search

How many days does a firm have to provide the customer with a copy of the account record?

1 Jahrs vor
Kommentare: 0
Ansichten: 22

On this page

  • How to access your personal information and any charges involved
  • How you’ll access the information you’ve requested
  • When an organisation can refuse your request for access

Show

Australian privacy law gives you a general right to access your personal information. This includes your health information.

An organisation or agency must give you access to your personal information when you request it, except where the law allows them to refuse your request.

You don’t have a right under Australian privacy law to access other kinds of information, such as commercial information.

You also have rights to access government records which contain your personal information under the Freedom of Information Act 1982 (FOI Act). 

If you want to access records the police hold about you, please contact the Australian Federal Police or the criminal records section of your state or territory police service. 

How to request access

You will need to contact the organisation or agency that holds your personal information to request access. Only you or another person you have authorised, such as a legal guardian or authorised agent, can make the request. An organisation or agency must be satisfied the request came from you or a person you authorised.

You may be asked to put your request in writing and for information that identifies you. If so, include:

  • your name and contact details
  • the personal information you want to access
  • how you’d like access to the personal information (such as receiving a copy by email or post, or if you just want to look at the information)
  • if you authorise a person or organisation to access the personal information on your behalf

When should you get a response to your request?

An organisation must respond to a request for access to personal information within a reasonable period. We think 30 days is a reasonable period.

An agency must respond to a request for access to personal information within 30 days.

Can an organisation refuse your request?

An organisation can refuse to give you access to your personal information if they have a valid reason. Examples of a valid reason include:

  • the organisation believes that giving you access may endanger the life, health or safety of any individual, or endanger public health or safety
  • giving you access would have an unreasonable impact on the privacy of other individuals
  • your request is frivolous or vexatious
  • your personal information is part of existing or anticipated legal proceedings between you and the organisation

An agency can rely on any of the exemptions in the FOI Act to refuse you access.

Generally, if an organisation or agency refuses you access to your personal information under Australian privacy law, they must tell you in writing their reasons for refusing and how you can make a complaint.

How will you access your personal information?

An organisation or agency must give you access to your personal information in the way you asked to access it, if it is reasonable and practical to do so. For example, you may ask to access your personal information by receiving a copy in an email or by post, by being given information over the phone or by inspecting the information in person. If the organisation or agency can’t give you access to your personal information in the way you requested, they must try to give you access in a way that meets both your and their needs.

Is there a charge?

Requesting your personal information is free.

However, an organisation may charge for providing you access, but this charge can’t be excessive. The organisation must tell you there’s a charge and explain the reasons for it.

The charge may include the cost of:

  • staff searching for, locating and retrieving the requested information, and deciding which personal information is relevant to the request
  • staff reproducing and sending the personal information
  • the postage or materials involved in giving access
  • using an intermediary, if necessary

An organisation can’t use this charge to discourage you from requesting access to your personal information. If possible, they should tell you the likely amount of the charge when you make the request.

They should also discuss with you options for changing your request to minimise the charge. For example, changing the way they give it to you — by email rather than post.

An agency can’t charge you for providing access to your personal information.

  • How long does an organisation have to respond?
  • Can an organisation charge a fee?
  • What should an organisation send back to me?
  • Will I always receive everything I asked for?
  • Frequently asked questions

How long does an organisation have to respond?

An organisation normally has to respond to your request within one month.

If you have made a number of requests or your request is complex, they may need extra time to consider your request and they can take up to an extra two months to respond.

If they are going to do this, they should let you know within one month that they need more time and why.

For more on this, see our detailed guidance on time limits.

Can an organisation charge a fee?

In most circumstances, they should give you a copy of your personal information free of charge.

However, an organisation can charge a reasonable fee to cover their administrative costs – if they think your request is ‘manifestly unfounded or excessive’.

They can also charge a fee if you ask for further copies of your information following a request.

If an organisation can charge a fee, the one-month time limit does not begin until they have received the fee.

