Competition and Consumer (Consumer Data Right) Rules 2020

In force

Administered by

Department of the Treasury

This item is authorised by the following title:

Competition and Consumer Act 2010

Superseded version

View latest version

F2020L00094

05 February 2020 - 18 June 2020

Table of contents

Part 1—Preliminary
- Division 1.1—Preliminary
- Division 1.2—Simplified outline and overview of these rules
- Division 1.3—Interpretation
- Division 1.4—General provisions relating to data holders and to accredited persons
Part 2—Product data requests
- 2.1 Simplified outline of this Part
- 2.2 Making product data requests—flowchart
- 2.3 Product data requests
- 2.4 Disclosing product data in response to product data request
- 2.5 Refusal to disclose required product data in response to product data request
- 2.6 Use of data disclosed pursuant to product data request
Part 3—Consumer data requests made by eligible CDR consumers
- Division 3.1—Preliminary
  - 3.1 Simplified outline of this Part
  - 3.2 How an eligible CDR consumer makes a consumer data request—flowchart
- Division 3.2—Consumer data requests made by CDR consumers
Part 4—Consumer data requests made by accredited persons
- Division 4.1—Preliminary
  - 4.1 Simplified outline of this Part
  - 4.2 Consumer data requests made by accredited persons—flowchart
- Division 4.2—Consumer data requests made by accredited persons
- Division 4.3—Consents to collect and use CDR data
- Division 4.4—Authorisations to disclose CDR data
Part 5—Rules relating to accreditation etc.
- Division 5.1—Preliminary
  - 5.1 Simplified outline of this Part
- Division 5.2—Rules relating to accreditation process
- Division 5.3—Rules relating to Register of Accredited Persons
Part 6—Rules relating to dispute resolution
- 6.1 Requirement for data holders―internal dispute resolution
- 6.2 Requirement for data holders―external dispute resolution
Part 7—Rules relating to privacy safeguards
- Division 7.1—Preliminary
  - 7.1 Simplified outline of this Part
- Division 7.2—Rules relating to privacy safeguards
Part 8—Rules relating to data standards
- Division 8.1—Preliminary
  - 8.1 Simplified outline of this Part
- Division 8.2—Data Standards Advisory Committee
- Division 8.3—Reviewing, developing and amending data standards
- Division 8.4—Data standards that must be made
  - 8.11 Data standards that must be made
Part 9—Other matters
- Division 9.1—Preliminary
  - 9.1 Simplified outline of this Part
- Division 9.2—Review of decisions
  - 9.2 Review of decisions by the Administrative Appeals Tribunal
- Division 9.3—Reporting, record keeping and audit
  - Subdivision 9.3.1—Reporting and record keeping
  - Subdivision 9.3.2—Audits
    - 9.6 Audits by the Commission and the Information Commissioner
    - 9.7 Audits by the Data Recipient Accreditor
- Division 9.4—Civil penalty provisions
  - 9.8 Civil penalty provisions
    - Schedule 1—Default conditions on accreditations
Part 1—Preliminary
- 1.1 Purpose of Schedule
Part 2—Default conditions on accreditations
- 2.1 Ongoing reporting obligation on accredited persons
  - Schedule 2—Steps for privacy safeguard 12—security of CDR data held by accredited data recipients
Part 1—Steps for privacy safeguard 12
- 1.1 Purpose of Part
- 1.2 Interpretation
- 1.3 Step 1—Define and implement security governance in relation to CDR data
- 1.4 Step 2—Define the boundaries of the CDR data environment
- 1.5 Step 3—Have and maintain an information security capability
- 1.6 Step 4—Implement a formal controls assessment program
- 1.7 Step 5—Manage and report security incidents
Part 2—Minimum information security controls
- 2.1 Purpose of Part
- 2.2 Information security controls
  - Schedule 3—Provisions relevant to the banking sector
Part 1—Preliminary
- 1.1 Simplified outline of this Schedule
- 1.2 Interpretation
- 1.3 Meaning of customer data, account data, transaction data and product specific data
- 1.4 Meaning of phase 1 product, phase 2 product and phase 3 product
Part 2—Eligible CDR consumers—banking sector
- 2.1 Meaning of eligible—banking sector
Part 3—CDR data that may be accessed under these rules—banking sector
- 3.1A Application of Part
- 3.1 Meaning of required product data and voluntary product data—banking sector
- 3.2 Meaning of required consumer data and voluntary consumer data—banking sector
Part 4—Joint accounts
- Division 4.1—Preliminary
  - 4.1 Purpose of Part
  - 4.2 Joint account management service
- Division 4.2—Operation of these rules in relation to joint accounts
Part 5—Internal dispute resolution―banking sector
- 5.1 Internal dispute resolution―banking sector
Part 6—Staged application of these rules to the banking sector
- Division 6.1—Preliminary
- Division 6.2—Staged application of rules
Part 7—Other rules, and modifications of these rules, for the banking sector
- 7.1 Laws relevant to the management of CDR data—banking sector
- 7.2 Conditions for accredited person to be data holder
- 7.3 Streamlined accreditation—banking sector
- 7.4 Exemptions to accreditation criteria—banking sector

Competition and Consumer (Consumer Data Right) Rules 2020

Legislation text