​​​​​​​
You are here: Skip breadcrumbAttorney-General's Department >> Accessing and correcting personal information

Accessing and correcting personal information

Under the Privacy Act 1988, you have a right to access your personal information that is held by this department. You also have a right to request corrections to any personal information that we hold about you if you think that it is inaccurate, out-of-date, incomplete, irrelevant or misleading.

You can also apply under the Freedom of Information Act 1982 (FOI Act)to access and correct documents that we hold containing your personal information.

These rights to access and correct personal information under the Privacy Act and the FOI Act operate independently. As a result, you have a choice whether to access or correct your personal information under the Privacy Act (APP 12 and APP 13) or under the FOI Act.

There are no fees or charges for providing access to or correcting personal information.

Access to information

You can make a request under the FOI Act to access or correct your personal information by emailing foi@ag.gov.au or writing to:

The Director
Freedom of Information and Privacy Section
Attorney-General's Department
Robert Garran Offices
3-5 National Circuit
BARTON ACT 2600

More information about making an FOI request is available on our Freedom of information page.

You can make a request under the Privacy Act to access or correct your personal information by emailing privacy@ag.gov.au or by writing to:

Privacy Contact Officer
Freedom of Information and Privacy Section
Attorney-General's Department
Robert Garran Offices
3-5 National Circuit
BARTON ACT 2600

For access requests, we may suggest that you use the FOI Act instead of the Privacy Act for the following reasons:

  • an FOI access request can relate to any document held by an agency and is not limited to personal information
  • the FOI Act has a consultation process for dealing with documents that contain the personal or business information of third parties
  • the FOI Act includes a right to apply for internal review or Information Commissioner review of an access refusal decision.

Differences between the FOI Act and the Privacy Act access to information provisions

Differences between access under the FOI Act and privacy access procedures

Freedom of information access request

Privacy access request

A request made under the FOI Act must meet certain requirements (it must be in writing, say that it is an FOI request, reasonably identify the document and include a contact address).

Under the Privacy Act (APP 12) there are no formal requirements that a request must meet.

A request must be acknowledged within 14 days and a decision made in 30 days. Extensions of time (for a further 30 days) are available in some situations, including for consultation with a third party.

The privacy access procedures require only that that we respond to the request (by either providing access or refusing access) within 30 days.

Access under the FOI Act is to existing documents. We not have to create a new document in order to respond to a request.

Privacy access requests can be answered in different ways, for example, we could provide an oral explanation of a decision or action, create a new document rather than provide a redacted version of existing documents or compile data for the applicant.

Applicants may apply for internal review and/or Information Commissioner review. Review by the Administrative Appeals Tribunal and appeal to the Federal Court is available in some circumstances.

There is no right to a review of a decision on its merits. Applicants can make a complaint that there has been an interference with their privacy under the Privacy Act to the Information Commissioner.

FOI Act amendment and annotation

Under the FOI Act, you may apply to us to amend or annotate a record of your personal information, but only in respect of records to which you have obtained lawful access and only records which have an administrative purpose.

Where we are satisfied that the information is incomplete, incorrect, out-of-date or misleading, we may amend the record. We are not obliged to amend the record. Where we agree to amend a record, we must, as far as possible, retain the text of the record as it was prior to the amendment.

Where an amendment request is refused, we must provide reasons for the refusal. We must also give you an opportunity to make a statement expressing your disagreement with the record and we are obliged to annotate the record, by attaching that statement—unless we consider the statement to be irrelevant, defamatory or unnecessarily voluminous.

Privacy Act correction and annotation

The Privacy Act (APP 13) sets out minimum procedural requirements for the correction or annotation of personal information, but these are not as detailed as the FOI Act provisions. You may request the correction or annotation of your personal information on the same grounds as the FOI grounds but with the additional ground of the information being irrelevant. We are obliged to take reasonable steps to correct or annotate your personal information.

You can also request that we take reasonable steps to notify any other agencies or organisations of the correction to your information that we previously provided to them.

If you make a Privacy Act correction or annotation request, but are dissatisfied with the results, you can subsequently make a request under the FOI Act to amend or annotate the information.

