Handle APP 12 access and APP 13 correction requests
Individuals can request access to and correction of their personal info, with strict response times.
Who must comply
All APP entities.
What triggers it
Receiving an access or correction request.
When due
Access: 30 days (private sector). Correction: reasonable timeframe; statement of correction if disagreement.
Evidence required
Request register, response letters, correction logs.
Max penalty
Civil penalty exposure for systemic failure to respond; complaint-handling by OAIC
Summary
APP 12 requires entities to give an individual access to their personal information held by the entity on request, within 30 days (private sector). Limited exceptions (e.g. serious risk, frivolous, breach of others' privacy). APP 13 requires entities to take reasonable steps to correct personal info that is inaccurate, out of date, incomplete, irrelevant or misleading.
Enforced by
Source legislation
Topics
Source: https://oaic.gov.au/privacy/australian-privacy-principles/australian-privacy-principles-guidelines/chapter-12-app-12-access-to-personal-information. Rules Mate is not a law firm. Always verify against the live regulator source before acting.