Ch 6.5 - Accuracy

Accuracy

The accuracy principle requires controllers to take reasonable measures to keep personal data accurate and, where necessary, up to date. This means preventing inaccuracy at collection (reliable sources) and during ongoing processing, taking extra care when combining data from multiple sources or running big-data analytics. It also embodies responding to data subject requests (DSRs) to correct records. Importantly, error records can lawfully be kept if not misleading.

Controllers must take reasonable measures to keep data accurate and, where necessary, up to date - the standard flexes with the data type and purpose. Care is needed at the source, and especially when combining data from multiple sources (social media, emails, browsing, ERP) for analytics.

ICO: keeping records of errors

The ICO says it is acceptable to keep records of events that happened in error, provided they are not misleading. Example: a misdiagnosis stays in the medical record because it explains the treatment given - keeping it is consistent with accuracy.

Collect from reliable sources and verify authenticity, especially where inaccuracy could harm the individual.
Preserve accuracy when integrating/combining data sets from many sources.
For statistical or historical purposes, focus on keeping data as originally collected.
Respond to DSRs to correct incomplete or incorrect records.

Key terms - quick answers

What is “Accuracy”?

Take reasonable measures to ensure personal data is accurate and, where necessary, kept up to date.

What is “Reasonable measures”?

Processes to prevent inaccuracy at collection and during processing, judged against data type and purpose.

What is “Data subject request (DSR)”?

A request by a data subject - here, to rectify incomplete or incorrect records.

← Data minimisation Storage limitation →