Please note: The following is guidance provided by the Data Standards Body
Question
CDR Rules state a Secondary User is required:
- to have account privileges in relation to an account
- is an eligible CDR Consumer, with an account that can be accessed online
It is possible for a person to have account privileges for an account (eg. ATO) but not to have online access to that account.
Is it sufficient for a Secondary User to have online access only to their own accounts, or do they require online access to the account of the other account holder for which they have account privileges?
Answer
The DSB does not provide a legal or compliance view on this issue.
Our interpretation is that the secondary user is eligible if they can access accounts online, even if the account, of which they are a secondary user, is not one of the accounts to which they have online access.
Based on this interpretation, an account of which they are a secondary user is available for them to share.
See:
- CDR Rules, main section, division 1.3, 1.7 Definitions, secondary user
Comments
1 comment
Based on the following response, if a secondary user doesn't have online banking access to view the secondary account, by sharing it's CDR data, it creates a loophole. This person now has exposure to the account balance, full transaction history, payees etc.
"Our interpretation is that the secondary user is eligible if they can access accounts online, even if the account, of which they are a secondary user, is not one of the accounts to which they have online access."
Please sign in to leave a comment.