Access to Personal Information (S.23, part-7)
This section provides that an organization is mandated to provide the personal information of an individual under its control, the way in which the personal information has been and is being used by the organization. It also asks to disclose the name of the individual and organization to whom the personal information has been disclosed by the organization.
It explicitly mandates the credit rating agency to provide the names of the source from where the personal information has been received unless it is reasonable to assume the ascertainment of the source. However, organization is not required to disclose under certain circumstances for eg. solicitor-client privileges etc. (please refer subsection 3 of s.23 to know more such circumstances).
Right to request correction of personal information (S. 24)
The information under the control of an organization may be corrected upon giving the request by an individual. If the organization is satisfied on the reasonable ground that the personal information is to be corrected then it has to make such correction and send the corrected information to each organization to which the personal information was disclosed by the organization.
In case no correction is made by the organisation then it has to annotate the personal information under its control with the correction that was requested but not made.
Procedure to obtain access or request a correction to personal information (Part 8- Administration)
The individual has to make the written request by mentioning the sufficient details and on payment of minimal fees and upon making such a request the organization has to respond within 30 days after receiving the request. The 30 days may be extended up to an additional 30 days with the commissioner’s permission recording a reason to the same.Â