Back

Notify individuals of their right to challenge personal data.


CONTROL ID
00457
CONTROL TYPE
Data and Information Management
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain a privacy dispute resolution program., CC ID: 12526

This Control has the following implementation support Control(s):
  • Notify individuals of their right to object to personal data for legitimate reasons., CC ID: 00458
  • Notify individuals of their ability to challenge personal behavioral assessments on record., CC ID: 04798
  • Notify individuals of their ability to object to personal data processing, absent cost., CC ID: 00459
  • Notify individuals of the time frame in which they may challenge personal data., CC ID: 16861
  • Investigate the disputed accuracy of personal data., CC ID: 00461
  • Notify the data subject of which and why disputed changes were not made to personal data., CC ID: 00466
  • Notify entities to whom personal data was transferred that the personal data is wrong, along with the corrections., CC ID: 00467


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • A data correction request is allowed if a copy of personal data has been supplied by the data user and the data subject considers it inaccurate. The data subject must then make the request that the data user change the data. The data user has 40 days to make the changes or notify the data subject in… (§ 22 thru § 26, Hong Kong Personal Data (Privacy) Ordinance)
  • Individuals have the right to request corrections or deletions to their personal data if the data is found to be erroneous. Access to the data must be granted within a reasonable time period. (Art 20, Japan Handbook Concerning Protection Of Personal Data, February 1998)
  • of the data subject's right to request access to and to request correction of the personal data and how to contact the data user with any inquiries or complaints in respect of the personal data; (Part II Division 1 7. (1) (d), Personal Data Protection Act 2010, Act 709, As at 15 June 2016)
  • Where an individual discovers that his personal information is incorrect or incomplete, he shall have the right to request the personal information processors to rectify or supplement relevant information. (Article 46 ¶ 1, Personal Information Protection Law of the People's Republic of China)
  • (§ 22, India Information Technology Act (ITA-2000))
  • Methods of raising an objection and contact information. (Article 58(1)(4), Act On Promotion of Information and Communications Network Utilization and Information Protection, Amended by Act No. 14080, Mar. 22, 2016)
  • Users may ask providers to correct information that is found to be erroneous. The provider is to take action without delay. (Art 30(2), Korea Act on Promotion of Information & Communication Network Utilization and Information Protection, etc.)
  • The correction of managed information is provided for. The head of the agency in question, upon request, must initiate an investigation without delay. After the investigation, the requesting party must be notified as to the results. The requesting party is required to present evidence of the accurac… (Art 14, Korea Act on the Protection of Personal Information Maintained by Public Agencies 1994)
  • "Where the operator of credit information business, etc. who has received a request to make corrections pursuant to the provisions of paragraph (1) deems that there are justifiable grounds for the correction, they shall immediately record the fact that a request for correction or fact-finding is bei… (Art 25(2), Korea Act Relating to Use and Protection of Credit Information)
  • The right to suspend the processing of, and to request a correction, erasure, and destruction of such personal information; (Article 4 ¶ 1 (4), Personal Information Protection Act)
  • A public institution is required to maintain accurate records. Where there is a dispute about the accuracy of information, the institution shall cease computerized processing and use of the concerned data unless required for an official duty. (Art 13, Taiwan Computer-Processed Personal Data Protection Law 1995)
  • Alteration of credit reporting information is discussed. The credit reporting agency must take reasonable steps to make additions, deletions to corrections to credit information, to ensure that the personal information contained in the file or report is accurate, up-to-date, complete and not mislead… (§ 18J(1), Australia Privacy Act 1988)
  • An individual who is given access to her records must be advised that she may request the correction of that information. An individual can both request correction and that a note be attached to the file indicating this request. The agency must take steps to correct the information. When the agency… (§ 6 Principle 6(2), § 6 Principle 7, New Zealand Privacy Act 1993)
  • Individuals shall have the right to request the rectification of his or her personal data, or deletion thereof when demonstrated to be incorrect or processed unlawfully. The data controller will furnish the request within 30 days. (Art 13.b, Bosnia Law on Protection of Personal Data)
  • If a data subject determines or presumes that the data controller or processor is processing personal data and not protecting the private and personal life of himself/herself or is not in compliance with the law, in particular when the personal data is inaccurate, the data subject may request an exp… (Art 21(1), Czech Republic Personal Data Protection Act, April 4, 2000)
