Privacy Principle 2: Data Quality Principle Personal information should be relevant for the purposes for which they are used. Personal information must be kept as accurate and up-to-date as necessary for the extent of those purposes. Question: Do you keep personal information as accurate, complete and up-to-date as necessary for the identified purposes? Discussion: Accuracy of personal information is such a concern that more bills and laws are being introduced to address the issue. For example, the Fair and Accurate Credit Transactions Act of 2003 ("FACTA") was passed to help address the growing problem of identity theft and added new requirements for credit reporting agencies to protect the accuracy of customer data. In April 2005 the Saskatchewan government proposed new credit report requirements within Bill 38, the Credit Reporting Act, that would improve privacy and accuracy protection for consumers and significantly improve the regulation of credit reporting agencies' activities. Inaccurate personal information can have a profound impact on the lives of the corresponding individuals. For example, the U.S. Public Interest Research Group (U.S. PIRG) reported in a study release in June, 2004 that one in four credit reports in the databases of the three leading credit bureaus have errors serious enough to cause customers to be denied loans, mortgages, and jobs. Suggested Policy: Company X must implement procedures to ensure all personal information processed or managed by Company X, including information outsourced to third parties, is accurate, complete and up-to-date for the purposes for which it was collected. Note: Assessment and discussion from the Privacy Management Toolkit, Version 1. The Privacy Impact Assessment within the Toolkit contains a complete assessment.