[Previous] [No next] [Title]

7. Access, correction and openness principles


Graham Greenleaf and Nigel Waters; revised by GG 15 March 2002 and NW 28 April 2002 and 26 May 2003

= required reading

= material added since the date of the class concerning this topic

General resources:

FOI Review, periodical ISSN 0817 3532, Edited by Rick Snell, Universtity of Tasmania,

Bygrave (doctoral thesis, 2000) 3.6. Data Subject Participation and Control states 'The fifth core principle of data protection laws is that persons should be able to participate in, and have a measure of influence over, the processing of data on them by other persons or organisations. This principle embraces what para 13 of the OECD Guidelines terms the "Individual Participation Principle" ...'

7.1. Access principles

7.1.1. General considerations

Bygrave (doctoral thesis, 2000) 3.6. Data Subject Participation and Control discusses these principles as part of the second main category a set of principles empowering data subjects. 'Secondly, and arguably of greater importance [than general public information], are a category of rules which aim at, [inter alia], making persons aware of basic details of the processing of data on themselves. This category of rules can be divided into three main sub-categories: (1) rules requiring data controllers to collect data directly from data subjects in certain circumstances; (2) rules prohibiting the processing of personal data without the consent of the data subjects; and (3) rules requiring data controllers to orient data subjects directly about certain information on their data-processing operations.' Access and correction rights fall into the third sub-category. They are also two of the elements of Rule's `efficiency' criteria.

Privacy and Freedom of Information laws

In many jurisdictions - principally those with a strong administrative law focus and a Westminster style of government - Freedom of Information (FOI) laws also grant access and correction rights to information held by government. In most cases (Australia, Canada, the USA), FOI laws pre-dated privacy laws - in contrast the UK started with data protection law which included an access and correction rights to computerized data, subsequently added some personal access rights to paper records for particular sectors (health and education), and has only recently passed a general FOI Act (2000) which has yet to take effect. Consideration of the practical effect of access and correction principles needs to take account of the substantial jurisprudence of FOI law.

The problem of access exemptions frustrating other privacy objectives

Most sets of data protection principles (and FOI laws) contain some exemptions from the right of access to information about oneself (subject access), on grounds of public interest (national security and similar matters), or on the grounds of the over-riding interests of other persons.

This is a serious problem for data subjects, as where an exemption applies, they usually have no direct way of knowing whether information held about them by the data user is incorrect, or is being misused. Their capacity to protect their interests under other IPPs, not just the loss of their right of access, is reduced (probably destroyed). Where personal information is being used in secret from the data subject, it is doubly important that it be accurate, because the data subject is unlikely to have any opportunity to 'put his side of the story'.

It is also a problem for data users, who may be using incorrect personal information without wishing to do so, and against their organisational interest in using correct information.

Intermediary access

Many of the problems which can arise because of absolute nature of exemptions from access can be overcome by 'intermediary access', where direct access to the subject of the information is denied, but access is allowed to some trusted third party intermediary (which could be a Privacy Commissioner, or could be another party such as a doctor).

Explicit provisions for intermediary access are unusual in data protection or FOI laws. A limited and defective attempt at providing intermediary access is included in Australia's private sector NPPs (see NPP 6.3, and below), but not in the public sector IPPs (but see s41 of the Commonwealth FOI Act for a limited intermediary access provision).

Consideration must also be given to whether, as an incident of his ordinary powers, a Privacy Commissioner can effectively exercise intermediary access on behalf of a complaint where the data in question is exempt from access. There is a 'chicken and egg' problem here. In order for a person to credibly allege that their personal data is being used even though it is inaccurate (data quality principle) or that it is being used or disclosed for improper purposes (use/disclosure principles , the complainant would normally first seek access to his/her record to obtain the necessary evidence.

Where subject access is prevented, the data subject will have to attempt to provide credible secondary evidence of inaccuracy/misuse to the Commissioner. It would seem appropriate for Commissioners to exercise any discretions to commence investigations liberally in favour of complainants under such circumstances.

Correction of records raises further issues in these circumstances, dealt with below.

7.1.2. Australian Public sector

Statutory provisions

Grounds for refusing access

The right of access in IPP 6 is subject to the exceptions to access in the Freedom of Information Act 1982. The Commonwealth Privacy Commissioner has not generally dealt with complaints concerning access and correction, requiring complainants to exercise their FOIA rights, which include a right of appeal against refusal of access to the Administrative Appeals Tribunal.

