The ninth principle of the Generally Accepted Privacy Principles (GAPP), Quality, requires that the entity maintain accurate, complete, and relevant personal information for the purposes identified in the notice.
This fair information practice acknowledges that, on request, an entity should inform individuals of the existence, use, and disclosure of their personal information and provide access to that information to ensure its accuracy, completeness, and relevance for the purposes stated in the notice. In this regard, personal information should be updated only when necessary to meet the identified purpose. Specifically, the criteria outlined in GAPP indicate that an entity should do the following:
· Design privacy policies that address the quality of personal information (see Criterion 9.1.0)
· Communicate to individuals that they are responsible for providing the entity with accurate and complete personal information and for contacting the entity if correction of such is required (see Criterion 9.1.1)
· Design procedures and controls that ensure personal information is accurate and complete for the purposes for which it is to be used (see Criterion 9.2.1)
· Design procedures and controls that ensure personal information is relevant to the purposes for which it is to be used (see Criterion 9.2.2)