ABSIA submitted to the ACCC's CDR Draft Rules Consultation on 20 July 2020.
We consulted with members and presented the following concerns:
- Creating unnecessary barriers to participation for intermediaries, including the high cost of accreditation and ongoing compliance
- Potential confusion about when data is "CDR data" and subject to CDR legislation versus when it is "other data" and not subject to CDR legislation
- Conflicting data retention requirements. For example, accountants who are legally required to store certain data for set periods, have to delete this data under CDR rules
- Not implementing prescriptive security controls (i.e. "maturity-based approach") which avoid different interpretations that add costs, create disputes and increase cyber risk
- Failing to leverage the experience from comparable frameworks such as the ATO's Operational Framework and ABSIA's Security Standard for Add-on Marketplaces (SSAM). Not leveraging this experience can add time and cost for all involved
- Ignoring potential learnings from the UK's Open Banking implementation
In our submission, ABSIA also encouraged the ACCC to consult more with industry and professional associations to better understand potential impacts within specific industries.
A full copy of this submission can be accessed here.