The NSW PPIPA likewise imports the exemptions (grounds for withholding) from the FOI Act 1989 (NSW) (PPIPA s20(5)). Similarly, while the Victorian IPA has detailed grounds for withholding set out in its Access Principle (IPP6), these are in effect overridden by s12 which defers to the FOI law (FOI Act 1982 (Vic)). There is as yet no experience under either the NSW or Victorian privacy laws as to how the Commissioners will handle access requests - presumably like the Commonwealth Commissioner by referring them to the established FOI processes. There is however a significant body of FOI law, including from the relevant NSW and Victorian Tribunals, dealing with the grounds for exemption, including the personal affairs/information exemptions, which is potentially relevant to future use of the private sector access right under the NPPs (see below under endorcement of access and correction).

Policy objectives
The policy objectives of Privacy law for providing access to documents are very different from the objectives of FOI law. This was discussed in the context of the Commonwealth Acts in the 1995 ALRC Report No 77, Open government: a review of the federal Freedom of Information Act 1982, and earlier discussion papers, discussed in PLPR http://www.austlii.edu.au/au/journals/PLPR/1995/63.html ((1995) 2 PLPR 95) (see also http://www.alrc.gov.au/) Leaving aside the grounds for withholding that apply equally to personal and non-personal information, there is a specific exemption designed to protect the privacy of third party individuals:
s41 FOIA 'privacy exemption'
The 1991 amendments to this section to replace references to 'personal affairs' with 'personal information' was expected to make the previous line of judicial discussion about the meaning of 'personal affairs' irrelevant, and to limit the issue to whether the disclosure was 'unreasonable'.

However, see Siddha Yoga Foundation Ltd v Strang and Department of Immigration and Ethnic Affairs (unreported, Jenkinson J, 27 October 1995), the only Federal Court decision which has considered the meaning of "personal information" in the context of the freedom of information legislation ( discussed by Gunning ) deals with the facts in that case on the basis of whether names were 'personal information', not solely on the basis of whether the disclosure was unreasonable. This reflects the dominance in FOI law of the `openness and accountability' objective and the Courts' reluctance to cede too much `personal space' that would interfere with that objective. Government agencies, in contrast, have embraced the changed definition enthusiastically, often using the personal information exemption as an excuse to prevent scrutiny of public interest issues, even where the personal information relates to public servants in the performance of their work.

An agency can invoke the privacy exemption (s.41) without any consultation with the third party but if it wishes to grant access in whole or part to the information sought, and it decides that the third party might reasonably object, then it must give that person an opportunity to comment. (s27A) If the third party objects, the agency can still disclose, but only after the time limit for application for review by the AAT has expired (or any review appeal has been finalized). This process of consultation is known in the bureaucracy as `reverse FOI'.

s38 'secrecy exemption'
The Privacy Act Schedule 1 amends of the `secrecy exemption' in s38 FOIA by addition of s38(2) which provides (as further amended in 1991):
(2) Where a person requests access to a document, this section does not apply in relation to the document so far as it contains personal information about the person.
This provision appears to mean that the FOIA right of access to information (s11), insofar as it contains personal information about the person, cannot be limited by any previous secrecy provision. This will be so even if a previous secrecy provision is directed specifically at a class of information concerning personal information.

Insofar as subject access to personal information is concerned, the FOIA now effectively repeals all previous secrecy enactments. The affect of this change needs further assessment.

State FOI laws - personal affairs v personal information
The various FOI laws in the Australian States and Territories deal in different ways with this distinction. Under the NSW PPIPA, both the provisions relating to access and the `privacy exemption' still use the more restrictive concept of `personal affairs' (Clause 6, Schedule 1), with the tribunals and courts having interpreted this fairly narrowly. For example, the President of the Court of Appeal in Commissioner of Police v District Court (Perrin's case (1993) (31 NSWLR 606)) held that the names of police officers carrying out functions associated with their official duties was held not to relate to their personal affairs. This has been followed by the Administrative Decisions Tribunal in Woods v State Rail Authority (2002) NSWADT 253, and in Robinson v Department of Health (2002) NSWADT 222. However, the `downside' of a narrow interpretation of personal affairs is that individuals are not able to exercise their access and correction rights in relation to information that is held to be non-personal ` business affairs', even though it is still `personal information' under the relevant privacy law. Sooner or later, the discrepancy between the definitions in privacy and FOI laws needs to be dealt with, preferably having regard to the underlying objectives of the two types of law - consistency of definition should not be the only test. See Waters, Privacy Exemptions in FOI laws - an unnecessary barrier to accountability (2002 9(1) PLPR 17).

