Australia

I want to know what personal information a company holds about me. Do I have a right to access it?

30 days
Response time
$0 fee
Standard access fee
APP 12
Relevant privacy principle
13 months
Retention period for requests
The Short Answer

Yes, you have a legal right to access your personal information held by most Australian companies under the Privacy Act 1988.

What the Law Says

The Privacy Act 1988 gives individuals the right to request access to their personal information held by organisations covered by the Act.

Most private sector businesses in Australia with an annual turnover of $3 million or more must comply with the Australian Privacy Principles (APPs) under the Privacy Act 1988. Smaller businesses may also be covered if they handle sensitive information, provide health services, or are contracted by government.

APP 12 specifically gives you the right to request access to your personal information that an organisation holds. The organisation must respond within 30 days and generally cannot charge a fee for giving access.

If access is refused, the organisation must give written reasons and inform you of your right to complain to the Office of the Australian Information Commissioner (OAIC).

Statutory Text

An individual has a right to obtain access to personal information that an organisation holds about them.

Privacy Act 1988, s. 12(1) — Australian Privacy Principle 12
Statutory Text

An organisation must give access to the information within 30 days after the request is made.

Privacy Act 1988, s. 12(3) — Australian Privacy Principle 12
Statutory Text

An organisation must not charge a fee for giving access to personal information unless the fee is reasonable and relates only to the costs of giving access.

Privacy Act 1988, s. 12(5) — Australian Privacy Principle 12

What to Do

1

Contact the organisation in writing (email or letter) and clearly state you are making a request under APP 12.

2

Include enough detail to identify yourself and the information you’re seeking (e.g., full name, date of birth, account number).

3

Keep a copy of your request and note the date you sent it — the organisation has 30 days to respond.

4

If you don’t receive a response or are refused access without valid grounds, you can lodge a complaint with the OAIC.

Sources

statutePrivacy Act 1988, s. 12 — Australian Privacy Principle 12guidanceOAIC: Accessing your personal information

Same Question, Other Jurisdictions

GermanyCanadaIrelandSingaporeEuropean UnionIndiaUKUS-CaliforniaCompare all →

Not legal advice. This article is general information based on publicly available sources, written for educational purposes. Laws change and individual situations vary. Consult a licensed attorney in your jurisdiction before acting on anything you read here. Last reviewed: 2026-06-08.