  • Data subjects have the right to correct, erase, or block the processing of data that does not comply with this Directive because of inaccurate or incomplete data. (Art 12(b), Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Unofficial Translation)
  • the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject and to object to processing as well as the right to data portability; (Art. 14.2.(c), Regulation (EU) 2016/679 of The European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation))
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; (Art. 15.1.(e), Regulation (EU) 2016/679 of The European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation))
  • the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability; (Art. 13.2.(b), Regulation (EU) 2016/679 of The European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation))
  • Legal transactions may not restrict or exclude a data subject's right of access and to correction, erasure, or blocking. If the data subject's data is stored by automated procedures and several bodies are entitled to store it, and the data subject cannot determine which body stored the data, he/she … (§ 6, § 41(3), German Federal Data Protection Act, September 14, 1994)
  • A data controller may be asked by any individual who has provided proof of identity, to correct, update, complete, block, or delete personal data that relates to him/her that is incomplete, inaccurate, expired, equivocal, or whose usage, collection, storage, or disclosure is prohibited. A deceased p… (Art 40, France Data Processing, Data Files and Individual Liberties)
  • Data subject's have the right to request that their personal data be corrected or deleted (the deletion right does not apply for data processed under a rule of law). (Art 11(1)(b), Hungary Protection of Personal Data and Disclosure of Data of Public Interest)
  • A data subject may demand that data that relates to him/her be erased or its use be prohibited, if it is justifiable after a comprehensive assessment of the interests involved, unless other acts preclude it. The assessment must take into account others' interests, general privacy considerations, pub… (Art 26 ¶ 2, Iceland Protection of Privacy as regards the Processing of Personal Data)
  • An individual may make a written request to the data controller to correct, erase, or block data that is in violation of section 2(1). (§ 6(1), Ireland Consolidated Data Protection Acts of 1988 and 2003)
  • Data subjects have the right to obtain correcting, updating, or integrating of the data; erasing, anonymization, or blocking of any data that is unlawfully processed, including data that is retained unnecessarily for purposes that it was not collected for; and certifying that the above operations an… (§ 7.3, Italy Personal Data Protection Code)
  • The data subject has the right to obtain updating, rectification or integration of data. This request can be made to the data controller without formalities and is to be processed without delay. (Art 13.1(c)(2), Italy Protection of Individuals Other Subject with regard to the Processing of Personal Data)
  • Individuals have the right to correct any personal data relating to them when it is incorrect. (Art 12.1, Belgian Law of 8 December 1992 on the protection of privacy in relation to the processing of persona, Unofficial English Translation November 2008)
  • The data controller must implement the data subject's right of cancellation or rectification within 10 days. Cancellation or rectification only applies to personal data of which the processing has not been in accordance with this Law, particularly, data that is incorrect or incomplete. (Art 16.1, Art 16.2, ORGANIC LAW 15/1999 of 13 December on the Protection of Personal Data)
  • A data subject may request that personal information that is factually inaccurate, irrelevant to the purpose(s), or incomplete to be corrected, deleted, supplemented, or blocked. The request must include the changes that need to be made. If the personal data is recorded on material that cannot be mo… (Art 36.1, Art 36.4, Netherlands Personal Data Protection Act, Session 1999-2000 Nr.92, REVISED BILL (as approved by the Lower House on 23 November 1999), Unofficial Translation)
  • Everybody has the right to correct any incorrect data and to erase any illegally processed data. (§ 1(3), Austria Data Protection Act)
  • (§ 69(2), Austria Telecommunications Act)
  • Data subjects are ensured the right to rectification or destruction of data. If the data controller denies the request, the data subject has the right to appeal. If the data subject can prove data to be incorrect, then the data controller must rectify the data. (Art 17.1(3), Art 19, Lithuania Law on Legal Protection of Personal Data)
  • The data subject has the right to demand that his/her personal data be completed, corrected, updated, or temporally or permanently suspended or erased, if the data is outdated, untrue, not complete, or collected in violation of this Act or no longer required for the collection purpose; make a writte… (Art 32.1(6), Art 32.1(7), Art 32.1(9), Art 32.2, Art 32.3a, Poland Protection of Personal Data Act)