NSW Tribunal cases have also displayed an inconsistent approach to the `unreasonable disclosure' test, particularly to the issues of the public interest in efficient administration (Gliksman v Health Care Complaints Commission (2001) NSWADT 47) and of whether the motive of the applicant can be taken into account (Gilling v Hawkesbury Council (1999) NSWADT 94 and (1999) NSWADT 43; Humane Society v National Parks and Wildlife Services (2000) NSWADT 133; Saleam v Department of Community Services (2002) NSWADT 41 and Uddin v South Eastern Area Health Service (2002) NSWADT 228. The Victorian Tribunal has taken a different approach in holding that motive is a relevant factor (see for example Birrell v Department of State Development (2001) VCAT 258) (Acknowledgement to Peter Timmins for these case references).

7.1.3. Australian Private sector - NPP 6

Exemptions from access

NPP 6.1 provides that 'If an organisation holds personal information about an individual, it must provide the individual with access to the information on request by the individual, except to the extent that' one of the exemptions in 6.1(a) - (k) applies. The exemptions are modelled on those in the FOI Act, but modified as part of the Privacy Commissioner's consultative process in 1997-99 to provide a better fit for the private sector. Unlike the FOI Act exemptions, there is no balancing required with accountability objectives, or consideration of non-personal information, and they can focus exclusively on being exemptions that are justified, on either public or limited private interest grounds, in relation to withholding personal information from the individual concerned. On this basis, several `bids' from the private sector were rejected, including an attempt to allow withholding of references and other opinions. There remain however a broad range of grounds for withholding many on which will seem unreasonable to the individual seeking access, so challenges can be expected once individuals become aware of their rights and start exercising them.

Fear of granting subject access remains one of the private sector's main concerns about the new Act, although the general exemption for employee records has removed one of the most sensitive areas for subject access. But recruitment processes remain subject to the Act and one industry body has already tried to subvert the requirement to disclose attributed references. The Information Technology Contractors and Recruitment Association (ITCRA) submitted a draft Code of Practice to the Privacy Commissioner in 2002. (See www.itcra.com) Although the Code principles do not vary significantly from the NPPs (they must overall be at least the equivalent of the NP obligations), proposed guidance notes to principles 1 & 6 encourage member companies not to record the names of referees so as to avoid having to identify them when giving access to references. Following adverse criticism, ITCRA withdrew its Code application.

Explanation rather than reasons - commercially sensitive information

NPP 6.2 provides
However, where providing access would reveal evaluative information generated within the organisation in connection with a commercially sensitive decision-making process, the organisation may give the individual an explanation for the commercially sensitive decision rather than direct access to the information.'

Intermediary access

NPP 6.3 provides:
6.3 If the organisation is not required to provide the individual with access to the information because of one or more of paragraphs 6.1(a) to (k) (inclusive), the organisation must, if reasonable, consider whether the use of mutually agreed intermediaries would allow sufficient access to meet the needs of both parties.
This falls short of being a right to intermediary access, only requiring the organisation to consider allowing intermediary access.

7.1.4. Hong Kong - DPP 6 and Part V

DPP 6-Access to personal data provides a general statement of access and correction rights.

Part V - Access To And Correction Of Personal Data sets out a detailed regime. Part V provisions will prevail in the event of any inconsistency with DPP 6 (see s4). However, Part V must be interpreted in accord with the objects of the Ordinance (see B&W p156).

See generally B&W Chapter 9 for the details of access and correction procedures, particularly in relation to:

Exemptions from access

See B&W Chapter 12 generally, and in particular pgs 215-230 re exemptions from access.

Berthold summarised the exemptions to both DPP 3 (use) and DPP 6 (access) as follows:

'Exemptions from both principles are accorded where their application to the data in question is likely to prejudice health, the prevention, preclusion or remedying of illegal or 'seriously improper conduct' (for example, disciplinary breaches), law enforcement, the collection of tax, and security, defence or international relations in respect of Hong Kong. Financial regulation is accorded some elaborate supplementary exemptions. Also exempted are data held by a news business solely for the purpose of a news activity.'

There are also access exceptions to some employment data (some staff succession plans and evaluative process data, and references), and data subject to professional privilege.

Can the Commissioner access an exempt document on a person's behalf?

Third party privacy and 'reverse-FOI'

Subject access is excluded where the data user cannot comply without disclosing personal data concerning another person (h s20(1)(b)).

However, access can occur if:

See B&W pgs 164-6.

7.2. Correction principles

7.2.1. General considerations

The problem of correction tied to access

Where a person is denied access to a document containing their personal information, the potential for it to do harm is at its greatest. It is even more important that documents exempt from access are accurate than that those that are accessible are accurate.

