In the concluding part of the Australia Privacy Principles series, we shall take a look at APPs 10-13 which consist of Part 4- Integrity of Personal Information and Part 5- Access to, and correction of, personal information of the Australian Privacy Principles
Australian Privacy Principle 10-Quality of personal information
The personal information that is collected by an entity must be accurate, up-to-date, complete and relevant. It must only relate to the purpose for which it is being collected.
Australian Privacy Principle 11-Security of personal information
It is the responsibility of the entity collecting the personal information to ensure that the collected information is secure from any kind of breach, misuse or manipulation. Once the information collected is no longer needed by the entity, the information must be destroyed or de-identified because as per Australian law the collected information must not be retained after the entity’s intended purpose has been fulfilled.
Australian Privacy Principle 12-Access to personal information
Like every other data privacy legislation, the Australian Privacy Principles also give the right to access of information to the individual who is providing his data to an entity. However, there are exceptions to this principle too-
- If the entity collecting the information is an agency, then the agency can refuse to give access to the information due to the Freedom of information Act or any other Act of the Commonwealth or Norfolk Islands enactment.
- If the entity is an organisation, they can refuse to give access to the individual on various grounds such as
- The access would be unlawful
- It is prohibited by law
- The access would result in danger to the life and safety of other individuals
- The request for access is frivolous
- And any other reason which is provided by the Principle
Once the entity receives a request for access, it must provide the access within a reasonable time in case of an organisation and within 30 days in case of an agency.
It must be noted that an agency must give access free of charge and an organisation must give access by charging a reasonable amount.
As mentioned in points a and b above, if the agency or the organisation are unable to accede to the request for access, they must provide a written notice detailing the reasons for not giving access to the personal information of the individual.
Australian Privacy Principle 13- Correction of personal information
In case of incorrect personal information that is stored with the entity, the incorrect information must be corrected so that the information is up-to-date, complete and relevant.
It is the responsibility of the APP entity collecting the information to notify any other entity with whom the information is shared to correct the information.
As seen above, in case of refusal to correct the information by the entity, a written statement citing the reasons for refusal must be provided to the individual. When the entity has refused to correct the information, the entity must attach a statement so that users are made aware of the incorrect information.