality of an individual. Personal experiences and preferences, even prejudices, can colour a person’s opinions, so it may be impossible to conclude with any confidence which, if either, of two conflicting opinions is accurate. People may only be able to state which of the two they tend to agree with. So when recording information about an individual, you should record whether it is an opinion, and, where appropriate, whose opinion it is.
Some records that may appear to be opinions do not contain an opinion at all. For example, many financial institutions use credit scores to help them decide whether to provide credit. A credit score is a number that summarises the historical credit information on a credit report and provides a numerical predictor of the risk involved in granting an individual credit. Credit scores are based on a statistical analysis of individuals’ personal data, rather than on a subjective opinion about their creditworthiness.
An area of particular sensitivity is medical opinion, where doctors routinely record their opinions about possible diagnoses. It is often impossible to conclude with certainty, perhaps until time has passed or tests have been done, whether a patient is suffering from a particular condition. An initial diagnosis (or informed opinion) may prove to be incorrect after more extensive examination or further tests. Individuals sometimes want the initial diagnosis to be deleted on the grounds that it was, or proved to be, inaccurate. However, if the patient’s records accurately reflect the doctor’s diagnosis at the time, the records are not inaccurate, because they accurately reflect a particular doctor’s opinion at a particular time. Moreover, the record of the doctor’s initial diagnosis may help those treating the patient later.
How much weight is placed on an opinion is likely to greatly depend on the experience and reliability of the person whose opinion it is, and what they base their opinion on. An opinion formed during a brief meeting will probably be given less weight than one derived from considerable dealings with the individual. The “adequacy” requirement is relevant in these cases.
If a court is satisfied that you are holding inaccurate personal data containing an expression of opinion that appears to the court to be based on that inaccurate data, it can order you to delete that data, including the expression of opinion.