Australia’s Consumer Data Right (CDR) requires businesses to carefully plan how they handle, store and disclose the consumer data they collect. This primer explains your obligations, the breaches that can occur, and a strategy to avoid them.
Meeting Your Business’s CDR Obligations
​
Australia’s Consumer Data Right (CDR) requires businesses to carefully plan how they handle, store and disclose the consumer data they collect.
The CDR provides individuals with the right to access their personal information, and the right of data portability found in the European General Data Protection Right (GDPR). An economy-wide program, it was launched in 2020, and is presently being rolled out sector by sector.
CDR enables consumers to safely and conveniently elect to share data about them, held by data holders, with accredited providers. The government’s aim with the program is to make it easier for consumers to compare products and services, access better value and improved services, and assist financial management.
Phased Rollout
CDR has already been rolled out to the banking and energy sectors. The Australian Competition and Consumer Commission and co-regulator the Office of the Australian Information Commissioner are responsible for ensuring accredited providers and data holders comply with their CDR obligations.
As companies and consumers have greater access to data, and more data files are being transferred than ever before, greater safeguards to protect this data are required. Regulators are deploying a range of tools to monitor and access the available information to ensure consumers have their data security and integrity in place. Their stated goal is to prevent breaches of the CDR’s obligation through compliance management and enforcement.
​
Business Impact
Businesses need to consider how they handle the data they collect, including how that data is harvested, stored, used and disclosed, and how it will make consumer data available to its customers and their nominated recipients when requested to do so.
Special care of internal systems, processes and compliance is required to prevent breaches. Examples of CDR breaches include:
-
Repeated refusal to disclose consumer data
-
Misleading or deceptive conduct
-
Data collection without valid consent
-
Intentional use or disclosure of data inconsistent with consumer consent
-
Insufficient security controls to protect CDR data
Complying with the CDR
Businesses under the CDR protocols should consider:
-
Reviewing their policies and processes for privacy and data handling
-
Training staff on their CDR obligations and how to manage the risks involved with handling consumer data
-
Establishing breach notification procedures
One way to ensure files are kept secure both at rest and while in transit is to incorporate a managed file transfer system, like GoAnywhere MFT. This secure, automatic software can protect data by:
-
Controlling access to files and data
-
Encrypting data
-
Establishing the correct security settings when sending and/or receiving highly confidential emails
-
Providing automated audits, reports and logs showing who accessed which data, who it was transmitted to, etc.
GoAnywhere can also enhance business efficiency be replacing the myriad of legacy manual approaches for file sharing that can proliferate across businesses over time.
Further consumer-oriented resources on CDR are available from the Australia Government’s website.