Wireframe ref | Type | Requirement level | Statement | Reference | Checklist ref | Focus area |
|---|---|---|---|---|---|---|
01 | CDR Rule | MUST | (1) For this rule, an approval notification is a notice given by the data holder: (a) to a relevant account holder, to inform them that the requester has given, amended or withdrawn an authorisation, or that the authorisation has expired; in accordance with the data standards. | CDR Rule 4A.14(1)(a) | 5CM5.01.01 | |
02 | CDR Rule | MUST | (1) For this rule, an approval notification is a notice given by the data holder: (b) to the requester, to inform them that: (ii) a relevant account holder has withdrawn an approval previously given; in accordance with the data standards. | CDR Rule 4A.14(1)(b)(ii) | 5CM5.01.02 | |
03 | CDR Rule | MUST | (1) For this rule, an approval notification is a notice given by the data holder: (b) to the requester, to inform them that: (i) one or more of the relevant account holders has not given their approval for disclosure within the time frame referred to in paragraph 4A.11(e); in accordance with the data standards. | CDR Rule 4A.14(1)(b)(i) | 5CM5.01.03 | |
04 | CDR Rule | MUST | (3) The data holder must, in accordance with any relevant data standards: (a) provide for alternative notification schedules (including reducing the frequency of notifications or not receiving notifications); and (b) give each joint account holder a means of selecting such an alternative, and of changing a selection. | CDR Rule 4A.14(3) | 5CM5.01.04 | |
05 | CX Standard | MAY | Data holders MAY allow a consumer to amend their notification schedule in line with existing notification management channels and experiences. This MAY, for example, allow the joint account notification schedule to be amended in the same location as other notifications. | 5CM5.01.05 | ||
06 | CX Standard | MAY | For the content of the approval notification, data holders MAY provide the consumer with instructions for how any relevant authorisation(s) or approval(s) can be reviewed. | 5CM5.01.06 | ||
07 | CX Standard | MAY | Data holders MAY provide a mechanism or entry point for a notification schedule to be amended from or in relation to the notification itself. This MAY, for example, allow a consumer to stop receiving the type of notification(s) from the notification itself. The notification MAY also, for example, include a link to amend the notification schedule or instructions to direct the consumer to the appropriate place. | 5CM5.01.07 | ||
08 | CX Standard | MAY | In relation to the joint account alert standards in this section, data holders MAY provide further information about any services or processes in place for supporting vulnerable consumers or reporting risks of physical, psychological, or financial harm or abuse to the data holder. | 5CM5.01.08 | ||
09 | CX Standard | MAY | Data holders MAY offer consumers the ability to specify which joint account notifications they do and do not want to receive. This MAY, for example, allow a relevant joint account holder to only receive notifications when the requester gives or amends an authorisation. | 5CM5.01.09 | ||
10 | CX Standard | MAY | Data holders MAY allow consumers to elect to no longer receive any joint account notifications. | 5CM5.01.10 | ||
11 | CX Standard | MAY | Data holders MAY offer consumers the ability to receive their joint account notifications less frequently and as a periodic summary. This MAY, for example, outline all joint account activity at a frequency determined by the data holder and consumer, such as the previous quarter, month, fortnight, and so on. This MAY also, for example, be provided with or in relation to other CDR notifications such as a CDR Receipt, which is optional for data holders. | 5CM5.01.11 | ||
12 | CX Standard | MAY | Data holders MAY inform the consumer of the consequences of amending their joint account notification schedule. This notification MAY include instructions for how to amend this schedule or reverse the amendment. | 5CM5.01.12 | ||
13 | CX Guideline | MAY | CDR Rule 4A.14(3) requires data holders to: (a) provide for alternative notification schedules (including reducing the frequency of notifications or not receiving notifications), and (b) give each joint account holder a means of selecting such an alternative, and of changing an election. Alternative settings under rule 4A.14(3) only apply to the following notifications in rule 4A.14(1): 1. The requester has given, amended, or withdrawn an authorisation 2. Expiration of an authorisation 3. A relevant account holder hasn’t given approval within the relevant time frame 4. A relevant account holder has withdrawn an approval The standards in this section provide a non-exhaustive list of options that data holders may implement to support their compliance with these rules. The specific implementation of an alternative notification schedule and offering, which may or may not include options listed here, are at the data holder’s discretion. It is the data holder’s responsibility to ensure it is meeting its obligations under the CDR Rules. Compliance with the CDR Rules on alternative notification schedules would require, at a minimum, implementation of a combination of options (being a combination of options listed below, other measures, or both). | CDR Rule 4A.14(1), (3) | 5CM5.01.13 | |
14 | CX Guideline | MAY | Data holders may offer an alternative notification schedule to apply at the account level and the customer level. | 5CM5.01.14 | ||
15 | CX Guideline | MAY | Data holders should refer to disclosure options using plain language. A description of the disclosure option should be provided where possible. These artefacts use 'single consent' to represent pre-approval disclosure option, 'joint consent' to represent co-approval disclosure option, and 'stop all sharing from this account' or 'data sharing disabled' to represent a non-disclosure option. | 5CM5.01.15 | ||
16 | CX Guideline | MAY | Data holders should provide information about the ADR to relevant account holders. This should include the ADR's name, accreditation number and a link to the their specific page on www.cdr.gov.au/find-a-provider for accreditation verification purposes. | CX Research: 2019 Phase 2, Stream 1 report; 2020 Phase 3, Round 3 report | 5CM5.01.16 | |
17 | CX Guideline | MAY | Where an alternative notification schedule is provided as per CDR Rule 4A.14(3), this notification may be omitted at the consumer's request. | CDR Rule 4A.14(3) | 5CM5.01.17 | |
18 | CX Guideline | MAY | Community consultation suggested that identifying the specific account holder may raise privacy concerns in some instances. Data holders may identify the specific account holder in relation to the relevant rules requirement, but may also deem it necessary to omit these details in certain scenarios in accordance with CDR Rule 4A.15. | CDR Rule 4A.15 | 5CM5.01.18 | |
19 | CX Guideline | MAY | Data recipients should educate consumers about data sharing with the CDR, which may include references to the CDR protections. CX research has found that including this information increases familiarity, trustworthiness, propensity to consent, and increase the chances of adoption and successful completion. | 5CM5.01.19 | ||
20 | CX Guideline | MAY | Data holders should inform the consumer when a notification schedule change only applies for authorisation withdrawal/expiry and approval withdrawal, and not a change to the non-disclosure option. | 5CM5.01.20 | ||
21 | CX Guideline | MAY | Data holders can refer to accounts using recognised nicknames, icons, account numbers, and account type. They can also include information on other elements the account may refer to such as any related plans, services, properties, numbers, and products. | 5CM5.01.21 |