This article brings together answers to many questions that participants have asked about dashboards. Consumer dashboards are provided by the Data Holder (DH) and Accredited Data Recipient (ADR) to allow a consumer to view information, provide consent, authorisation and authentication, manage the consents they have given, and generally interact with CDR participants.
Displaying accounts that cannot be shared
A DH is permitted to display an account from which data cannot be shared. For example, a DH can display an account for which the consumer is not an account holder, secondary user, or nominated representative. This may provide a more consistent experience with a non-CDR digital customer portal. If the account is unavailable and/or ineligible, or the customer does not have sharing rights for other reasons, then it cannot be selected for sharing.
Missing data in consent dashboards
Missing or incomplete data should be treated as an exception. The DH is not required, by the standards or rules, to accommodate missing or incorrect required data about a software product in the dashboard or consent screens.
Software product data in consent dashboards
There is no requirement to display details about the software product to the consumer during authentication, authorisation, or in DH dashboards. However, the CX guidelines suggest the software product name be displayed for transparency, traceability, and to aid authorisation management.
Revoke secondary user data sharing
Using the permission dashboard, the primary account holder can withdraw or opt out the secondary user instruction at any time to effectively disable the secondary user's ability to share data from the account.
Where an account has a secondary user, the secondary user can share data from that account only if the account holder provides a secondary user instruction. The secondary user cannot share data from the account by default. The primary account holder has to opt in the secondary user to be able to share data.
Back button for the dashboard
Although a back button is a common and expected feature for procedures like consent amendment, there is no specific requirement for a DH dashboard back button.
Receipt requirements
Only ADRs are required to provide a CDR receipt, however, the DSB recommends that DHs also provide a CDR receipt.
Sharing period
The CDS or CDR rules do not prescribe a specific format for dates, this is at the DH's discretion.
Displaying one-off consents
A single-occasion disclosure could be listed in one of the following ways:
- As 'Active' if the duration is up to 24 hours (i.e. not 0 or absent) and that time period has not yet elapsed;
- As 'Expired' if the duration is 0, absent, or if duration is up to 24 hours that has elapsed.
Unavailable Joint Accounts in Authorization Flow
The DSB recommends listing a Joint Account with a 'Do not share' preference as an 'un-selectable' and 'unavailable' account in the authorisation flow.
Minimum ADR data to be displayed dashboards
The DSB recommends at a bare minimum to display the ADR's brand name, software product name, and legal entity. The DSB also recommends the ADR's accreditation number be displayed on DH dashboards.
Multiple channels
For institutions with multiple online engagement channels, the expectation is to reduce complexity, enhance useability and align all form factor displays for a consistent consumer experience. For completeness, an entity’s CDR policy must be readily available through each online service.
Regardless of the channel, the user experience should be simple and straightforward for the process of giving the authorisation to disclose CDR data.
Comments
0 comments
Please sign in to leave a comment.