IPP 3 provides that ‘an organisation must take reasonable steps to make sure that the personal information it collects, uses or discloses is accurate, complete and up to date.’ Its aim is to keep the quality of personal information high. These Guidelines use ‘quality’ to mean being accurate, complete and up to date.

Data quality is important because the personal information collected by government informs decisions which affect the lives of individuals and the community. Government decision-making will be better if it is based on accurate, complete and up to date information. This is an important part of protecting individuals’ privacy.

IPP 3 requires organisations to take reasonable steps to ensure the quality of personal information at three distinct points in the information lifecycle:

• when personal information is collected;
• when it is used; and
• when it is disclosed.

Historical information held by an organisation, which is not currently being used or disclosed, does not require constant reasonable steps to ensure its accuracy. However, if the information is used or disclosed at a later point in time, reasonable steps need to be taken at that time to ensure its quality. This is discussed in more detail below, in ‘Reasonable steps under IPP 3 throughout the information lifecycle’.

‘Accurate’ is not defined in the PDP Act. The ordinary meaning of the word ‘accurate’ is ‘free from error or defect’ or ‘in exact conformity to truth, to a standard or rule’.¹ Organisations must take reasonable steps to ensure personal information is accurate when it is collected, used and disclosed.

Inaccuracy for the purposes of IPP 3 includes factually incorrect personal information. For example, misspelt names, wrongly addressed personal correspondence and information attributed to the wrong person will be regarded as inaccurate.

The definition of ‘personal information’ in s 3 states opinions ‘whether true or not’ fall within the ambit of the PDP Act. This makes clear the PDP Act applies to inaccurate or untrue information and opinions.

Opinions are not inaccurate under IPP 3 simply because someone else holds a different opinion. However, opinions may be inaccurate for the purpose of IPP 3 if they are based on bias, ill will or erroneous facts. Incomplete or inaccurate opinions often demonstrate a ‘total inadequacy of underlying factual information’.⁵ It can be dangerous to rely on opinions based on inaccurate information because they are likely to result in error.

Organisations can take steps to determine if an opinion is ‘inaccurate’ or ‘incomplete’ under IPP 3. Taking into account competing facts or views of relevant parties before reaching a final opinion will usually be enough for the organisation to demonstrate the opinion should be considered ‘accurate’ or ‘complete’ under IPP 3. For example, a professional opinion formed on a reasonable basis does not become inaccurate when later information proves the opinion to be false. The opinion was accurate when it was formed and recorded. If it is later relied upon, the organisations must again take steps to ensure accuracy and quality.

Firstly, organisations should ensure information is accurately recorded. Accurate records of opinions should clearly state it is an opinion. If possible, organisations should also record the name of the person holding that opinion.

When the factual basis of the opinion is found to be flawed, an opinion may need to be updated, as the record might be ‘incomplete’. If it is impracticable or inappropriate for the opinion to be updated, it may be reasonable for an organisation to add a note to the record that indicates the opinion is flawed or out of date. If organisations disclose a flawed opinion, the organisation should also point out the flawed basis to recipients.

Part V of the Freedom of Information Act 1982 (Vic) (FOI Act) provides for the addition of a note to a disputed opinion so that, while the integrity of a file is maintained, the contrary view, perhaps now based on better or more complete factual information, is also available to future decision makers. This is a way to deal with situations in which two appropriately qualified persons give conflicting opinions on the same matter.

For more guidance on the relationship between IPP 3 and IPP 6 (Access and Correction), see the discussion under ‘Data quality and freedom of information (FOI)’ below, and IPP 6.

‘Complete’ means ‘having all its parts or elements; whole; entire; full.’⁷ What is complete depends on the specific information and the context and purpose of collection, use or disclosure. Where incomplete information would be misleading or lead to incorrect decisions, organisations have an obligation to hold, use and disclose complete information.

The purpose and context of a record or database of information will affect what is considered complete or incomplete. Even when an organisation’s information is true and correct, it may be incomplete because it leaves out subsequent events or important information. This might also make the information out of date. For example, if a record of parking fines issued by a local council does not also record whether the fines have been paid and the information is used to demand payment or deny other council services, the information might be incomplete. However, if the purpose of this database of internal statistics is about the issuing of parking fines, it may not be necessary to include payment information.

‘Up to date’ for IPP 3 means extending to the present time including the latest facts. Information may be considered out of date where subsequent information becomes available, which renders the earlier information erroneous or out of date. Ensuring records are up to date is largely about ensuring they are not likely to convey a misleading impression to others who view the information.

Personal information is not out of date simply because it is old. Information about a past event can be an accurate record of the facts known at the time. For example, a birth record stating the weight of a newborn is not out of date simply because time has passed. Other information that never becomes out of date is an individual’s birthplace or the fact that they obtained an academic qualification. Time does not change these facts.

Information becomes out of date when relevant changes mean information no longer accurately represents the present.

