Australian Capital Territory Current Acts Australian Capital Territory Current Acts(1) An intelligent access program service provider must prepare, and make publicly available, a document setting out the service provider's policies on the management of personal information held by the service provider.
Examples of how a document is made publicly available—
• making a document available at the service provider's office
• making a document available on the service provider's website
Maximum penalty—$6000.
(2) If asked by an individual about whom an intelligent access program service provider holds personal information, the service provider must, within 28 days after receiving the request, give the individual the following information if the service provider can reasonably give the information—
(a) the kind of information the service provider holds about the individual;
(b) the purpose for which the information is held;
(c) the way in which the service provider collects, holds, uses and discloses the information;
(d) the entities to whom the information may be disclosed;
(e) that, under this Chapter, the individual has rights of access to the information or to have the information changed to ensure it is accurate, complete and up to date;
(f) how the rights mentioned in paragraph (e) can be exercised.
Maximum penalty—$6000.
(3) Subsection (2) does not require an intelligent access program service provider to inform an individual that a report under section 422 or 423 exists or has been made.