Competition and Consumer (Consumer Data Right) Rules 2020

In force

Administered by

Department of the Treasury

This item is authorised by the following title:

Competition and Consumer Act 2010

Superseded version

View latest version

F2020L00094

05 February 2020 - 18 June 2020

Table of contents

Part 1—Preliminary
- Division 1.1—Preliminary
- Division 1.2—Simplified outline and overview of these rules
- Division 1.3—Interpretation
- Division 1.4—General provisions relating to data holders and to accredited persons
Part 2—Product data requests
- 2.1 Simplified outline of this Part
- 2.2 Making product data requests—flowchart
- 2.3 Product data requests
- 2.4 Disclosing product data in response to product data request
- 2.5 Refusal to disclose required product data in response to product data request
- 2.6 Use of data disclosed pursuant to product data request
Part 3—Consumer data requests made by eligible CDR consumers
- Division 3.1—Preliminary
  - 3.1 Simplified outline of this Part
  - 3.2 How an eligible CDR consumer makes a consumer data request—flowchart
- Division 3.2—Consumer data requests made by CDR consumers
Part 4—Consumer data requests made by accredited persons
- Division 4.1—Preliminary
  - 4.1 Simplified outline of this Part
  - 4.2 Consumer data requests made by accredited persons—flowchart
- Division 4.2—Consumer data requests made by accredited persons
- Division 4.3—Consents to collect and use CDR data
- Division 4.4—Authorisations to disclose CDR data
Part 5—Rules relating to accreditation etc.
- Division 5.1—Preliminary
  - 5.1 Simplified outline of this Part
- Division 5.2—Rules relating to accreditation process
- Division 5.3—Rules relating to Register of Accredited Persons
Part 6—Rules relating to dispute resolution
- 6.1 Requirement for data holders―internal dispute resolution
- 6.2 Requirement for data holders―external dispute resolution
Part 7—Rules relating to privacy safeguards
- Division 7.1—Preliminary
  - 7.1 Simplified outline of this Part
- Division 7.2—Rules relating to privacy safeguards
Part 8—Rules relating to data standards
- Division 8.1—Preliminary
  - 8.1 Simplified outline of this Part
- Division 8.2—Data Standards Advisory Committee
- Division 8.3—Reviewing, developing and amending data standards
- Division 8.4—Data standards that must be made
  - 8.11 Data standards that must be made
Part 9—Other matters
- Division 9.1—Preliminary
  - 9.1 Simplified outline of this Part
- Division 9.2—Review of decisions
  - 9.2 Review of decisions by the Administrative Appeals Tribunal
- Division 9.3—Reporting, record keeping and audit
  - Subdivision 9.3.1—Reporting and record keeping
  - Subdivision 9.3.2—Audits
    - 9.6 Audits by the Commission and the Information Commissioner
    - 9.7 Audits by the Data Recipient Accreditor
- Division 9.4—Civil penalty provisions
  - 9.8 Civil penalty provisions
    - Schedule 1—Default conditions on accreditations
Part 1—Preliminary
- 1.1 Purpose of Schedule
Part 2—Default conditions on accreditations
- 2.1 Ongoing reporting obligation on accredited persons
  - Schedule 2—Steps for privacy safeguard 12—security of CDR data held by accredited data recipients
Part 1—Steps for privacy safeguard 12
- 1.1 Purpose of Part
- 1.2 Interpretation
- 1.3 Step 1—Define and implement security governance in relation to CDR data
- 1.4 Step 2—Define the boundaries of the CDR data environment
- 1.5 Step 3—Have and maintain an information security capability
- 1.6 Step 4—Implement a formal controls assessment program
- 1.7 Step 5—Manage and report security incidents
Part 2—Minimum information security controls
- 2.1 Purpose of Part
- 2.2 Information security controls
  - Schedule 3—Provisions relevant to the banking sector
Part 1—Preliminary
- 1.1 Simplified outline of this Schedule
- 1.2 Interpretation
- 1.3 Meaning of customer data, account data, transaction data and product specific data
- 1.4 Meaning of phase 1 product, phase 2 product and phase 3 product
Part 2—Eligible CDR consumers—banking sector
- 2.1 Meaning of eligible—banking sector
Part 3—CDR data that may be accessed under these rules—banking sector
- 3.1A Application of Part
- 3.1 Meaning of required product data and voluntary product data—banking sector
- 3.2 Meaning of required consumer data and voluntary consumer data—banking sector
Part 4—Joint accounts
- Division 4.1—Preliminary
  - 4.1 Purpose of Part
  - 4.2 Joint account management service
- Division 4.2—Operation of these rules in relation to joint accounts
Part 5—Internal dispute resolution―banking sector
- 5.1 Internal dispute resolution―banking sector
Part 6—Staged application of these rules to the banking sector
- Division 6.1—Preliminary
- Division 6.2—Staged application of rules
Part 7—Other rules, and modifications of these rules, for the banking sector
- 7.1 Laws relevant to the management of CDR data—banking sector
- 7.2 Conditions for accredited person to be data holder
- 7.3 Streamlined accreditation—banking sector
- 7.4 Exemptions to accreditation criteria—banking sector

Federal Register of Legislation

The site may be slow or unavailable

Competition and Consumer (Consumer Data Right) Rules 2020

The site may be slow or unavailable

Competition and Consumer (Consumer Data Right) Rules 2020

Legislation text