The Treasury has published an analysis into the Consumer Data Right amendments, which warn of potential shortcomings in data security.
Following on from the announcement that the Consumer Data Right (CDR) will be expanded to give mortgage brokers and other “trusted advisers” access to Consumer Data Right (CDR) data, the Treasury has now released a Privacy Impact Assessment (PIA) on the matter.
The federal Treasury engaged Australian law firm Maddocks to conduct an “independent analysis and assessment” of the proposed rule amendments to identify privacy risks to individuals arising from the proposed amendments and set out recommendations for managing, minimising or eliminating these impacts.
The analysis, conducted in September, flagged concerns associated with sharing data with trusted advisers.
The 83-page report, which was published by the Treasury on Thursday (7 October), notes a series of risks and recommendations designed to mitigate these concerns.
Present in the report were seven risks associated with consumers sharing their CDR data with trusted advisers, orbiting how secure this data will be once it is shared with someone outside the CDR regime; whether this data could be shared with someone who doesn’t align with the CDR regime or the trusted adviser class; and whether consumers could be unaware of the implications in sharing their data or if they may forget key details in their disclosure.
In relation to these risks, Maddocks noted in its recommendations that the Treasury should:
In addition, the report recommended that the Treasury consider undertaking an analysis of whether each of the proposed classes of trusted adviser will at least “be subject to obligations that will require the recipient to use CDR data that it receives consistently with the consents provided by the CDR consumer”.
However, in its response, which was also published on Thursday (7 October), the Treasury stated that it did not accept the above recommendations, noting that the classes of trusted adviser include professions that are “regulated and subject to professional duties and oversight that provide an appropriate level of consumer protections”.
The Treasury added that, while many trusted advisers will be APP entities under the Privacy Act, “requiring all trusted advisers to be subject to the Privacy Act may unduly impede consumer choice in circumstances where professional oversight and regulation exists”.
Timeline of CDR changes roll-out released
The Treasury has also now unveiled the planned framework for how these new CDR changes will come into effect, commencing with the updates to CDR representatives and outsourced services providers beginning from 19 October, two weeks after registration.
Consumers wishing to share their data with trusted advisers, or to disclose limited data insights outside the CDR regime may do so next year, with the changes related to trusted advisers and CDR insights commencing at the earlier of the data standards chair making new standards and 1 February 2022.
The changes to sponsored level of accreditation are also expected to commence 1 February 2022, while the single consent model for joint accounts will be available from 1 July 2022.
[Related: Brokers to access CDR data]
Sam Nichols is a journalist at The Adviser and Mortgage Business. His reporting has featured in a range of outlets including ABC News, SBS' The Feed, and VICE.
After its management restructure, Loan Market Group will continue...
The chairman and chief executive of Heritage Bank have addressed ...