What should an organisation send back to me?

When an organisation responds to your request, they should normally tell you whether or not they process your personal information and, if they do, give you copies of it.  The organisation should also include:

  • what they are using your information for;
  • who they are sharing your information with;
  • how long they will store your information, and how they made this decision;
  • details on your rights to challenge the accuracy of your information, to have it deleted, or to object to its use;
  • your right to complain to the ICO;
  • details about where they got your information from;
  • whether they use your information for profiling or automated decision-making and how they are doing this; and
  • what security measures they took if they have transferred your information to a third country or an international organisation.

If you specifically wish to receive this additional information, we recommend you state this in your request.

Will I always receive everything I asked for?

Not always. Depending on the circumstances:

  • you may receive only part of the information you asked for; or
  • the organisation may not provide you with any personal information at all.

An organisation can refuse to comply with your subject access request if they think it is ‘manifestly unfounded or excessive’.

There can be other reasons why you may not receive all the information you expect, such as when an exemption applies, or the type of information you asked for is not covered by a subject access request.

Frequently asked questions

Am I entitled to receive copies of entire documents?

No. Your right of access does not entitle you to receive full copies of original documents held by an organisation – only your personal information contained in the document.

Example

You make a subject access request to your bank for full copies of your bank statements.

Your bank is not required to provide copies of the actual bank statements, but they must provide you with your personal data contained within them, for example, by providing you with a list of transactions.

By doing so, they have now complied with your subject access request without having to give you a full copy of the original bank statements.

What does ‘manifestly unfounded or excessive’ mean?

There is no set definition of what makes a subject access request ‘manifestly unfounded or excessive’. It will depend on the particular circumstances of your request. An organisation should explain the reasons for their decision.

As an example, an organisation may consider a request to be ‘manifestly unfounded or excessive’ when it is clear that:

  • it has been made with no real purpose except to cause them harassment or disruption;
  • the person making the request has no genuine intention of accessing their information (eg they may offer to withdraw their request in return for some kind of benefit, such as a payment from the organisation); or
  • it overlaps with a similar request they are still addressing.

To decide this, an organisation must consider each request on a case-by-case basis and be able to explain their reasoning to you.

What is an exemption?

An organisation may withhold some, or all, of your personal information because of an exemption in data protection law.

Exemptions are meant to protect particular types of information, or how certain organisations work.

Sometimes an organisation may not even have to let you know whether or not they hold information about you.

An organisation may also refuse to give you your information if it also includes personal information about someone else, except where:

  • the other individual has agreed to the disclosure; or
  • it is reasonable to give you this information without the other individual’s consent.

In their decision-making, an organisation has to balance your right of access against the other individual’s rights over their own information.

This may lead the organisation to refuse your subject access request.

Alternatively, the organisation may attempt to remove (or edit out) the other individual’s information before sending your information to you. This is commonly known as ‘redaction’.

This could mean you only receive partial information – such as copies of documents showing blanked-out text or missing sections.

In any case, an organisation normally needs to:

  • tell you why they are not taking action;
  • justify their decision; and
  • explain how you can challenge this outcome.

See our guidance on exemptions for organisations for more detail on this topic.

What happens if the organisation requires proof of ID?

ID (identity) checks are usually required for security – they are part of an organisation’s measures to protect your personal data from unauthorised access.

If an organisation asks you for proof of ID, the one-month time limit does not begin until they have received it.

What information is not covered by my request?

The right of access does not cover all types of information or uses of personal information. Some common examples of this include:

  • information used for personal/household activity (eg friends writing letters to you or pictures of you taken by family members);
  • images of you captured on a domestic CCTV system within the boundary of their domestic property; and
  • information about a deceased relative’s medical records (as data protection law only applies to living individuals).

Can I submit the same request again?

Yes, you can ask an organisation for access to your information more than once. However, they may be able to refuse your request if: 

  • they have not yet had the opportunity to address your earlier request; or
  • not enough time has passed since your last request (eg your information has not changed since then).

