An Access Request Form is a document that businesses use to verify a person’s identity if they are seeking access to their personal information. 

It is an important document that ensures individuals’ information is protected and is only disclosed to parties authorised to access it. 

Why Do I Need An Access Request Form? 

Under Australian Privacy Law, you have to give your clients (or other people from whom you have collected information) the general right to access their personal information. 

So, if your business is holding an individual’s information, you are obliged to grant them access to this information if they request it. But it is imperative that you verify that the person is actually authorised to access the information. 

There may also be certain regulations that mandate how you can access your information. For example, if you collect information from individuals residing in the European Union, then you will most likely need a GDPR Compliant Privacy Policy

The GDPR also stipulates that individuals have a right to access their personal data and businesses will have to have Access Request Forms to maintain compliance. More about GDPR can be found here

What’s In It?

An Access Request Form could contain fields to obtain the following information: 

  • The client’s name and contact details 
  • The personal information they want to access 
  • How they want to access the information (e.g. via post, email, in person) 
  • Whether the individual authorises another person or organisation to access the information 


Malcolm has started a telehealth physiotherapy practice, and he collects patients’ health information. He asks questions about patients’ medical history, their current medications, and whether they have been to a physiotherapist before — as well as collecting general contact information. 

Here, Malcolm is obliged by the Australian Privacy Principles to have a Health Service Provider Privacy Policy. This document lets all his patients know what the information is being used for. 

One of Malcolm’s patients then decides they want to access their personal information. 

Under Australian Privacy Laws, Malcolm is obliged to give his patient access to their information. However, he has an obligation to ensure the information ends up with either the patient or an individual authorised to view it. 

In this case, Malcolm had an Access Request Form drafted to make sure he is granting access to this information to the right people. 

Need Help? 

Navigating privacy documents such as an Access Request Form can be a daunting task, particularly as organisations are obliged to grant individuals access to their information. 

To ensure your business is protected and you’re granting information to the correct individuals, it is important to have these documents in place. 

Get in touch with us at if you have any questions regarding Access Request Forms or your obligations under the Privacy Act.

About Sprintlaw

Sprintlaw's expert lawyers make legal services affordable and accessible for business owners. We're Australia's fastest growing law firm and operate entirely online.

(based on Google Reviews)
Do you need legal help?
Get in touch now!

We'll get back to you within 1 business day.

  • This field is for validation purposes and should be left unchanged.

Related Articles
Is ChatGPT Copyright Free?