DMA: Data and Marketing Association
Consumer Help

Privacy Shield Privacy Principles: Access

You must provide customers the ability to access, amend or delete the personal information being maintained by the company and the ability to correct it where it is inaccurate (based on a sliding scale principle – the obligation to provide access to information increases where its use is more likely to significantly affect the individual). You must provide customers the ability to access the personal information being maintained by the company. This access should be provided to the individual unless there would be:

  1. a disproportionate effort on the part of the company relative to the potential risk to the individual’s privacy,
  2. the rights of others would be violated, or
  3. the request by the individual is clearly vexatious or repetitious.

A reasonable fee can be charged to the individual for accessing information. In general, expense and burden can be considered in providing access to personal information. However, access to certain information that is used to grant or deny a significant benefit or service must always be provided regardless of the expense and burden. The following are examples of important benefits: insurance, grants, mortgages, loans, college admission, employment applications and similar benefits or services.

Companies denying access to information citing disproportionate effort or cost should be in a position to substantiate their decision.