CDR Implementation Call Questions on Notice - ConsumerDataStandardsAustralia/standards GitHub Wiki
Question Register
Caveat on All Questions
Please note the questions taken on notice are done on behalf of the organisation and there is no SLA or obligation for the answer. This is undertaken as a best efforts exercise to support the CDR Community. For Rules interpretation queries it is advised to seek internal or external advice prior to engaging the ACCC or OAIC for advice.
9th of February 2023
| Ticket # |
Question |
Category |
Organisation |
Action |
| 1859 |
Do we have any figures on the number of individual consumers who have registered as CDR across the energy sector? (or the banking sector) |
CDR.gov.au |
ACCC |
Pending |
2nd of February 2023
| Ticket # |
Question |
Category |
Organisation |
Action |
| 1855 |
when can we expect rules v 5? |
Rules |
TSY |
Answered |
19th of January 2023
8th of December 2022
| Ticket # |
Question |
Category |
Organisation |
Action |
| 1820 |
There is a Zendesk article 'Communicating Planned Outages' that states that "As for "advanced notice", timing should be on par with your existing digital banking channels. In other words, you should provide notice in a timely manner similar to your other channels." It differs from the schema which states "Planned outages should be...Published to Data Recipient Software Products with at least one week lead time for normal outages". I assume the schema takes precedence, and the Zendesk article is out of date? The schema then goes on to say "Planned outages may occur without notification if the change is to resolve a critical service or security issue." So if a DH puts in an urgent change and either doesn't lodge the notification with a weeks notice, or lodges no notification, that is still classified as a planned outage? I.e. The Get Outages API has no impact on whether an outage is treated as Planned? Is it only ever an unplanned outage if our system is down for a reason other than a release/fix? |
Outages |
DSB |
Taken on notice |
| 1821 |
Q for CTS - update on whether there will be a test harness for FAPI 1.0 Auth Code Flow (so all participants can be certain their implementations are compliant ...and working)? ETA? |
Outages |
ACCC |
Answered |
1st of December 2022
| Ticket # |
Question |
Category |
Organisation |
Action |
|
|
|
|
|
No actions recorded.
24th of November 2022
| Ticket # |
Question |
Category |
Organisation |
Action |
| 1777 |
Follow-up to question raised |
Secondary User |
ACCC |
ACCC to follow-up and answer soon |
| 1809 |
ID Permanence per ADR Software Product |
Infosec |
DSB |
DSB to seek answer from InfoSec |
| 1810 |
If an account holder has 2 secondary user |
Secondary Users |
ACCC |
Taken on notice |
| 1811 |
CA Usage |
InfoSec |
DSB |
Answered see 01/12 Question and Answer |
17th of November 2022
| Ticket # |
Question |
Category |
Organisation |
Action |
|
|
|
|
|
No actions recorded.
10th of November 2022
| Ticket # |
Question |
Category |
Organisation |
Action |
| Ticket-number |
Question |
Category separated by commas |
Intended recipient |
Answer |
| 1777 |
Follow-up |
|
ACCC |
Pending response |
| - |
Telco DPs 262 – 266 now moved into feedback period closed but feedback responses were not provided and it doesn’t appear to have been incorporated into holistic DP, could we get a response inline please? |
Feedback on Decision Proposals |
DSB |
Pending Response |
| - |
Request for clarification on nominated representatives in energy |
|
ACCC |
Pending Response |
| - |
GET /telco/account/{serviceId} and GET /telco/accounts/{accountId} look too similar, too likely to confuse. Is the first just a typo? Perhaps it was meant to be GET /telco/services/{serviceId}? |
|
|
Pending Response |
3rd of November 2022
| Ticket # |
Question |
Category |
Organisation |
Action |
| Ticket-number |
Question |
Category separated by commas |
Intended recipient |
Answer |
|
|
|
|
|
27th of October 2022
| Ticket # |
Question |
Category |
Organisation |
Action |
|
|
|
|
|
20th of October 2022
| Ticket # |
Question |
Category |
Organisation |
Action |
| 1752 |
Follow-up on Ticket 1752 on 'All' and 'Banking' industry |
Follow-up |
DSB |
Actioned |
| 1770 |
Following our Zendesk question #1655 regarding a data holder with two or more brands in the CDR ecosystem - "does eligibility in one brand mean the data holder is obligated to share closed accounts in another brand if there are only closed accounts in that other brand?". Your response suggests "yes, this is required". This appears to have very significant ramifications for all multi-brand data holders. Using a well-known example - Westpac and St George - both are brands of the Westpac Banking Corporation, both operate under the same ABN and AFSL and credit licence. Does this make them the same Data Holder(JJ - note original was 'ADR')? If it does, then your response to #1655 suggest that a past client of St George (that closed their last St George account within the past 24 months), but that is still eligible for data sharing to Westpac (has Westpac online banking and an open Westpac account), that they must be able to data share their closed St George accounts. Is this right? |