Remember, you can also ask an organisation for further copies of your information following a request, but they can charge a reasonable fee for this.

How often must a firm send an account statement?

Current NASD Rule 2340 (Customer Account Statements) generally requires each general securities member (as that term is defined in the rule)4 and NYSE Rule 409 (Statements of Account of Customers) generally requires each member organization to send account statements to customers at least quarterly showing security and ...

What is the 5 markup policy?

The five percent rule, aka the 5% markup policy, is FINRA guidance that suggests brokers should not charge commissions on transactions that exceed 5%.

How long do blotters general ledgers and stock records need to be maintained?

For example, brokers must retain blotters (records containing details of all purchases and sales of securities) for at least six years. But they must keep copies of trade confirmations for only three years.

Which of the following records must be kept for only 3 years?

Which of the following records must be kept by a broker-dealer firm for three years? Trial balances, usually run at the end of a reporting period to ensure that the firm's credit and debit columns arrive at identical sums, must be kept for three years after the trial balance was run.

days firm provide customer copy account record FINRA Customer rules finra rule 4530(d)

zusammenhängende Posts

Notification to the Department of Insurance is required within 30 days of change of company
Notification to the Department of Insurance is required within 30 days of change of company

How many days does a Georgia licensee have to appeal a decision that was the result of a hearing?
How many days does a Georgia licensee have to appeal a decision that was the result of a hearing?

Is it true that forensics analysis of a 6 TB disk for example can take several days or weeks?
Is it true that forensics analysis of a 6 TB disk for example can take several days or weeks?

Which nursing response is appropriate for the parent of an 18 month old child that eats nothing on some days and a lot on other days?
Which nursing response is appropriate for the parent of an 18 month old child that eats nothing on some days and a lot on other days?

How many days of acquiring or discovering a significant financial interest is the investigator required to submit an updated disclosure to the institution?
How many days of acquiring or discovering a significant financial interest is the investigator required to submit an updated disclosure to the institution?

A nurse is caring for a client who is 3 days postoperative following an above the-knee amputation
A nurse is caring for a client who is 3 days postoperative following an above the-knee amputation

What should you plan to do in the days after you have given a business presentation choose every correct answer?
What should you plan to do in the days after you have given a business presentation choose every correct answer?

Which color would the nurse expect the stoma to be in a client who had a formation of a colostomy 2 days ago?
Which color would the nurse expect the stoma to be in a client who had a formation of a colostomy 2 days ago?

Which of the following was not a reason the days of the open range and great cattle drives came to an end after the mid 1880s?
Which of the following was not a reason the days of the open range and great cattle drives came to an end after the mid 1880s?

Werbung

NEUESTEN NACHRICHTEN

Borderline wer ist schuld
1 Jahrs vor . durch LunarLine-up
Wer hat mich auf Instagram blockiert
1 Jahrs vor . durch IncipientHeader
Wie geht es dir was soll ich antworten?
1 Jahrs vor . durch SolubleAuthority
Kind 1 Jahr wie oft Fleisch
1 Jahrs vor . durch ThirstyRepublic
Was müssen Sie bei der Beladung von Fahrzeugen zu beachten?
1 Jahrs vor . durch WaxedHeadquarters
Schütz Die Himmel erzählen die Ehre Gottes
1 Jahrs vor . durch ExtrinsicSaucer
In planning an IS audit, the MOST critical step is the identification of the
1 Jahrs vor . durch SteepPanther
Wie lange darf eine Kaution einbehalten werden?
1 Jahrs vor . durch SeasonalBanjo
Sarah connor nicht bei voice of germany
1 Jahrs vor . durch FloridIceberg
Kann man mit dem Fachabitur Jura studieren?
1 Jahrs vor . durch PolarIndecency

Werbung

Populer

Werbung

Um

Legal

Hilfe

Sozial

homeendefrjpkoptzhhiitthtr
Urheberrechte © © 2024 ketiadaan Inc.