To ensure information is fit for its intended use, organisations may need to replace or delete out of date information, for example, when updating mailing addresses. The need to update old information due to subsequent events or the availability of new information depends on the purpose for which the information is used or disclosed and ‘the context in which that information appears’.¹¹ When organisations are required to retain old information due to recordkeeping obligations, organisations may archive or store the information with a note which says it is out of date.

IPP 3 requires organisations to take ‘reasonable steps’ to ensure data quality at multiple stages of the information lifecycle. This is different from a strict requirement to achieve data quality itself. Organisations are not required to take every possible step to ensure quality. An organisation must comply with IPP 3 when it collects, uses and discloses personal information. There are also additional duties under IPP 3 if an organisation keeps a record of the information. Organisations have a duty to consider the quality of the data when and if the information is subsequently used or disclosed.

The reasonable steps required to ensure data quality will vary in different circumstances. When considering what is reasonable in a specific context, organisations should keep in mind the underlying principle that personal information should be fit for its purpose. Other factors which affect what is reasonable include:

• the nature of the information;
• how recently the information was collected;
• how quickly the information can go out of date;
• who provided the information;
• the purpose for which the organisation uses the information;
• to whom the organisation discloses the information;
• how, and for what purpose, the information will be used by the recipient; and
• the consequences for the individuals concerned if the data is not sufficiently accurate, complete and up to date.

The nature or type of personal information and the consequences of poor data quality are particularly important when organisations are considering what steps to ensure data quality are ‘reasonable’. The incorrect use or disclosure of some information will merely annoy the data subject until it is corrected, for example, misspelling a name or using an incorrect title. Small inaccuracies will normally not cause harm but in some circumstances they may. For example, recording the wrong age may impact on someone’s concession entitlements. Other categories of personal information could inconvenience the data subject if the information is incomplete or out of date when it is used, for example a wrong or old address. The potential for harm when there is a delay in receiving wrongly addressed correspondence is small, however, a wrong address could cause the intended recipient missing a crucial deadline due to the delay.

Certain categories of information may cause serious harm to an individual, if the information is of poor quality. For example, information about an investigation into any allegation of improper behaviour needs to be accurate, complete and up to date. Where an organisation publishes identifying information about disciplinary matters, publications should note the date the information was ‘accurate at’ or ‘last revised’.

Where information can have adverse consequences for an individual, greater ‘reasonable steps’ are required of an organisation to meet the requirements of IPP 3. For example, organisations should take appropriate steps to confirm the accuracy of the information they use or the accuracy of facts from which opinions are drawn before making a decision or taking action which will deprive individuals of benefits or result in serious adverse consequences. These consequences can include financial losses, reputational harm and emotional distress (including damage to relationships).

For further examples of data quality errors leading to serious harm for individuals, see:

• Beneficiary complains ACC acted on inaccurate information in cancelling compensation (Case Note 17749) [1999] NZPrivCmr 13.
• CYF wrongly noted father had sexual abuse convictions (Case Note 277483) [2017] NZPrivCmr 3.
• Sensible Sentencing Trust falsely labels man as paedophile (Case Note 294302) [2018] NZPrivCmr 6.¹⁵

Sometimes a step taken to improve data quality can create new risks. For example, data matching techniques are sometimes used to compare two datasets to improve their accuracy. Mismatches and mistaken identities present a privacy risk. Similarities between names or addresses can lead to cases of mistaken matches and mistaken identity. As a result, it will not always be ‘reasonable’ to engage in data matching exercise for the purposes of updating personal information. Organisations should consider whether the privacy risks associated with a proposed ‘reasonable step’ outweigh the benefits. If they do, it is unlikely to be a reasonable step the agency is obliged to take under IPP 3.

Reasonable steps to ensure data quality must be taken at multiple points of the information lifecycle. Key times to take reasonable steps to check data quality are collection, use, re-use and disclosure. How often an organisation must reasonably monitor data quality depends on the potential for that type of information to lose quality over time, whether the information is used regularly or constantly and the potential harm if the information is inaccurate, incomplete or out of date.

When personal information is collected, used immediately for a purpose and subsequently archived it will be less likely the information will need to be thoroughly checked for accuracy. Organisations do not need to constantly check accuracy or monitor data quality when information is effectively dormant.

When personal information is disclosed, both the disclosing and receiving organisations should check accuracy. Recipient organisations should ask about the quality of the information received as they will usually be in a weaker position to judge data quality. If the recipient organisation is bound by the PDP Act, they will have data quality responsibilities as soon as they receive the information.

If either a disclosing or recipient organisation later become aware of (significant) data quality issues, it is good practice (although not required by IPP 3) to tell other organisations who have that information. IPP 3 requires organisations to take reasonable steps to ensure data accuracy both when collecting and using and disclosing personal information.

Different stages of the information lifecycle might require reasonable steps to check quality include collection, recording and transcription, storage and dissemination. Data quality can be especially vulnerable at times of data entry because mistakes can be made when typing. Or, for example, pages can be lost when photocopying. Also, digital data is susceptible to change or loss in ways that paper documents are not. This is partly because technology allows large amounts of digital data to be handled in relatively automated ways.

