OAIC publishes first Consumer Data Right privacy assessment

23 November 2021

An audit of the big four banks has found they are generally handling consumer data under the Consumer Data Right in an open and transparent way with good privacy practices in place.

As co-regulator of the Consumer Data Right (CDR) system, the Office of the Australian Information Commissioner (OAIC) is proactively assessing privacy practices to ensure providers are meeting their obligations.

Australian Information Commissioner and Privacy Commissioner Angelene Falk said the assessment program is an important part of the privacy framework for the Consumer Data Right.

“The Consumer Data Right has a strong regulatory framework to protect consumers’ privacy and build confidence in the system,” Commissioner Falk said.

“We are proactively auditing and monitoring providers in the system to ensure these strict privacy safeguards are being upheld, so that consumers can feel confident their data is protected.”

There are 13 legally binding privacy safeguards that set out consumers’ privacy rights and the obligations on providers collecting and handling their data.

The OAIC’s first privacy assessment examined how the initial CDR data holders are complying with Privacy Safeguard 1, which requires providers to have a policy describing how they manage consumer data, and to implement internal practices, procedures and systems to ensure compliance.

This includes ANZ, Commonwealth Bank, National Australia Bank and Westpac.

“Our privacy assessment found the big four banks are generally complying with the bedrock Consumer Data Right privacy safeguard,” Commissioner Falk said.

“Our recommendations and suggestions will assist these data holders and other providers in the system to further embed, review and enhance their privacy practices, so that consumers can continue to use the Consumer Data Right with confidence.”

Read the Summary report of CDR Assessment 1.

Watch the OAIC’s video to learn more about Privacy Safeguard 1.