  • Persons who are affected by inaccurate data may request that the information be corrected. (Art 5, Switzerland Federal Act of 19 June 1992 on Data Protection (FADP))
  • The organization's information charter should provide data subjects with instructions on how to file a complaint. (¶ 4, Guidance on the Information Charter, March 2009)
  • rectification of personal data (see section 46), and (§ 45(2)(e)(i), UK Data Protection Act 2018 Chapter 12)
  • to reconsider the decision, or (§ 97(4)(a), UK Data Protection Act 2018 Chapter 12)
  • to take a new decision that is not based solely on automated processing. (§ 97(4)(b), UK Data Protection Act 2018 Chapter 12)
  • rectification of personal data (see section 46), and (§ 45(2)(e)(i), UK Data Protection Act 2018 Chapter 12, Revised 06/06/2022)
  • to reconsider the decision, or (§ 97(4)(a), UK Data Protection Act 2018 Chapter 12, Revised 06/06/2022)
  • to take a new decision that is not based solely on automated processing. (§ 97(4)(b), UK Data Protection Act 2018 Chapter 12, Revised 06/06/2022)
  • Individuals are informed that they are responsible for providing the entity with accurate and complete PI and for contacting the entity if correction of such information is required. (Q8.1 Communicates to data subjects, Privacy Management Framework, Updated March 1, 2020)
  • An individual should have the right to challenge data that relates to him/her and to have the data corrected, erased, amended, or completed, if the challenge is successful. (¶ 13(d), OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data)
  • In addition, data subjects have the right to obtain rectification or amendment of inaccurate data, and to obtain deletion of data that has been processed in violation of the Principles. Moreover, as explained in recital 15, individuals have a right to object/opt-out to the processing of their data f… (2.2.5 (32), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • In any event, in areas where companies most likely resort to the automated processing of personal data to take decisions affecting the individual (e.g. credit lending, mortgage offers, employment, housing and insurance), U.S. law offers specific protections against adverse decisions. These acts typi… (2.2.5 (35), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • In particular, any limitation to the right to the protection of personal data must be provided for by law and the legal basis which permits the interference with such a right must itself define the scope of the limitation to the exercise of the right concerned. In addition, in order to satisfy the r… (3 (89), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • Individuals may first of all lodge requests or complaints with criminal law enforcement authorities concerning the handling of their personal data. This includes the possibility to request access to and correction of personal data. As regards activities relating to counter-terrorism, individuals may… (3.1.3 (113), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • Define and implement, processes, procedures and technical measures to enable data subjects to request access to, modification, or deletion of their personal data, according to any applicable laws and regulations. (DSP-11, Cloud Controls Matrix, v4.0)
  • The organization should make appropriate corrections or erasures when there are unlawful, unnecessary, and inaccurate data entries, as well as addressees in cases where the data is being communicated. The correction cost should be paid for by the person responsible for the file. (A.4, UN Guidelines for the Regulation of Computerized Personal Data Files (1990))
  • Anyone who has been given access to personal information that is being used, been used, or available for use for administrative purposes is entitled to request the personal information to be corrected when the individual believes an error or omission exists. (§ 12(2)(a), Canada Privacy Act, P-21)
  • In either case, the organization shall, no later than thirty days after the date of the request, send a notice of extension to the individual, advising them of the new time limit, the reasons for extending the time limit and of their right to make a complaint to the Commissioner in respect of the ex… (Part 1 Division 1 Section 8 (4) ¶ 2, Canada Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5, Last amended on June 23, 2015)
  • Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and shall be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate. (Schedule 1 4.9 Principle 9 - Individual Access, Canada Personal Information Protection and Electronic Documents Act, S.C. 2000, c. 5, Last amended on June 23, 2015)
  • The accuracy and completeness of personal information must be able to be challenged by an individual, and the information must be corrected, as appropriate. (Sched 1 Clause 4.9, Canada Personal Information Protection Electronic Documents Act (PIPEDA), 2000, c.5)
  • The organization should ensure individuals have the right to challenge the accuracy and completeness of the collected personal information and should have the right to correct any incorrect information. (§ J1, Canadian Marketing Association Code of Ethics and Standards of Practice)
