Integrity of Personal Information
In a seashell...
-
You should take all reasonable steps to ensure the personal information you hold is not incorrect or misleading as to any matter of fact.
-
You may need to keep the personal information updated, although this will depend on what you are using it for.
-
If you discover that personal information is incorrect or misleading, you must take reasonable steps to correct or erase it as soon as possible.
-
You must carefully consider any challenges to the accuracy of personal information.
-
You must ensure that you have appropriate security measures in place to protect the integrity of the personal information you hold.
-
Integrity of personal information is vital to accurate decision-making.
-
Integrity maintains the consistency, accuracy, and trustworthiness of personal information over its entire lifecycle.
-
Integrity means that personal information is protected from unintentional modification and modified only by those who have the proper authority.
Section 12, Integrity of personal information, adds that:
(1) “An organisation shall ensure that any personal information used is accurate and kept up to date to the extent necessary for the purposes of use.”
(2) An organisation shall ensure that personal information for any use is not kept for longer than is necessary for that use."
Integrity checklist
☐ We ensure the accuracy of any personal information we use.
☐ We have appropriate processes in place to check the accuracy of the information we collect, and we record the source of that information.
☐ We have a process in place to identify when we need to keep the information updated to properly fulfil our purpose, and we update it as necessary.
☐ If we need to keep a record of a mistake, we clearly identify it as a mistake.
☐ Our records clearly identify any matters of opinion, and where appropriate whose opinion it is and any relevant changes to the underlying facts.
☐ We comply with the individual’s right to correction and carefully consider any challenges to the accuracy of the personal information.
☐ As a matter of good practice, we keep a note of any challenges to the accuracy of the personal information.
Organisations ask
What steps do we need to take to ensure accuracy?
What should we do if an individual challenges the accuracy of their personal information?
When is personal information “accurate” or “inaccurate”?
PIPA does not specify what the definition of “accurate” is. However, the most commonly accepted meaning of “inaccurate” is “incorrect or misleading as to any matter of fact”. Whether personal information is accurate may be obvious. However, if it is not obvious, the organisation should ask the individual for further clarification.
You must always be clear about what you intend the record of the personal information to show. What you use it for may affect whether it is accurate or not. For example, just because personal information has changed doesn’t mean that a historical record is inaccurate – but you must be clear that it is a historical record.
Scenario
If an individual moves from Devonshire to Pembroke, a record saying that they currently live in Devonshire is obviously inaccurate. However, a record saying that the individual once lived in Devonshire remains accurate even though they no longer live there.
Does personal information always have to be up to date?
This depends on what you use the information for. If you use the information for a purpose that relies on it remaining current, you should keep it up to date. For example, you should update your employee payroll records when there is a pay rise. Similarly, you should update your records for customers’ changes of address so that goods are delivered to the correct location.
In other cases, it will be equally obvious that you do not need to update information.
Scenario
An individual places a one-off order with a delivery company. The organisation will probably have good reason to retain a record of the order for a certain period for accounting reasons and because of possible complaints. However, this does not mean that it has to regularly check that the customer is still living at the same address.
You do not need to update personal information if this would defeat the purpose of the processing. For example, if you hold personal information only for statistical, historical, or other research reasons, updating the information might defeat that purpose.
In some cases, it is reasonable to rely on the individual to tell you when their personal information has changed, such as when they change address or other contact details. It may be sensible to periodically ask individuals to update their own details, but you do not need to take extreme measures to ensure your records are up to date, unless there is a corresponding privacy risk which justifies this.
However, if an individual informs the organisation of a new address, it should update its records. And if a mailing is returned with the message “no longer at this address” marked on the envelope – or any other information comes to light which suggests the address is no longer accurate – the organisation should update its records to indicate that the address is no longer current.
What steps do we need to take to ensure accuracy?
When you use your own resources to compile personal information about an individual, you must make sure the information is correct. You should take particular care if the information could have serious implications for the individual.
In order to ensure that your records are not inaccurate or misleading in this case, you must:
-
accurately record the information provided;
-
accurately record the source of the information;
-
take reasonable steps in the circumstances to ensure the accuracy of the information; and
-
carefully consider any challenges to the accuracy of the information.
“Reasonable steps” will depend on the circumstances and, in particular, the nature of the personal information and what you will use it for. If you are using the information to make decisions that may significantly affect the individual concerned or others, you need to put more effort into ensuring accuracy.
Scenario
A taxi company (organisation) recruiting a taxi driver will want proof that the interviewees (individuals) are entitled to drive the type of vehicle involved. The fact that an applicant states in their work history that they worked as shop assistant a department store 20 years ago may not need to be checked for this particular job.
If your information source is someone you know to be reliable, or is a well-known organisation, it is usually reasonable to assume that they have given you accurate information. However, in some circumstances you need to double-check – for example, if inaccurate information could have serious consequences, or if common sense suggests there may be a mistake.
Scenario
A customer (individual) emails their mobile operator (organisation) requesting a change in its records about their willingness to receive marketing material. The organisation amends its records accordingly without making any checks. However, when the customer emails again asking the operator to send their bills to a new address, they carry out additional security checks before making the requested change.
Even if you originally took all reasonable steps to ensure the accuracy of the information, if you later get any new information which suggests it may be wrong or misleading, you should reconsider whether it is accurate and take steps to erase, update, or correct it in light of that new information as soon as possible. There are clear links here to the right to correction hyperlink, which gives individuals the right to have inaccurate personal information corrected.
What should we do if an individual challenges the accuracy of their personal information?
If this happens, you should consider whether the information is accurate and, if it is not, you should delete or correct it.
Remember that individuals have the right to have incorrect personal information corrected – see the right to correction hyperlink for more information.
Individuals don’t have the right to erasure just because information is inaccurate. However, you must take all reasonable steps to erase or correct inaccurate information without delay, and it may be reasonable to erase the information in some cases. If an individual asks you to delete inaccurate information, it is therefore good practice to consider this request.
Measures used to support integrity include using tools to ensure software does not delete the personal information you hold unintentionally or limiting data entry, so only valid types of information can be entered (for example, limiting entry of dates to number format).
PIPA’s integrity principle is complemented by the security principle outlined in the following section.