Data Protection Act - obligation to ensure personal data is accurate

Data Protection Act - obligation to ensure personal data is accurate

A recent case has highlighted the obligation under the Data Protection Act 1998 (DPA) for data controllers to keep personal data accurate and up to date.

The case concerned Equifax, one of the main credit rating agencies operating in the UK.  Equifax failed, partly because of the insolvency notification procedures in place at the relevant time, to update Mr Smeaton’s file to show that a bankruptcy order which had been registered against him had been subsequently rescinded.  A company set up by Mr Smeaton was refused credit as a result of his poor credit record, and Mr Smeaton sued Equifax for breach of the DPA.

The Court considered whether Equifax had taken reasonable steps and used reasonable care to ensure that Mr Smeaton’s data was accurate.  Equifax would have a defence if it could show that it had taken reasonable steps to ensure the accuracy of the data, but it took no steps to ensure its continuing accuracy other than responding to consumer information once received.  In holding Equifax to be liable, the Court suggested that Equifax could have been more proactive in making inquiries of relevant bodies to see if relevant information could be fed to it automatically, therefore helping to ensure that the data would remain accurate.  As the DPA had been breached, Mr Smeaton was entitled to statutory compensation for damage and distress suffered, and the Court will determine the amount of damages to be awarded at a later trial (which are potentially substantial).

For more information on data protection issues, please contact Beverley Flynn on +44 (0)1483 734264 or email

Contact our experts for further advice

Search our site