  • The individual's right to challenge personal data is identified by stating that all persons have a right to request and obtain, as applicable and without cost, the inclusion, supplementation, correction, updating, confidential treatment, withholding or elimination of personal data concerning that pe… (Art 17, Mexico Federal Personal Data Protection Law, November 2005)
  • Entities or individuals whose personal data has been integrated into a file has the right, through Habeas Data, to request corrections or cancellations to be made to the personal data, free of charge, to any data that are inaccurate or incomplete and does not adhere to this Act. This right must be e… (Art 7.IV, Colima Personal Data Protection Law (Decree No. 356))
  • The data owner has the right to have his/her personal data corrected or cancelled. Only the data owner or his/her representative has the right to request the access unit to correct or delete personal data contained in the database or file. (Art 9.II, Art 10.II, Guanajuato Personal Data Protection Law)
  • Individuals whose personal data have been integrated into data records have the right to request corrections be made to the personal data that is inaccurate or incomplete, free of charge or canceling the personal data that does not adhere to this law. The person responsible for the personal data mus… (Art 43.IV, Art 69 ¶ 1, Tlaxcala Law on Access to Public Information and Personal Data Protection)
  • An individual has the right to correct data in a personal data system when the data is inaccurate, incomplete, inadequate, or excessive, provided that it is not impossible or requires a disproportionate effort. When personal data is related to factual findings in an administrative or court proceedin… (Art 28, Art 34 ¶ 3, The Personal Data Protection Law for the Federal District (Mexico City))
  • The organization should allow individuals the opportunity to update or correct any of their personal information held by the organization. (ID 6.1.1, ID 6.2.5, AICPA/CICA Privacy Framework)
  • The organization should furnish individuals with the process to update or correct personal information. (Generally Accepted Privacy Principles and Criteria § 6.2.5, Appendix B: Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy, TSP Section 100 Principles and Criteria)
  • The organization should notify individuals that they are responsible for contacting the organization when a correction is needed. (Generally Accepted Privacy Principles and Criteria § 9.1.1, Appendix B: Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy, TSP Section 100 Principles and Criteria)
  • The privacy notice should include procedures for individuals to use to update and correct their personal information. (Table Ref 6.1.1, Generally Accepted Privacy Principles (GAPP), CPA and CA Practitioner Version, August 2009)
  • The organization should notify individuals of their right to challenge an access denial request, along with the organization's legal rights. (Table Ref 6.2.4, Generally Accepted Privacy Principles (GAPP), CPA and CA Practitioner Version, August 2009)
  • The organization should notify individuals that they are responsible for contacting the organization when a correction is needed. (Table Ref 9.1.1, Generally Accepted Privacy Principles (GAPP), CPA and CA Practitioner Version, August 2009)
  • The system description, when addressing privacy controls, must contain a statement that the service organization is responsible for providing its privacy practices to the user entities and the privacy practice statement must include a description of the process for determining if personal informatio… (¶ 1.35.e.vii, Reporting on Controls at a Service Organization: Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC2))
  • Are there documented procedures to enable a client (Covered Entity) the ability to reasonably amend Protected Health Information maintained by the organization upon request? (§ P.2.5, Shared Assessments Standardized Information Gathering Questionnaire - P. Privacy, 7.0)
  • If customer data of individuals is retained, does the organization maintain processes and procedures to enable individuals the ability to access, correct, amend, or delete inaccurate information? (§ P.3.7, Shared Assessments Standardized Information Gathering Questionnaire - P. Privacy, 7.0)
  • Parents and students are allowed to seek amendment of the student's educational records that the parent or student believes to be inaccurate. The procedural end of requesting an amendment of the student's educational records is discussed. Once the student or parent requests the change, it is the age… (§ 99.7(a)(2)(ii), 34 CFR Part 99, Family Education Rights Privacy Act (FERPA))
  • (§ 1303(b)(1)(B), Children's Online Privacy Protection Act of 1998)
  • A consumer who wants to dispute the accuracy of information should provide a dispute notice directly to the person/entity who submitted the information. The dispute notice should identify the information being disputed, note the basis of the dispute, and include any documentation to support the disp… (§ 312(c), Fair and Accurate Credit Transactions Act of 2003 (FACT Act))
  • A consumer who wants to dispute the accuracy of information should provide a dispute notice directly to the person/entity who submitted the information. The dispute notice should identify the information being disputed, note the basis of the dispute, and include any documentation to support the disp… (§ 623(a)(8), Fair Credit Reporting Act (FCRA), July 30, 2004)
