QPP 10 – Quality and accuracy of personal information

Overview

All Queensland government agencies¹ must handle personal information in accordance with the Queensland Privacy Principles (QPP) in the Information Privacy Act 2009 (Qld) (IP Act).

This guideline is based on and includes material from the Australian Privacy Principle guidelines developed by the Office of the Australian Information Commissioner.

What is personal information?

Section 12 of the IP Act provides that personal information means information or an opinion about an identified individual or an individual who is reasonably identifiable, whether it is true or recorded in a material format.

The individual does not need to be directly identified in the information for it to be personal information. It is sufficient if they can reasonably be identified by reference to other information.

Refer to Key privacy concepts – personal and sensitive information for more information.

QPP 10

QPP 10 requires agencies to take reasonable steps to ensure the quality of personal information they deal with. Specifically, they must take reasonable steps to ensure:

• the personal information they collect is accurate, up to date and complete; and
• having regard to the reason for the use or disclosure, the personal information they use or disclose is accurate, up to date, complete and relevant.

In addition to creating robust privacy protection, these requirements help ensure greater administrative efficiency and can save the time, potential embarrassment, and possible adverse effects of making decisions based on incorrect or incomplete information.

When does an agency have to take reasonable steps

The agency must take reasonable steps to ensure the quality of personal information at two distinct times: the first, when the information is collected and the second, when the personal information will be used or disclosed.

Agencies aren’t required to review the personal information they hold outside the specific obligations in QPP 10, but doing so can help agencies ensure the overall and ongoing quality of the personal information they hold.

What steps are reasonable

What constitutes reasonable steps will vary depending on the circumstances. Factors to consider when determining what steps are reasonable include:

• the likelihood that the information in question is accurate, complete, and up to date
• whether the information is likely to change over time (for example, date of birth will not change but address and contact details may change frequently and should be regularly checked)
• how recently the information was collected (for example, if an officer uses information soon after collecting it directly from an individual, it probably does not need to be checked)
• how reliable the information is likely to be—this may include professional judgements about whether, or what, information requires verification
• who provided the information (if the information was collected from third parties the need to confirm its accuracy may increase)
• how the information will be used, or under what circumstances it is being disclosed (for example, there is a strict obligation to ensure that an individual’s address details are correct in sending a referral letter or appointment by mail)
• the consequences if the information being used or disclosed is inaccurate, incomplete or out of date
• how sensitive the personal information is—more rigorous steps may be required if the information being collected, used, or disclosed is sensitive information² or is personal information generally considered to be of a sensitive nature
• the nature of agency, include its size, resources, and responsibilities; a large agency that routinely works with sensitive information may be expected to take more steps than a small agency who routinely works with non-personal information; and
• the practicability of the steps, including time and cost involved. However, an agency cannot avoid taking particular steps by only because doing so would be inconvenient, time-consuming or impose some cost to do so. Whether these factors make it unreasonable to take particular steps will depend on whether the burden is excessive in all the circumstances.

In some circumstances there may be:

• no reasonable steps an agency can take, for example, where the information was collected from a third party and neither the individual, or anyone else who could verify it, is available; or
• no reasonable steps an agency is required to take, for example, where it has collected the information directly from the individual it is about.

However, the onus will be on the agency to establish this.

Reasonable steps an agency could take include:

• implementing internal practices, procedures, and systems to audit, monitor, identify and correct poor quality personal information (including training staff in these practices, procedures and systems). For example, if the agency commonly uses or discloses personal information in time-critical situations where it is not possible to take steps to ensure its accuracy, the agency could put procedures in place to review the quality of the personal information at regular intervals
• implementing protocols to ensure personal information is collected and recorded in a consistent format. For example, to help assess whether personal information is up to date, an agency could, where practicable, note when it was collected, any point in time to which it relates, and if it is an opinion or a verified fact
• ensuring updated or new personal information is promptly added to relevant existing records
• providing individuals with a simple means to review and update their personal information on an on-going basis, for example through an online portal
• reminding individuals to update their personal information each time they engage with the agency
• contacting the individual to verify the quality of their personal information when it is used or disclosed, particularly if there has been a lengthy period since collection; or
• if personal information is to be used or disclosed for a secondary purpose, assessing the quality of the personal information with regard to the secondary purpose before its use or disclosure.

In most circumstances, a reliable way of ensuring quality will be to verify the information against the original source. However, in some cases that may be unreasonable because, for example:

• the original source may no longer be available
• checking the original source may be unreasonably expensive
• the consequences of the personal information being incorrect are likely to have nominal or minimal impact; or
• there is reason to believe that the source information may not be accurate or may have become inaccurate over time.

If agency officers cannot reasonably check with the original source, there are often other methods that can be used to ensure information accuracy.

Collection from third parties

If an agency regularly collects personal information from a third party it should put appropriate practices, procedures and/or systems in place to ensure the personal information’s quality. Depending on the circumstances and the nature of the third party this could include:

• enforceable contractual arrangements requiring third party to implement appropriate measures to ensure the quality of personal information the entity collects from the third party, including where appropriate binding them to the QPPs under Chapter 2, part 3 of the IP Act; and
• undertaking due diligence in relation to the third party’s quality practices prior to the collection.

Accurate, up to date, complete and relevant

Accurate

Personal information is inaccurate if it contains an error or defect or if it is misleading. Incorrect factual information can include the wrong name, date of birth, residential address or current or former employer.

An opinion about the individual is not inaccurate just because the individual disagrees with it. An opinion will generally be accurate if it is clear that it is an opinion and not objective fact, it accurately records the view of the opinion giver, and is based on reasonable grounds.³

Up to date

Personal information is out of date if it contains facts, opinions or other information that is no longer current. An example is a statement that an individual lacks a particular qualification or accreditation that the individual has subsequently obtained.

Information that was accurate when it was collected may be superseded by later information or events. Whether that makes the original personal information out of date will depend on why it was originally collected, used, or disclosed and what the agency wants to do with it now. If the agency needs more current information, the original personal information will, to that extent of the agency’s current purpose, be out of date

Complete

Personal information is incomplete if it presents a partial or misleading picture, rather than a true or full picture, for example a database which says that an individual has not paid their rates, when the rates have actually been paid, albeit late.

The information will be incomplete under QPP 10 if the database is used or disclosed for the purpose of providing information about the individual’s payment history. Similarly, a document which lists only two rather all three children of the parent(s) will be incomplete under QPP 10 if that personal information is used for the purpose of, and is relevant to, assessing a person’s eligibility for a benefit or service which relates to the number of dependencies a person or family has.

Collection of personal information will be reasonably necessary for one of the agency’s functions⁴ it is collecting it to ensure the information it already holds is complete.

Relevant - use or disclosure only

Agencies must take reasonable steps to ensure personal information is relevant before it uses or discloses it. Personal information will be irrelevant if it does not have a bearing upon, or connection to, the purpose for which it will be used or disclosed.

For example, if an agency is disclosing medical records for the purposes of a WorkCover claim, it should only disclose the parts of the record that are relevant to that secondary purpose.