The problem is that some data protection laws tie the right of correction to the right of access, with the result that rights to seek correction (without access) are precluded in these situations:

7.2.2. Australian public sector

Statutory provisions

Is correction limited to where access is available?

Correction rights under the FOIA only applies to documents 'to which access has been lawfully provided to the person, whether under this Act or otherwise'.

IPP 7 does not contain any such limitation.

The Privacy Act s35 gives the Commissioner a function of acting as an intermediary where a person has requested an agency to amend a document, but that document is exempt from the applicant obtaining access to it, and the applicant has not otherwise obtained lawful access to it, so that the correction rights under s48 of the FOIA are inapplicable.

In such situations the Commissioner can inspect the (secret) documents on the applicant's behalf and, where appropriate, can recommend alteration or deletion, but can only require the agency to make additions, but not alterations or deletions, to the document. This extends the FOIA s51(2) addition right to exempt documents, but not the FOIA s51(1) correction right.

Conclusion: s35 may be too limited. Where a person is denied access to a document, the potential for it to do harm is at its greatest. It is surely a lesser evil to have the Commissioner order amendments in secret than to have an obvious incorrect and prejudicial record stand with merely some addition to it pointing out how wrong and prejudicial it is. The AAT has been very circumspect in ordering deletions or alterations, and the Commissioner could be expected to follow suit. The potential of IPP 8 (data quality) should not be overlooked here - the Commissioner could find that an agency that willfully refused to amend a record in the face of evidence of it not being accurate, up-to-date or complete was in breach of IPP8.

Limitation of correction rights to Australian citizens and permanent residents

Privacy Act 1988 s 41(4) provides that complaints concerning correction rights under IPP 7, NPP 6, or equivalent provisions in industry codes can only be investigated by the Commissioner if they are by Australian citizens or permanent residents. Note that this is one of the criticisms of the Act by the European Commission that could stand in the way of an adequacy assessment under the EU Data Protection Directive)

Notification of recipients of incorrect information

No other Australian IPPs IPPs have such a requirement of subsequent notification of correction. The Hong Kong Ordinance does have the same type of provision, however (see discussion earlier under Data Integrity / Quality Principle).

Meaning of 'incomplete, incorrect, out-of-date or misleading'Relationship to data quality

[Further notes will be added on this section.]As noted above, there is a close relationship between correction and data quality principles. There are significant differences in the criteria used in the various data quality principles which will influence how useful they are to individuals seeking to have records changed. The Commonwealth IPPs include relevant, the NSW IPPs relevant and not misleading, while the Victorian IPPs (and the Commonwealth NPPs) only include accurate complete and up-to-date.

Archives legislation is also relevant. Arhives or reords laws may prevent an agency from actually changing or deleting information without keeping a historical record of the original.

7.2.3. Australian Private sector - correction rights

NPP 6.5 provides 'If an organisation holds personal information about an individual and the individual is able to establish that the information is not accurate, complete and up-to-date, the organisation must take reasonable steps to correct the information so that it is accurate, complete and up-to-date.'

This provision is unusual in requiring the individual to establish that the record is not accurate etc, rather than requiring the organisation to establish that it is.

There is no restriction on exempt private sector documents being amended, but the onus of proof provision would make this very difficult.

The draft Australian Casinos Association Privacy Code (see http://www.auscasinos.com/ps/PRIVACY_CODE_0403.pdf) improves on the correction principles in NPP6 in two ways - it applies the correction rights to non-Australian residents, and it provides for organizations to whom personal information has already been disclosed to be notified of any subsequent corrections.

7.2.4. Hong Kong

See generally B&W pgs 171-176 for details of the mechanics of correction.

Is correction tied to access?

DPP 6-Access to personal data simply states that 'A data subject shall be entitled to ... (e) request the correction of personal data', and does not make correction contingent upon access under DPP 6.

However, in Part V - Access To And Correction Of Personal Data , s22 Data correction request states that 'where... (a) a copy of personal data has been supplied by a data user in compliance with a data access request; and (b) the ... data subject considers that the data are inaccurate, then that individual or relevant person, as the case may be, may ... request... correction to the data' (emphasis added). Correction appears to be contingent upon access.

Generally, s22 will prevail if there is any inconsistency between it and DPP 6. However, s22 must be interpreted in accordance with the purpose of the Ordinance (see the long title's reference to protection of privacy). It could be argued that DPP 6 is not inconsistent with s22, but adds to it, s22 merely covering the normal case of correction following access. There are no policy reasons which would seem to support the opposite conclusion.

