The entity grants identified and authenticated data subjects the ability to access their stored personal information for review and, upon request, provides physical or electronic copies of that information to data subjects to meet the entity’s objectives related to privacy The entity grants identified and authenticated data subjects the ability to access their stored personal information for review and, upon request, provides physical or electronic copies of that information to data subjects to meet the entity’s objectives related to privacy. If access is denied, data subjects are informed of the denial and reason for such denial, as required, to meet the entity’s objectives related to privacy.
The identity of data subjects who request access to their personal information is authenticated before they are given access to that information
Data subjects are able to determine whether the entity maintains personal information about them and, upon request, may obtain access to their personal information
Personal information is provided to data subjects in an understandable form, in a reasonable time frame, and at a reasonable cost, if any
When data subjects are denied access to their personal information, the entity informs them of the denial and the reason for the denial in a timely manner, unless prohibited by law or regulation.