Question
When reporting on the number of refusal, does this include Denial of Service (DoS) attacks e.g. where millions of requests come through and the system blocks it due to a security attack?
Answer
We expect data holders to report on refusals to disclose CDR data and the CDR rules or data standards relied on to refuse to disclose that CDR data (items 4.1-4.2 of the reporting form). Item 4.3, which requests the data holder state the number of times it has relied upon the CDR rules or standards cited in response to item 4.2, is an optional reporting item. However, CDR participants are required to keep records of this information and may be required to provide copies of these records to the ACCC as part of an audit. Under rule 2.5, a data holder may refuse to disclose required product data in response to a request in circumstances (if any) set out in the data standards.
Examples of such circumstances in relation to product data are:
- When the number of requests the data holder is receiving is above their service level thresholds defined in the non-functional requirements section of the data standards;
- There is a valid security reason that prevents sharing Product Reference Data (PRD) temporarily or for requests considered as suspicious. This would include refusing to disclose data as a result of a Denial of Service (DoS) attack.
Comments
0 comments
Please sign in to leave a comment.