Steps that can help organisations maintain data quality include regular checks to assess accuracy of data entry, publishing documents in a read-only format, using encryption to securely transmit data and adopting technologies which record when information is altered or deleted and by whom. Reasonable steps to protect data from unauthorised modification or premature disposal are discussed further under IPP 4 (Data Security). One effective way to check data quality is to ask subjects of information to point out whether any information needs correcting or updating. Collection requirements under IPP 1 can improve data quality for IPP 3.

Because personal information on the internet can be easily stored and reproduced elsewhere, more may be required of an organisation to take reasonable steps to ensure data quality. For example, search engines can cache or store information even after it is removed from the public register. To take reasonable steps to ensure data quality, an organisation may need to correct information on websites other than their own.

To ensure data quality it may be best to only allow online information to be accessed from the organisation’s website – the ‘official source’. This may involve excluding search engine ‘spiders’ or ‘robots’ from indexing the site.

When organisations regulate particular trades and professions administer information on public registers, they should make sure the information accurately reflects an individual’s registration status. For example, the phrases ‘de-registered’ or ‘cancelled’ next to a professional’s name may have a more negative effect than the phrases ‘not current’ or ‘not currently practising’.

In Victoria, law enforcement agencies are exempt from certain IPPs under s 15 of the PDP Act. However, it is important to remember that s 15 does not exempt law enforcement agencies from their obligations under IPP 3. Data quality of information in the hands of law enforcement agencies is important to ensure profiling and investigations are appropriate and rely on information that is true and correct. This is illustrated in the case of Zeqaj v Victoria Police (Human Rights) [2018] VCAT 1733.

Where an organisation outsources functions to a contracted service provider (CSP), both parties should work together to ensure data quality. In an outsourcing arrangement, obligations for ensuring data quality should be clearly communicated to both parties and set out in the binding contract underpinning the arrangement. At a minimum, organisations should consider:

• which organisation will control the data;
• which organisation will be responsible for updating it; and
• what obligations will arise where information is found to be out of date, inaccurate or incomplete.

Importantly, organisations should check the CSP is adequately equipped to meet the obligations under IPP 3 and have appropriate procedures in place. For example, this may involve putting in place measures to ensure that data is accurately collected, verified and reviewed and having clear policies in place for the destruction of out of date data (where recordkeeping obligations permit).

The obligations for organisations and CSPs to ensure data quality in an outsourcing arrangement will differ depending on whether the CSP has assumed direct liability for their obligations under the IPPs, under a State contract in accordance with s 17(2) of the PDP Act. Where a CSP has assumed direct liability for the obligations under the IPPs, they must take reasonable steps to ensure the quality of any data they collect, use and disclose (when performing functions under the State contract). Where the CSP doesn’t assume direct liability for the obligations under the IPPs, the outsourcing party (the organisation) will need to take reasonable steps to ensure data quality. This may involve prescribing processes or minimum standards to ensure information is accurately recorded, unreliable data is identified and old data is destroyed in accordance with recordkeeping requirements.

More detailed guidance on the obligations of CSPs and organisations in an outsourcing arrangement is available in the Guidelines for outsourcing in the Victorian public sector, available on OVIC’s website.²⁵

Access to personal information, whether under the FOI Act or under IPP 6 (Access and Correction), can help an organisation comply with IPP 3. Data quality is likely to be higher where individuals can get access to the information which relates to them and seek correction where appropriate.

Individuals should seek access and correction to personal information under the FOI Act wherever possible, rather than via IPP 6. Section 14(1) of the PDP Act provides that, where a document containing personal information is a document of an agency within the meaning of the FOI Act, then access or correction to the document may only be granted in accordance with the FOI Act. 

The Explanatory Memorandum for the PDP Act states the FOI Act operates in Victoria to provide rights of access or correction for documents held by government. It says that ‘in the case of documents held by public sector agencies, the FOI Act will continue to be the only enforceable method of access. This arrangement is affected by clause 14 of the Bill.’ This is because it is not the intention of the PDP Act to ‘disrupt established systems of access (under the FOI Act) by supplanting them or creating a concurrent system’. Instead, the rights of access and correction under IPP 6 are intended to have limited operation to organisations which are not agencies within the meaning of the FOI Act, for example, CSPs acting under a State contract.

Section 39 of the FOI Act provides that where a document is released and contains personal affairs information, an individual can request a correction on or amendment to that document, where the individual believes that the document is:

• inaccurate;
• incomplete;
• out of date; or
• would give a misleading impression.

OVIC has published information about access and correction under the FOI Act.

Where a CSP holds personal information that is inaccurate, incomplete or out of date, individuals may seek access or correction under IPP 6. IPPs 6.5 and 6.6 require a CSP to take reasonable steps to address the data quality issues by amending, correcting, or associating a statement with the record.

IPP 3 (Data Quality) is different to the FOI Act and IPP 6 (Access and Correction) because it does not place an obligation on an organisation to correct inaccurate personal information. IPP 3 considers if the steps an organisation to ensure data quality were adequate. IPP 3 focuses on whether an organisation has done all it reasonably should to ensure the accuracy of personal information.