Our website uses cookies so we can analyse our site usage and give you the best experience. Click "Accept" if you’re happy with this, or click "More" for information about cookies on our site, how to opt out, and how to disable cookies altogether.
We respect your Do Not Track preference.
You must keep the personal information you hold safe and secure. You must also give people access to the information you hold about them, and take reasonable steps to correct it if it’s wrong.
Make sure that you take reasonable steps to store and use personal information securely. You may need a locked cabinet for physical documents, or password protection for electronic files. Make sure only appropriate people can access the information. Look after information in transit as well, e.g. a secure payments channel for people buying things from your website.
Security includes taking steps to prevent unauthorised or inappropriate access by staff. Have clear policies and guidelines in place that set out acceptable staff behaviour. Depending on the sensitivity of the information, it may be necessary to set up systems that limit or keep track of who accesses it.
Principle 5 governs the storage of personal information.
People have a right to access the personal information you hold about them. You should keep personal information in a way that is easily retrievable so you can:
If someone asks for access to their personal information, you must respond within 20 working days of receiving the request. Your response should include a decision about whether you will be providing the requested information. It doesn’t necessarily have to include the information, but you should provide it as soon as possible afterwards.
It’s best to provide the information promptly unless there’s a reason you can withhold it under the Privacy Act. Part 4 of the Privacy Act has a full list of the reasons for refusing access to personal information.
Principle 6 governs access to personal information.
People can ask you to correct their personal information if they think it’s wrong.
If you don’t think you need to correct the information, you must still record that the person asked you to correct the information, and note exactly what they thought was wrong. Attach that record to the person's file so that everything is together. Knowing what the person thinks will help anyone else who looks at the record to make better decisions.
Principle 7 governs correcting personal information.