Skip to main content

The personal information we hold and how you can access and correct it

Australian privacy law gives you a general right to access your personal information, including your health information. If you want to access records the police hold about you, please contact the Australian Federal Police or the criminal records section of your state or territory police service.

The Office of the Australian Information Commissioner (OAIC) is the independent national regulator for privacy and freedom of information. Further information about requesting access to your personal information is available on the OAIC website.

The Attorney-General’s Department can only give you access to the personal information we hold about you. For access to personal information held by other agencies, you should contact the agency directly.

Personal information held by the Attorney-General’s Department

Under the Privacy Act 1988, (Privacy Act), you have a right to access your personal information that is held by this department. You also have a right to request corrections to any personal information we hold about you if you think it is inaccurate, out-of-date, incomplete, irrelevant or misleading.

In addition to your rights under the Privacy Act, you can also apply under the Freedom of Information Act 1982 (FOI Act) to access and correct documents this department holds containing your personal information.

These rights to access and correction of personal information under the Privacy Act and the FOI Act operate independently. As a result, you have a choice whether to seek access to or correction of your personal information under the Privacy Act (APP 12 and APP 13) or under the FOI Act.

There are no fees or charges for providing access to or correcting personal information under the Privacy Act. However, there may be a charge involved for us to process a request under the FOI Act if your request goes beyond a request for your own personal information.

Making a request

FOI Act request

If we hold any personal information about you, you can make a request under the FOI Act to access or correct that information by writing to us:

Email: foi@ag.gov.au
Mail:
The Director
Freedom of Information and Privacy Section
Attorney-General's Department
Robert Garran Offices
3-5 National Circuit
BARTON ACT 2600

For more information about making an FOI request, visit our Freedom of information page.

Privacy Act request

If we hold any personal information about you, you can make a request under the Privacy Act to access or correct that information by writing to us:

Email: privacy@ag.gov.au
Mail:
Privacy Officer
Freedom of Information and Privacy Section
Attorney-General's Department
Robert Garran Offices
3-5 National Circuit
BARTON ACT 2600

Accessing personal information

The FOI Act may be a more comprehensive mechanism to use for personal information access requests because:

  • an FOI access request can relate to any document held by an agency and is not limited to personal information
  • the FOI Act has a consultation process for dealing with documents that contain the personal or business information of third parties
  • the FOI Act includes a right to apply for internal review or Information Commissioner review of an access refusal decision.

Differences between the FOI Act and the Privacy Act access to information provisions

FOI Act access requestPrivacy Act access request
A request made under the FOI Act must meet certain requirements (it must be in writing, state it is an FOI request, reasonably identify the document and include a contact address).Under the Privacy Act (APP 12) there are no formal requirements that a request must meet.
A request must be acknowledged within 14 days and a decision made in 30 days. Extensions of time (for a further 30 days) are available in some situations, including for consultation with a third party.The privacy access procedures require only that that we respond to the request (by either providing access or refusing access) within 30 days.
Access under the FOI Act is to existing documents. We do not have to create a new document in order to respond to a request.Privacy access requests can be answered in different ways, for example, we could provide an oral explanation of a decision or action, create a new document rather than provide a redacted version of existing documents or compile data for the applicant.
Applicants may apply for internal review and/or Information Commissioner review. Review by the Administrative Appeals Tribunal and appeal to the Federal Court is available in some circumstances.There is no right to a review of a decision on its merits. Applicants can make a complaint that there has been an interference with their privacy under the Privacy Act to the Information Commissioner.

Amending, correcting or annotating personal information

FOI Act amendment and annotation

Under the FOI Act, you may apply to us to amend or annotate a record of your personal information, but only in respect of records to which you have obtained lawful access and only records which have an administrative purpose.

Where we are satisfied that the information is incomplete, incorrect, out-of-date or misleading, we may amend the record. We are not obliged to amend the record. Where we agree to amend a record, we must, as far as possible, retain the text of the record as it was prior to the amendment.

