Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.
We respect your Do Not Track preference.
An organisation can refuse a principle 6 request if the information does not exist or cannot be found, despite reasonable efforts to locate it. An organisation cannot provide what it does not have or cannot locate.
An organisation must be able to show that it has taken all reasonable steps in searching for the information. The search must be 'intelligent, rather than mechanical' - for instance, the organisation needs to ask the appropriate people whether they have the information and follow other obvious lines of enquiry. It's not enough to assume that the information should be in a particular place.
If an organisation is able to show that it has tried its best and it really cannot find the information, then the refusal ground will apply. However, the Commissioner may decide to investigate whether there are any systemic problems relating to the way that the organisation stores and secures its information. Organisations should have good information storage systems so that they can find information if it is needed, as set out in principle 5 of the Privacy Act.
| 53. Other reasons for refusing access to personal information An agency may refuse access to any personal information requested if— |
| (a) the information requested does not exist or, despite reasonable efforts to locate it, cannot be found |
