Chapter 10: Privacy Safeguard 10 — Notifying of the disclosure of CDR data

15 November 2022

Download the print version (version 4.0)

Update Information

We are currently in the process of publishing the current version of the Privacy Safeguard Guidelines on the OAIC’s website in HTML format. In the meantime, if you need assistance because the document you need is not available in a format you can access, please contact us at cdr@oaic.gov.au.

Key points

  • Where a data holder of a consumer’s CDR data discloses that data to an accredited person as a result of a consumer data request, the data holder must notify the consumer by updating each consumer dashboard that relates to the request.
  • Where an accredited data recipient of a consumer’s CDR data discloses that data to an accredited person or a trusted adviser, or discloses a CDR insight, they must notify the consumer by updating each consumer dashboard that relates to the request.
  • The consumer data rules (CDR Rules) set out the matters that must be included in, and the timing of, these notifications.
  • The Australian Energy Market Operator Limited (AEMO) is not subject to Privacy Safeguard 10 in its capacity as a data holder. Accordingly, unless otherwise indicated, references in this Chapter to data holders exclude AEMO.