Where an amendment request is refused, we must provide reasons for the refusal. We must also give you an opportunity to make a statement expressing your disagreement with the record and we are obliged to annotate the record, by attaching that statement—unless we consider the statement to be irrelevant, defamatory or unnecessarily voluminous.

Privacy Act correction and annotation

The Privacy Act (APP 13) sets out minimum procedural requirements for the correction or annotation of personal information. You may request the correction or annotation of your personal information on the same grounds as the FOI grounds but with the additional ground of the information being irrelevant. Under the Privacy Act we are obliged to take reasonable steps to correct or annotate your personal information.

You can also request that we take reasonable steps to notify any other agencies or organisations of the correction to your information that we previously provided to them.

If you make a Privacy Act correction or annotation request, but are dissatisfied with the results, you can make a new request under the FOI Act to amend or annotate the information.

Differences between the FOI Act and the Privacy Act correction and annotation provisions

FOI Act correction and annotation proceduresPrivacy Act correction and annotation procedures

An application for amendment must:

  • be in writing
  • specify the document requiring correction
  • specify the information that is claimed to be incorrect, out of date or misleading
  • specify whether the information is claimed to be incorrect, out of date or misleading
  • provide the applicant’s reasons for making the correction claim
  • specify the amendment requested by the applicant
  • provide a return address to which notices can be sent.
There are no formal requirements for making a request. We must take reasonable steps to correct information where satisfied that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.
The record to be amended must also have been used or be available for use by government ‘for an administrative purpose’.The information to be amended or annotated does not have to be used for an administrative purpose.
An application can be made to amend or annotate only those records to which the individual has lawful access.The applicant does not have to have access to the record which he/ she wants corrected or annotated.
A decision must be made within 30 days, subject to the right to request an extension of time from the Information Commissioner.We must have taken reasonable steps to correct or annotate the record within 30 days.
The information to be amended or corrected must be ‘incomplete, incorrect, out of date or misleading’.The personal information to be corrected or annotated must be ‘inaccurate, out-of-date, incomplete, irrelevant or misleading’ (that is: the additional ground of ‘irrelevance’ is available).
We may alter or add a note to the record but must not hide the existing text.We must take reasonable steps to amend the record if satisfied that it is inaccurate, out-of-date, incomplete, irrelevant or misleading for the purpose for which it is held.
There is no procedure for notifying other APP entities.If requested by the applicant, we must notify any APP entity to which the personal information was previously disclosed, unless it is unlawful or impracticable to do so.
The Information Commissioner and the Administrative Appeals Tribunal may review a refusal to amend or annotate a record, and have discretion whether to amend or annotate the record. There is also a right to complain to the Commonwealth Ombudsman and a right of appeal to the Federal Court.The Information Commissioner may review a complaint that we failed to correct personal information or comply with the APPs and may make a determination to amend or comply. Complaints can also be made to the Commonwealth Ombudsman.

Evidence of identity

You must provide evidence of your identity if you apply to access or correct departmental documents containing your personal information.

The evidence of your identity must clearly show that you are the person whose personal information is being requested or corrected.

Acceptable identity documents include: a passport, an Australian driver’s licence or any other official identification in the English language which contains your photo, signature and address. Copies of identification documents should be certified as true copies of the originals by a person with the power to witness a Commonwealth statutory declaration.

Requests made on behalf of another person

If you are making a request to access or correct the personal information of another person, we will ask you for a written authority from that person, authorising you to make the request on their behalf. We will also ask for evidence of both identities, showing clearly that you are the person who is authorised to apply on behalf of the other person.

When we can refuse a request for access or correction

We may decline access to, or correction of, personal information in certain circumstances, as set out in the Privacy Act. Generally, if we refuse to give you access, we will notify you in writing, including the reasons for refusal and the mechanisms available to you to dispute that decision. If you need help with your request please contact the department’s Privacy Officer.