Our website uses cookies to give you the best experience and for us to analyse our site usage. If you continue to use our site, we will take it you are OK about this. Click on More for information about the cookies on our site and what you can do to opt out.

We respect your Do Not Track preference.

How to make information available – some tips for agencies Lynley Cahill
4 April 2017

Information centre malaysia

We live in an age where agencies collect and hold a lot of information about us. When we then request access to that information, this places demands on the time and resources of agencies to meet their obligations under the Privacy Act. Agencies sometimes feel a bit overwhelmed when responding to requests for personal information -  especially where a high volume of information is held.

Here are our top tips for getting sorted and avoiding problems down the road:

1. Can you get the requester to narrow the scope of their request?

While individuals are entitled to access all personal information held by an agency, we often find that requestors have a specific issue in mind when they make a request for personal information.  A phone call to the requestor can sometimes clarify what it is they are after.

For example, an elderly man requested all of his health information from his GP. These records dated back some 20 years and included hard copy material archived off site. A phone call from the GP to the man established that he wanted information relating to an issue with his hip. There was no need for the GP to trawl through 20 years worth of records to satisfy his request, once both parties had agreed on the amended parameters of the request. 

2. Don’t duplicate information

The Privacy Act entitles individuals to access their personal information held by an agency. But where an agency holds this information in multiple and duplicate forms, it is not required to provide the same information over and over again.

For example, we recently dealt with a case where an agency sought to withhold emails because they were subject to legal professional privilege.  The agency supplied hard copies of each email to the requestor, with the contents blanked out. Rather than supply one copy of the email trail, which included all of the correspondence, the agency supplied every single copy of each email, which included all of the correspondence that came before it. This added up to dozens of pages, with all of the content redacted. This gave the impression to the requestor that far more information was being withheld than was actually the case (because much of the blanked out material was simply duplicated information).  

We also advise agencies that, rather than providing completely blanked out documents, they can simply tell requesters that some information is being withheld under the Privacy Act, and give the specific grounds (for example, advising a requester that “some information has been withheld from you under 29(1)(a) of the Privacy Act”).

3. Think carefully about whether information should actually be withheld

In our experience, human nature means that as soon as someone sees that information has been redacted, (or is advised that some information has been withheld) they automatically assume it is far more interesting than it is! Most of the withheld information we review is quite benign. In fact, we have reviewed some documents in which pages numbers have been redacted - the result of some over enthusiastic redaction. Keep in mind that requestors always have the right to complain to our office and have any redacted or withheld information reviewed. Getting the redactions right in the first place can save you a lot of time down the line, in terms of engagement with our office, or as subject to proceedings in the Human Rights Review Tribunal.

4.  Make sure you redact information properly

We have seen redactions made with vivid pen, in which the information can be read when held up to the light. Use of redaction tools such as Adobe PDF is a good idea, however, be aware that in some cases, if the file is sent electronically, cutting and pasting the withheld information into a different document will reveal the contents of the redacted section!

5.  Think about plain English explanations for why information is withheld

If you use a withholding section often, it can be useful to prepare some clear wording that explains in a straight forward way why you believe the information needs to be withheld. The minimum you need to provide to a requester is the section of the Privacy Act you are relying on and, if the requestor asks for it, you will also need to provide the grounds in support of the section used. Providing a reasonable explanation up front can save you time.  

6.  Good communication prevents complaints

Make it your practice to give good information to requestors about what’s happening with their request, and tell them when they can expect to hear from you. They won’t need to engage with us if you are engaging with them.  

7.  Keep an eye on the clock!

Agencies have timeframes they must meet under the Privacy Act when responding to requests.  Make sure you are familiar with these. We don’t want you to respond to a request with the best of intentions, and end up being caught foul of the Privacy Act because your response was a day late. We have a handy calculator on our website to assist.  Familiarise yourself with Part 5 of the Act – we’re told it makes great bedtime reading.

Don’t be afraid to ask for advice. Our AskUs tool on our website contains information and our enquiries line can offer general advice.

Image credit: Information centre sign (Malaysia) via Wikipedia





No one has commented on this page yet.

Post your comment

The aim of the Office of Privacy Commissioner’s blog is to provide a space for people to interact with the content posted. We reserve the right to moderate all comments. We will not publish any content that is abusive, defamatory or is obviously commercial. We ask for your email address so that we can contact you if necessary to clarify your comment. Please be respectful of authors and others leaving comments.