7.3. Remedies to enforce access and correction rights

7.3.1. Australian Privacy Act

The provisions in the Privacy Act which provide the means of enforcement of the IPPs do not exclude IPPs 6 and 7. This has three consequences relating to the FOIA:
Alternative proceedings under the Privacy Act
There is nothing in the Privacy Act which explicitly forces complainants to exercise their rights under the FOIA rather than the Privacy Act.

The Privacy Act s41 gives the Commissioner a comprehensive discretion to decide not to investigate a complaint (s41(1)), or to defer an investigation (s41(3)), where a complainant has or could have commenced proceedings under the FOIA.

An applicant may seek an injunction under s98 from the Federal Court if an agency has contravened or proposes to contravene IPPs 6 or 7. In appropriate circumstances the Court could require access to a record to be given, or corrections to a record to be made. However, as injunctive remedies are discretionary, and particularly in light of the s41(6) requirement that the Court be satisfied that the agency has `refused or failed' to provide access or make a correction when it should have done so, it is unlikely that the Court would normally be willing to give injunctive relief where a person had not attempted to exercise rights available to them under the FOIA. There may, however, be situations of urgency where such relief was appropriate, effectively by-passing the rather lengthy procedures under the FOIA.

Additional remedies under the Privacy Act

Injunction (s98): Injunctive relief is not available under the FOIA.

Commissioner's remedies (s52): If the Commissioner finds a complaint substantiated he may make a declaration (s52) that an agency

(ii) ...should perform any reasonable act or course of conduct to redress any loss or damage suffered by the complainant' [or that] (iii) ... the complainant is entitled to a specified amount by way of compensation for any loss or damage suffered by reason of the act or practice the subject of the complaint;
The main problem here is to determine under what circumstances complainants who have suffered some loss or damage because of the existence of an incorrect record may obtain some redress beyond mere correction of the record.

It is important to note that IPP7, unlike FOIA s48, does not define an applicant's right to seek correction of a record, but rather an agency's obligation to take reasonable steps to ensure that the record is accurate etc. It is a plausible argument that this obligation is independent of any request for correction by the subject of the record, and that therefore there may be a breach of IPP7 even where there is no refusal to correct a record. IPPs 8 & 9 would then impose additional obligations to take any reasonable steps to ensure accuracy etc before a record is used.

Alternatively, IPP7 could be interpreted as only imposing obligations to take reasonable steps where a correction etc is requested, with the positive obligation on an agency to take steps to ensure accuracy etc only arising under IPPs 8 & 9. In that case, only a failure to properly correct a record on request could breach IPP 7.

It probably doesn't matter which interpretation of IPP7 is correct, because any loss or damage which results from the use of an inaccurate etc record could be argues to be a breach of IPP 8 or 9. In either case, the result is that there will be situations where the use of an inaccurate record, whether or not it results from the failure of an agency to correct it on request, could lead to the Commissioner providing remedies under s52.

It may be possible in many cases for agencies to argue that they have taken steps that are reasonable in the circumstances to ensure that records are accurate etc, even if those records turn out to be incorrect. However, any agency which is put on notice by a complainant that a record is incorrect will need to exercise special care before making any use of that record, or run the risk of declarations by the Commissioner.

In short, the `Commissioners remedies' do provide a substantial extension of the remedies available under the FOIA where loss or damage results from the use of incorrect records by agencies.

7.3.2. Hong Kong

See Data Quality / Integrity Principle above concerning the availability of damages in Hong Kong for damage because of inaccurate information.

7.4. Openness principle (and accountability)

The requirement of `openness' in the operation of personal information systems (as found in the OECD privacy Guidelines) is a valuable `political' principle. The requirement that there be an accountable data controller is also important here.

Foucault and Rule both stress that `openness' can help legitimise surveillance and dull opposition. However, `openness' is also a precondition for effective opposition to the development of undesirable systems. So `openness' is both `efficient' and `critical'.

Bygrave (doctoral thesis, 2000) 3.6. Data Subject Participation and Control discusses this principles as part of the first main category a set of principles empowering data subjects. 'First, there are rules which aim at making persons aware of data-processing activities generally. The most important of these rules are those requiring data controllers to provide basic details of their processing of personal data to data protection authorities, coupled with a requirement that the latter store this information in a publicly accessible register.'

Unlike the registration of data users required under UK law, Asia-Pacific privacy laws (Hong Kong, New Zealand, Australia and Canada) have never required registration. Australian Federal agencies are however required to submit an annual return to the Privacy Commissioner.

7.4.1. Australia

7.4.2. Hong Kong DPP 5

requires data users to take steps to ensure that any person (not just a data subject) can: See B&w p118 for discussion. They consider that DPP 5 'requires data users to answer reasonable questions ... from the public'.


[Previous] [No next] [Title]