Chapter 1: Privacy Safeguard 1 — Open and transparent management of CDR data

15 November 2022

Download the print version (version 4.0)

Update Information

We are currently in the process of publishing the current version of the Privacy Safeguard Guidelines on the OAIC’s website in HTML format. In the meantime, if you need assistance because the document you need is not available in a format you can access, please contact us at

Key points

  • Privacy Safeguard 1, together with consumer data rule (CDR Rule) 7.2 and the Competition and Consumer Regulations, outlines the requirements for all consumer data right (CDR) entities (accredited persons who are or who may become an accredited data recipient of CDR data, data holders, and designated gateways) to manage CDR data in an open and transparent way.
  • All CDR entities must take steps as are reasonable in the circumstances to implement practices, procedures and systems that will ensure they comply with the CDR system, and deal with related inquiries and complaints from consumers.
  • All CDR entities must have a clearly expressed and up-to-date policy about how they manage CDR data (CDR policy). The CDR policy must be provided free of charge and made available in accordance with the CDR Rules.
  • The Australian Energy Market Operator Limited (AEMO) is not subject to Privacy Safeguard 1 in its capacity as a data holder. Accordingly, unless otherwise indicated, references in this chapter to data holders and CDR entities exclude AEMO.