Note: This article has now been archived.
For guidance on reporting refusals to disclose CDR data, see What constitutes a refusal to disclose required data? and relevant sections in the Banking Guide and Energy Guide.
Archived Text
The expectation is that each of the report sections as part of Rule 9.4 are completed, noting sections can be left blank where not relevant for the reporting period.
In relation to refusals to disclose, at a principles-level, a ‘refusal to disclose’ means that a data holder receives a valid request for product or consumer data but, for one of a variety of reasons (e.g. traffic thresholds are being exceeded or there are reasonable grounds to suspect a security threat) they do not provide the requested data. With that in mind, we would expect to see included in the reported number of refusals any requests for product or consumer data that were rejected/refused on the basis of traffic thresholds being exceeded. Where such refusals are reported, we would also expect to see a reference to the relevant rule (e.g. for refused product data requests, the relevant rule would be rule 2.5(1)) and the relevant data standard (e.g. error code 429 – Too Many Requests).
Noting that a business may not have captured PRD refusal data, it should be noted that in the preliminary stages of reporting, we are primarily focused on ensuring CDR participants are aware that they have reporting obligations under 9.4, and that they complete and submit their reports as required to the ACCC and the OAIC. We understand that we may have gaps in our current reporting guidance, so we're also using this period as a learning exercise for us too as we seek to understand how we can improve the process and guidance to ensure participants understand their obligations and that we are getting valuable data that we can rely on to assess the health of the ecosystem.
Comments
0 comments
Please sign in to leave a comment.