The Rules specify that some services may be provided by a data holder or accredited person using an offline method. An example of an offline service is where a CDR consumer instructs a data holder to do certain things over the phone.

The rules indicate that data holders or accredited persons may provide the following services offline:

• For a CDR consumer who has given a consent to an accredited person – a simple alternative method of communication that may be used to withdraw the consent at any time (rule 4.13 (1)(b)).
• Similarly, for a CDR consumer who has given an authorisation to a data holder to disclose CDR data to an accredited person – a simple alternative method of communication that may be used to withdraw the authorisation at any time (rule 4.25(1)(b)).
• For a CDR consumer who has given a consent to a CDR representative – a simple method of communication for the withdrawal of consent, as an alternative to using the CDR representative principal’s dashboard, noting a failure to do so could make the CDR representative principal liable for a civil penalty (rule 4.20J(2)-(3)).
• For each eligible CDR consumer that is not an individual (e.g. a business consumer) - a service that can be used to nominate one or more individual (nominated representatives) who are able to give, amend and manage authorisations to disclose CDR data on behalf of the non-individual CDR consumer, and to withdraw such a nomination (rule 1.13(1)(c))
• For partnerships – a service that can be used to nominate one or more individuals (nominated representatives) who are able to give, amend and manage authorisations to disclose CDR data relating to the partnership accounts on behalf of the CDR consumers in the partnership, and to withdraw such a nomination (rule 1.13(1)(d))
• In relation to any account in relation to which a person has account privileges – a service that can be used by the account holder to make or withdraw a secondary user instruction (rule 1.13(1)(e), noting that once there is a secondary user on the account, this capability must be provided online (rule 1.15(5))
• For each eligible joint account – provide a service to each joint account holder that allows them to manage disclosure options on the joint account (disclosure option management service), noting this service must also be provided online (rule 4A.6).

Other relevant rules and standards (e.g. notification obligations and withdrawal standards) continue to apply to data holders and accredited persons regardless of whether they provide a service online or offline.

For example, where a data holder provides an offline disclosure option management service, a joint account holder may apply the non-disclosure option to a joint account over the phone. The process of changing to a more restrictive disclosure option would trigger the “Withdrawal: Joint accounts” withdrawal standard. The information referred to in that standard must be provided, and could be provided over the phone.