  • An individual has the right to notify a data broker, if the individual believes the information held by the data broker is incomplete or inaccurate. Federal agencies may not enter into a contract with a data broker in order to access any fee-based database that consists primarily of personally ident… (§ 201(e)(1)(A), § 201(e)(2), § 403(b)(2)(G), Leahy Personal Data Privacy and Security Act of 2009, Senate Bill 1490, 111th Congress)
  • Individuals must have access to personal information about them that an organization holds and be able to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be dispropor… (II.6.a., EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • have the data corrected, amended or deleted where it is inaccurate or processed in violation of the Principles. (III.8.a.i.3., EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • Under the Privacy Shield Principles, the right of access is fundamental to privacy protection. In particular, it allows individuals to verify the accuracy of information held about them. The Access Principle means that individuals have the right to: (§ III.8.a.i., EU-U.S. Privacy Shield Framework Principles)
  • Individuals must have access to personal information about them that an organization holds and be able to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be dispropor… (§ II.6.a., EU-U.S. Privacy Shield Framework Principles)
  • have the data corrected, amended or deleted where it is inaccurate or processed in violation of the Principles. (§ III.8.a.i.3., EU-U.S. Privacy Shield Framework Principles)
  • have the data corrected, amended or deleted where it is inaccurate or processed in violation of the Principles. (iii.8.a.i.3., SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • Individuals must have access to personal information about them that an organization holds and be able to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be dispropor… (ii.6.a., SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • Individuals must have access to personal information about them that an organization holds and be able to correct, amend, or delete that information where it is inaccurate, or has been processed in violation of the Principles, except where the burden or expense of providing access would be dispropor… (II.6.a., UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • have the data corrected, amended or deleted where it is inaccurate or processed in violation of the Principles. (III.8.a.i.3., UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • The organization must allow individuals the ability to amend, correct, or delete inaccurate information, except if the expense or burden to provide the access is disproportionate to the risk to the individual's privacy or if another person's rights are violated. (ACCESS, US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
  • The right of access allows individuals to verify the accuracy of the information held about them. (FAQ-Access Question 1 ¶ 1, US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor Framework)
  • Individuals have the right to have a covered entity correct protected health information or a record about him/her for as long as the information is maintained in the record set. (§ 164.526(a)(1), 45 CFR Part 164 - Security and Privacy, current as of January 17, 2013)
  • A covered entity must allow individuals to request corrections to protected health information. A written request and a reason for the correction may be required by the covered entity, if it notifies individuals about the requirements in advance. (§ 164.526(b)(1), 45 CFR Part 164 - Security and Privacy, current as of January 17, 2013)
  • Individual's request for amendment. The covered entity must permit an individual to request that the covered entity amend the protected health information maintained in the designated record set. The covered entity may require individuals to make requests for amendment in writing and to provide a re… (§ 164.526(b)(1), 45 CFR Part 164 - Security and Privacy, current as of July 6, 2020)
  • Statement of disagreement. The covered entity must permit the individual to submit to the covered entity a written statement disagreeing with the denial of all or part of a requested amendment and the basis of such disagreement. The covered entity may reasonably limit the length of a statement of di… (§ 164.526(d)(2), 45 CFR Part 164 - Security and Privacy, current as of July 6, 2020)
  • § 552a(d)(2): Agencies that maintain a system of records shall allow individuals to request corrections to their records and, not later than 10 days (excluding Saturdays, Sundays, and legal public holidays) after receiving a request, acknowledge the receipt in writing and promptly either make the c… (§ 552a(d)(2), § 552a(f)(4), 5 USC § 552a, Records maintained on individuals (Privacy Act of 1974))
  • An individual should have the right to challenge personal data and, if the challenge is successful, have the personal data corrected, deleted, completed, or amended. (§ 2.3 ¶ 2 Bullet Individual Participation (d), NIST SP 800-122 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII))
