Accuracy of Personal Information
A big company may have thousands or even millions of customers. It is inevitable that any sufficiently large set of data will contain errors. If this set represents personal information, inaccuracies could negatively affect people’s lives. For example, if a bank has wrongly recorded someone’s level of income, they may refuse that person a loan when they would have allowed it if the figure were correct.
Companies have an obligation to ensure that their knowledge base is correct and up to date. Individuals also have the right to inspect information that is held about them, and to correct it if it is wrong.
Obligations of BusinessesOne of the provisions of the Data Protection Act is that businesses must ensure that the data they hold is accurate. They should not keep data longer than necessary, but it might still be needed to keep personal details for a long time. For example, it is reasonable to store things about a person for as long as he or she remains a customer. In this case, the business should periodically check that the details they hold in their database, such as the address, are up to date.
Checking and Amending Your Personal InformationYou have a right under the Act to access information that an organisation holds about you, in return for a nominal fee. Understandably, some organisations may not be enthusiastic about complying, particularly those that do not receive many such requests, but they are nevertheless obliged to do so.
If you request records in this way (known as subject access) and discover that they are inaccurate, you also have the right to ensure that the organisation corrects them. Indeed, even if you have some other reason to suspect that they hold inaccurate details about you (for example, if they always spell your name incorrectly on letters they send to you) then you should contact their support department with an amendment.
Opting Out of Direct MarketingIndividuals can sign up to schemes in order to indicate that they do not wish to receive unsolicited direct marketing. In the UK, there are three such schemes: the Mailing Preference Service, the Telephone Preference Service and the Fax Preference Service, covering direct marketing by mail, phone and fax respectively.
Companies performing direct mailing, cold calling or bulk faxing should “wash” their lists of prospects against the membership of these systems to ensure that they do not advertise to people who have opted out.
These schemes only apply to unsolicited communications. Companies may contact their own customers for marketing purposes, regardless of whether they have opted out of unsolicited direct marketing. Such contact does, however, fall under the Data Protection Act – customers must have consented to their details being used in this way when they supplied them.
The Importance of Correctness(GDPR)Businesses use data about people in order to provide an efficient service, as a basis for marketing new products and for measuring how the company is performing. Inaccurate data will lead to inefficiencies and will ultimately cost money, so it is in the organisation’s interest to ensure that the records it keeps are accurate and up to date. Individuals also benefit when the data held about them is accurate, and the Data Protection Act gives them the ability to check and correct it.
EU General Data Protection Regulation (GDPR)
The EU General Data Protection Regulation (GDPR) superseded the UK Data Protection Act 1998 on May 25, 2018. The new policy expands the rights of individuals to control how their personal data is collected and processed. It places a range of new obligations on organisations to be more accountable for data protection.
Organisations are obliged to have technical and procedural measures in place to safeguard the personal information they hold.