OAIC commences consultation on draft CDR Privacy Safeguard Guidelines
The Office of the Australian Information Commissioner (OAIC) has commenced a consultation process with industry and the public on draft Privacy Safeguard Guidelines for the coming Consumer Data Right (CDR).
The Privacy Safeguard Guidelines aim to assist industry in understanding their obligations under the CDR framework, to ensure that consumers can transfer their data with their consent, safely and securely.
The OAIC will regulate and enforce the privacy aspects of the CDR scheme, which will give consumers, including individual and business consumers, greater ability to make use of data about themselves when comparing and switching between products and services. The CDR is designed to be rolled out across the economy, beginning with the banking sector in February 2020.
“We are looking for business to engage with the draft guidelines, including small business as they will be subject to privacy obligations when they are accredited,“ Australian Information Commissioner and Privacy Commissioner Angelene Falk said.
“This may be a new experience for them, given many small businesses are not subject to the Privacy Act, and we want to provide guidance and practical tips to all CDR participants to help them to comply with the scheme’s privacy safeguards.”
By consulting on these guidelines, the OAIC aims to understand how it can help entities comply with their privacy obligations under the CDR scheme. The OAIC also aims to identify knowledge gaps where further guidance is needed.
The consultation is seeking feedback on whether the draft guidelines are clear, relevant and practical, and if they meet the needs of entities in understanding their privacy safeguard obligations.
The consultation will take place via written submission, with the draft Guidelines available on the OAIC website. Submissions close on 20 November.
The Information Commissioner will report to the Treasurer and publish the final guidelines on December 16.