  • The organization provides a process for individuals to have inaccurate personally identifiable information (PII) maintained by the organization corrected or amended, as appropriate. (IP-3a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Deprecated, Revision 4, Deprecated)
  • Provides a process for individuals to have inaccurate personally identifiable information (PII) maintained by the organization corrected or amended, as appropriate; and (IP-3a., Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • the ability to access and have PII amended or corrected if necessary; (TR-1a.(iv), Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4)
  • If the business maintains an internet website, make the internet website available to consumers to submit requests for information required to be disclosed pursuant to Sections 1798.110 and 1798.115, or requests for deletion or correction pursuant to Sections 1798.105 and 1798.106, respectively. (§ 1798.130 (a)(1)(B), California Civil Code Division 3 Part 4 Title 1.81.5 California Consumer Privacy Act of 2018, Amended November 3, 2020)
  • A consumer shall have the right to request a business that maintains inaccurate personal information about the consumer to correct that inaccurate personal information, taking into account the nature of the personal information and the purposes of the processing of the personal information. (§ 1798.106 (a), California Civil Code Division 3 Part 4 Title 1.81.5 California Consumer Privacy Act of 2018, Amended November 3, 2020)
  • A business that collects personal information about consumers shall disclose, pursuant to Section 1798.130, the consumer's right to request correction of inaccurate personal information. (§ 1798.106 (b), California Civil Code Division 3 Part 4 Title 1.81.5 California Consumer Privacy Act of 2018, Amended November 3, 2020)
  • A consumer credit reporting agency may require that disputes be in written format. (§ 1785.16(a), Consumer Credit Reporting Agencies Act, California Civil Code 17851-1785.6)
  • A person who takes adverse action on a consumer and the adverse action is based on information contained in a consumer credit report shall provide the consumer with a written notice stating the consumer's right to dispute the accuracy or completeness of the information in the credit report. (§ 1785.20(a)(4)(B), Consumer Credit Reporting Agencies Act, California Civil Code 17851-1785.6)
  • A user may notify the consumer that the user may contact the credit reporting agency and request it investigates the current status of information in the furnished credit report that the consumer disputes is not accurate or incomplete. (§ 1785.21(a), Consumer Credit Reporting Agencies Act, California Civil Code 17851-1785.6)
  • The credit reporting agency may require identification from the user to ensure validity and may require the request be made in writing. (§ 1785.21(b), Consumer Credit Reporting Agencies Act, California Civil Code 17851-1785.6)
  • A consumer may make a written demand to a person who furnishes information to a credit reporting agency to correct any information the consumer believes is incorrect after notification of the results of a reinvestigation. (§ 1785.30, Consumer Credit Reporting Agencies Act, California Civil Code 17851-1785.6)
  • If the operator maintains a process for a user of the internet website, online or cloud computing service, online application, or mobile application to review and request changes to any of that user's personally identifiable information that is collected through the internet website, online or cloud… (§ 1205C(b)(2), Delaware Code, Title 6, Commerce and Trade, Subtitle II, Other Laws Relating to Commerce and Trade, Chapter 12C, Online and Personal Privacy Protection)
  • Anyone can request a town clerk or clerk of court to remove copies or images of official records from Web sites that are available to the general public and that contain a Social Security number; employer taxpayer identification number; passport number; credit/debit card number; driver's license num… (§ 2440(f), Vermont Statute, Title 9, Chapter 62, Protection of Personal Information, Sections 2430, 2435, 2440, 2445)
  • Seek amendment of the student's education records that the parent or eligible student believes to be inaccurate, misleading, or otherwise in violation of the student's privacy rights; (§ 99.7(a)(2)(ii), 34 CFR Part 99, Family Educational Rights and Privacy)
  • The procedure for requesting amendment of records under § 99.20. (§ 99.7(a)(3)(ii), 34 CFR Part 99, Family Educational Rights and Privacy)
  • A parent's or eligible student's right to refuse to let the agency or institution designate any or all of those types of information about the student as directory information; and (§ 99.37(a)(2), 34 CFR Part 99, Family Educational Rights and Privacy)
  • Every person has the right to correct, update, suppress, or keep confidential personal data that is included in a data bank. (§ 16.1, Argentina Personal Data Protection Act)
  • The data subject has the right to request review, by a natural person, of decisions taken solely on the bases of automated processing of personal data that affects her/his interests, including decisions intended to define her/his personal, professional, consumer or credit profile or aspects of her/h… (Art. 20, Brazilian Law No. 13709, of August 14, 2018)