As product data sharing does not involve ‘authorisations’ or ‘consents’, there is no requirement for data holders to keep and maintain records in relation to product data for the purposes of satisfying subrules 9.3(1)(a)-(d) and (g). These record keeping requirements are specific to consumer data sharing.
In relation to records that relate to product data sharing, data holders are required to keep and maintain records that record and explain the following:
- any written agreement of a kind referred to in subrule 2.4(5) the data holder has entered into (see subrule 9.3(1)(da))
- any instances where the data holder has refused to disclose requested product data, and the rule or data standard relied upon to refuse to disclose that data, noting that subrule 9.3(1)(e) relates to refusing to disclose ‘CDR data’ and therefore includes both product data and consumer data. See rule 2.5 for instances in which a data holder is allowed to refuse to disclose product data
- CDR complaint data (subrule 9.3(1)(f)), noting that the definition of ‘CDR complaint data’ in rule 1.7 includes, amongst a number of other things, the number of CDR product data complaints received