search

ConsumerDataStandardsAustralia / standards-maintenance

This repository houses the interactions, consultations and work management to support the maintenance of baselined components of the Consumer Data Right API Standards and Information Security profile.
41 stars 9 forks source link

Align data quality NFR with Privacy Safeguard 11 #407

Closed CDR-API-Stream closed 2 years ago

CDR-API-Stream commented 3 years ago

Description

The OAIC has provided feedback that the data quality section of the non-functional requirements in the standards is not fully aligned with Privacy Safeguard 11, which covers the same ground

Area Affected

The are impacted is the non-functional requirements section of the standards. Specifically, the section relating to data quallity.

Change Proposed

Modify the text of the data quality section of the standards to align with, and refer to, Privacy Safeguard 11 and the related regulatory requirements stipulated by the OAIC.

CDR-API-Stream commented 2 years ago

This issue was discussed in the Maintenance Iteration call held on 06/10/2021. In line with feedback from the OAIC regarding data quality requirements in relation to Privacy Safeguard 11, it is proposed to change the Data Quality section of the standards from:

Data holders are required to take reasonable steps to ensure that CDR data, having regard to the purpose for which it is held, is accurate and up to date.

A data holder is required to be able to demonstrate that reasonable steps to maintain data quality are being undertaken.

To instead be worded as:

If a Data Holder of CDR data is required or authorised under the Consumer Data Rules to disclose product data, the Data Holder must take reasonable steps to ensure that the product data is, having regard to the purpose for which it is held, accurate, up to date and complete.

Data Holders are required to be able to demonstrate that reasonable steps to maintain data quality of product data are being undertaken.

Note: For the data quality requirements that apply to CDR data for which there are one or more CDR consumers, see Privacy Safeguard 11 (section 56EN of the Competition and Consumer Act 2010). There are requirements in Privacy Safeguard 11 for both Data Holders and Data Recipients. See Chapter 11 (Privacy Safeguard 11) of the OAIC’s CDR Privacy Safeguard Guidelines for further information.

This makes it clearer the requirements for data quality of product reference data, and consumer data, which is already governed by the Privacy Safeguards.

Please note: the proposed wording is slightly different to what was discussed last week on the iteration call after further feedback from the OAIC.

CDR-API-Stream commented 2 years ago

These changes have been staged for review: https://github.com/ConsumerDataStandardsAustralia/standards-staging/compare/release/1.15.0...maintenance/407

CDR-API-Stream commented 2 years ago

This change was incorporated into release v1.15.0. Refer to Decision 212 for further details.