Additional clarification |
ACCC |
Merged in to 1655 |
| 1771 |
Based on https://cdr-support.zendesk.com/hc/en-us/articles/5465006047375-Ceasing-Secondary-User-Sharing, are we allowed to display the secondary user given name or any other info so that the AH can perform this disable action for a particulare sec user as per rule? |
Clarification |
ACCC |
Open |
| 1773 |
Secondary User - Back to Ceasing of Sec user, one of the key points stated "This indication applies to the accredited person legal entity and all of its brands and software products." so… would it be similar to that Westpac / St George subject above where it's expected to block all of them? |
Secondary User |
ACCC |
Actioned |
|
|
|
|
|
14th of October 2022
| Ticket # |
Question |
Category |
Organisation |
Action |
| 1749 |
Review this CDR Support Portal Ticket please |
N/A |
ACCC |
Actioned |
| 1752 |
Question part 2: ", they will register themselves with industry value 'all', instead of creating 3 entries of one each for 'banking', 'energy' and 'telco'" |
|
ACCC, DSB |
Pending |
| 1759 |
2. Software product - When we collect customer consent to get access to their data, do DH need show customer know how their data collected will be used by ADR product apart from showing the type of data (transaction read, acc read etc) and duration of data being collected? 3. Reporting and complain compliance - Is there any system reporting and complain management portal requirement for ADR similar to ADH. If yes, can you please share the link to the doc. 4. Request for general guidance for ADRs and flow diagrams |
ADR, Consent |
ACCC |
Pending |
| 1757 |
Banking sector - Given a scenario, when the Non individual NI removes last remaining NR from the account and NR have an active consents for that account. Due to some reason that consent(s) are not withdrawn by the NR via consent dashboard and NI is not provided with the consent dashboard either and NI can only use the manual process to withdraw the consent, which may be not be at the same time when the last NI was removed. Hence, CDR data sharing will continue until all the consent are removed. For example, last NR associated with the account was removed on say 1 September 2022 and consent withdrawal request was received and processed on 20 September 2022. So technically, there was no NR associated with account for 20 days and CDR data was shared during that period Questions: Is this the breach of CDR Rules as there was no NR and CDR data sharing continued during that period? |
Compliance |
ACCC |
Pending |
7th of October 2022
| Ticket # |
Question |
Category |
Organisation |
| 1758 |
Follow on Question, on a Joint Account when it comes to DOMS side, is this functionality that's controlled by DOMS as in non disclosure? |
Rules |
|
|
|
|
|
|
|
|
|
|
|
|
|
7th of October 2021
| Ticket # |
Question |
Category |
Organisation |
| 1107 |
The 'lastUpdateTime' property in the Customer schemas states 'If no update has occurred then this date should reflect the initial creation date for the data'. If an update has occurred, but we don't store an update time for just the data in the schema, should we exclude this optional property, or leave the value as the initial customer data creation date? (possibly implying 'no update has occurred') https://consumerdatastandardsaustralia.github.io/standards/#tocScommonperson x-fapi-interaction-id header. |
|
|
| 1106 |
Amending Account for An Existing Consent Scenario with PAR - CTS scenario is failing as scope parameter is not passed in token response. related to scope parametr in response .#15 section 5.2.2 of Draft-06 mentions Auth Server “shall return the list of granted scopes with the issued access token” shall return the list of granted scopes with the issued access token if the request was passed in the front channel and was not integrity protected; FAPI 1.0 F |
|
|
23rd of September 2021
17th of September 2021
| Ticket # |
Question |
Category |
Organisation |
Action |
| 1075 |
When can the energy sector expect energy specific wireframes to be developed? e.g the default example wireframe in the consumer dashboard is banking specific. |
Consumer Experience, Standards |
DSB |
CDR Support Portal Article |
Template
| Ticket # |
Question |
Category |
Organisation |
Action |
| Ticket-number |
Question |
Category separated by commas |
Intended recipient |
Answer |
|
|
|
|
|