Publication of a guide on providing CDR data to brokers

The OAIC has issued new guidelines explaining key confidentiality obligations relating to how CDR disclosures should be forwarded to “trusted advisers”, including mortgage brokers.

Building on changes to the Consumer Data Right (CDR) system that will allow consumers to use the CDR to share their data with “trusted advisors” in order to receive advice or service, the Office of the Australian Information Commission (OAIC) ​​has now issued further guidance on how this should be handled.

Trusted advisers include such persons as lawyers, accountants, financial advisers, tax agents and mortgage brokers (as defined in National Consumer Credit Protection Act 2009).

According to the updated rules, disclosure of CDR data to a trusted advisor will only be permitted on February 1, 2022, or the day the President of Data Standards sets a consumer experience data standard. for the disclosure of CDR data to trusted advisers.

The CATO guide specifies that a consumer can designate certain people as “Trusted advisers” and give consent to an Accredited Data Recipient (ADR) to share data with that advisor, so that they can receive advice or a service.

It specifies that an ADR cannot make the appointment of a trusted advisor, the appointment of a particular person as a trusted advisor, or consent to the disclosure of data to a trusted advisor, a condition of the supply of goods or services.

What an ADR should do when sharing data

According to the guide, once ADR receives consumer consent (known as TA’s consent to disclosure), the recipient of the data must take “reasonable steps” to confirm that the person was and remains a member of the group and keep records of the steps they have taken to do so. This may include checking a public register, asking them to provide proof of membership or requesting a contractual guarantee, attestation, representation or statutory declaration from the trusted advisor that they belong to the relevant class.

The guide specifies that even if the “reasonable” criterion is objective, it may vary depending on the nature of the data disclosed. For example, the CATO points out that more stringent measures may be needed as the amount and / or sensitivity of CDR data to be disclosed increases, and if the consumer has only known the trusted advisor for a short time.

The CATO guide emphasizes that it would also be “good practice” for ADRs to check the status of the trusted advisor at regular intervals, for example once every 12 months, to ensure that they are always members of the concerned class.

In addition, he said it would be “prudent” for ADRs to take steps to verify the status of the Trusted Advisor before any further disclosure of CDR data if they learned that they may no longer be practicing. this profession.

Once ADR has obtained the consumer’s consent to share their data with their trusted advisor and the information has been shared, ADR will then need to update the consumer dashboard, according to the guide.

The consumer dashboard should be updated “as soon as possible” and present:

  • What CDR data has been disclosed
  • When it was leaked
  • Who was the trusted advisor

The information should also be listed in the consumer dashboard, specifying that the consumer can request copies of these records and how to do so.

ADR is also required to keep and retain records when disclosing CDR data to a trusted advisor who explains:

  • Disclosure of CDR Data to Trusted Advisor
  • Who is the trusted advisor
  • Any steps taken to confirm that the advisor is a member of a category of professions listed as a trusted advisor

Regular reports will also need to be submitted to the Australian Competition and Consumer Commission (ACCC) and the Australian Information Commissioner’s Office (OAIC), which will include information on the number of TA disclosure consents received. and the number of trusted advisers in each class. to whom they disclosed the CDR data.

What brokers should do

While Trusted Advisors are not CDR Participants (and therefore are not subject to any confidentiality guarantees or other obligations that apply under the CDR System), CATO suggests that Trust Advisors trust should “always consider their professional obligations” (such as best interest duties) in relation to their processing of a consumer’s data.

“As a good practice, trusted advisers who receive CDR data should ensure that they are handling that data transparently and in a way that the consumer expects,” the guide reads. CATO.

[Related: Brokers to access CDR data]

Publication of a guide on providing CDR data to brokers



The advisor's logo


Last updated: January 05, 2022

Posted: 06 January 2022




Annie kane

Annie kane

Annie Kane is the managing editor of The Adviser and Mortgage Business.

In addition to writing about the Australian brokerage industry, mortgage market, financial regulation, fintechs and the broader lending landscape – Annie is also the host of Elite Broker and In Focus podcasts and The Adviser Live webcasts. .

Send an email to Annie at: This e-mail address is protected from spam. You need JavaScript enabled to view it.