Differences between the FOI Act and the Privacy Act correction and annotation provisions

Differences between the amendment and annotation of personal information under the FOI Act and the correction and annotation of personal information under the Privacy Act

FOI Act amendment and annotation procedures

Privacy Act correction and annotation procedures

An application for amendment must:

  • be in writing
  • specify the document requiring correction
  • specify the information that is claimed to be incorrect, out of date or misleading
  • specify whether the information is claimed to be incorrect, out of date or misleading
  • provide the applicant’s reasons for making the correction claim
  • specify the amendment requested by the applicant
  • provide a return address to which notices can be sent.

There are no formal requirements for making a request. We must take reasonable steps to correct information where satisfied that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading.

The record to be amended, must also have been used or be available for use by government ‘for an administrative purpose’.

The information to be amended or annotated does not have to be used for an administrative purpose.

An application can be made to amend or annotate only those records to which the individual has lawful access.

The applicant does not have to have access to the record which he/ she wants corrected or annotated.

A decision must be made within 30 days, subject to the right, to request an extension of time from the Information Commissioner.

We must have taken reasonable steps to correct or annotate the record within 30 days.

The information to be amended or corrected, must be ‘incomplete, incorrect, out of date or misleading’.

The personal information to be corrected or annotated must be ‘inaccurate, out-of-date, incomplete, irrelevant or misleading’ (that is: the additional ground of ‘irrelevance’ is available).

We may alter or add a note to the record but must not hide the existing text.

We must take reasonable steps to amend the record if satisfied that it is inaccurate, out-of-date, incomplete, irrelevant or misleading for the purpose for which it is held.

There is no procedure for notifying other APP entities.

If requested by the individual, we must notify any APP entity to which the personal information was previously disclosed, unless it is unlawful or impracticable to do so.

The Information Commissioner and the Administrative Appeals Tribunal may review a refusal to amend or annotate a record as requested and have discretion whether to amend or annotate the record. There is also a right to complain to the Ombudsman and a right of appeal to the Federal Court.

The Information Commissioner may review a complaint that we failed to correct personal information or comply with the APPs and may make a determination to amend or comply. Complaints can also be made to the Commonwealth Ombudsman.

Evidence of identity

In all cases where a request relates to documents that contain your personal information, we will ask you to provide evidence of your identity before we deal with your request. Your request should include a physical address, as we prefer to forward documents containing personal information to you by registered post rather than email.

If another person has authorised you to make a request on their behalf, we will ask you for the letter authorising you to make the request. If you are seeking documents containing personal information on behalf of another person, we will ask for evidence of both identities, showing clearly that you are the person who is authorised to apply on behalf of the other person.

Acceptable identity documents include: a passport, an Australian driver licence or any other official identification in the English language which contains your photo, signature and address. Copies of identification documents should be certified as true copies of the originals by a person with the power to witness a Commonwealth statutory declaration.

Letter of authorisation for requests made on behalf of another person

If a person is making a request on behalf of another, we require a signed letter of authorisation specifically authorising the department to either send documents to that person or allow that person to inspect the documents containing the other person's personal information.

If you need help with your request, email privacy@ag.gov.au or write to:

Privacy Contact Officer
Freedom of Information and Privacy Section
Attorney-General's Department
Robert Garran Offices
3-5 National Circuit
BARTON ACT 2600

There are no charges for providing access to or correcting personal information.

Privacy collection notice

We will only collect your personal information where it is reasonably necessary for or directly related to our functions under the Freedom of Information Act 1982 (FOI Act) or the Privacy Act 1988.

We may collect your name, postal address, email address and contact number so that we can contact you about your request under the FOI Act or the Privacy Act for access to or correction of personal information. As these requests concern personal information, we will need to verify your identity. We will collect the minimum amount of evidence necessary to do that.

Another person may have authorised you to make a request on their behalf. In that case we will ask you for the letter authorising you to make the request. If you are making a request on behalf of another person, we will ask for evidence of identities of both people, showing clearly that you are the person who is authorised to apply on behalf of the other person. We will collect the minimum amount of evidence necessary to do that.

The handling of your personal information is protected by the Privacy Act 1988 and our privacy policy. If you have an enquiry or complaint about your privacy, you may contact the Privacy Contact Officer at privacy@ag.gov.au.