-
Notifications
You must be signed in to change notification settings - Fork 56
CDR Implementation Call Questions on Notice
CDR API Stream edited this page Feb 16, 2023
·
27 revisions
Please note the questions taken on notice are done on behalf of the organisation and there is no SLA or obligation for the answer. This is undertaken as a best efforts exercise to support the CDR Community. For Rules interpretation queries it is advised to seek internal or external advice prior to engaging the ACCC or OAIC for advice.
| Ticket # | Question | Category | Organisation | Action |
|---|---|---|---|---|
| 1859 | Do we have any figures on the number of individual consumers who have registered as CDR across the energy sector? (or the banking sector) | CDR.gov.au | ACCC | Pending |
| Ticket # | Question | Category | Organisation | Action |
|---|---|---|---|---|
| 1855 | when can we expect rules v 5? | Rules | TSY | Answered |
| Ticket # | Question | Category | Organisation | Action |
|---|---|---|---|---|
| 1823 | The availability chart on https://www.cdr.gov.au/performance seems to be very different to what DHs provide on a daily basis. Also, the figures dont change from day to day, it appears to be a static number for the particular month. Why is that ? I have raised this on 13/12 ==> https://cdr-support.zendesk.com/hc/requests/1823 but no update as yet | Performance Dashboard | ACCC | Answered |
| 1842 | https://cdr-support.zendesk.com/hc/en-us/articles/5081838045967-Guidance-for-Profile-Scope-and-Standard-Claims - If a Data Holder receives a request from an ADR to share both the CDR Consumer's and Authenticated User’s data, e.g. common:customer:detail:read and OIDC Profile Scope, if the Data Holder determines that we must not share the CDR Consumer’s data under the rules, e.g. due to a temporary block, then must we also not share Profile Scope information for the authenticated user (Nominated Representative or a Power of Attorney), even though the temporary block does not apply to them? | Scopes | DSB | Pending |
| 1843 | noting that we've sent through a separate email requesting our comments posted on https://github.com/ConsumerDataStandardsAustralia/standards/issues/282 be closed out as soon as possible. Thanks very much. | GitHub Feedback | DSB | Pending |
| Ticket # | Question | Category | Organisation | Action |
|---|---|---|---|---|
| 1820 | There is a Zendesk article 'Communicating Planned Outages' that states that "As for "advanced notice", timing should be on par with your existing digital banking channels. In other words, you should provide notice in a timely manner similar to your other channels." It differs from the schema which states "Planned outages should be...Published to Data Recipient Software Products with at least one week lead time for normal outages". I assume the schema takes precedence, and the Zendesk article is out of date? The schema then goes on to say "Planned outages may occur without notification if the change is to resolve a critical service or security issue." So if a DH puts in an urgent change and either doesn't lodge the notification with a weeks notice, or lodges no notification, that is still classified as a planned outage? I.e. The Get Outages API has no impact on whether an outage is treated as Planned? Is it only ever an unplanned outage if our system is down for a reason other than a release/fix? |
Outages | DSB | Taken on notice |
| 1821 | Q for CTS - update on whether there will be a test harness for FAPI 1.0 Auth Code Flow (so all participants can be certain their implementations are compliant ...and working)? ETA? | Outages | ACCC | Answered |
| Ticket # | Question | Category | Organisation | Action |
|---|---|---|---|---|
No actions recorded.
| Ticket # | Question | Category | Organisation | Action |
|---|---|---|---|---|
| 1777 | Follow-up to question raised | Secondary User | ACCC | ACCC to follow-up and answer soon |
| 1809 | ID Permanence per ADR Software Product | Infosec | DSB | DSB to seek answer from InfoSec |
| 1810 | If an account holder has 2 secondary user | Secondary Users | ACCC | Taken on notice |
| 1811 | CA Usage | InfoSec | DSB | Answered see 01/12 Question and Answer |
| Ticket # | Question | Category | Organisation | Action |
|---|---|---|---|---|
No actions recorded.
| Ticket # | Question | Category | Organisation | Action |
|---|---|---|---|---|
| Ticket-number | Question | Category separated by commas | Intended recipient | Answer |
| 1777 | Follow-up | ACCC | Pending response | |
| - | Telco DPs 262 – 266 now moved into feedback period closed but feedback responses were not provided and it doesn’t appear to have been incorporated into holistic DP, could we get a response inline please? | Feedback on Decision Proposals | DSB | Pending Response |
| - | Request for clarification on nominated representatives in energy | ACCC | Pending Response | |
| - |
GET /telco/account/{serviceId} and GET /telco/accounts/{accountId} look too similar, too likely to confuse. Is the first just a typo? Perhaps it was meant to be GET /telco/services/{serviceId}? |
Pending Response |
| Ticket # | Question | Category | Organisation | Action |
|---|---|---|---|---|
| Ticket-number | Question | Category separated by commas | Intended recipient | Answer |
| Ticket # | Question | Category | Organisation | Action |
|---|---|---|---|---|
| Ticket # | Question | Category | Organisation | Action |
|---|---|---|---|---|
| 1752 | Follow-up on Ticket 1752 on 'All' and 'Banking' industry | Follow-up | DSB | Actioned |
| 1770 | Following our Zendesk question #1655 regarding a data holder with two or more brands in the CDR ecosystem - "does eligibility in one brand mean the data holder is obligated to share closed accounts in another brand if there are only closed accounts in that other brand?". Your response suggests "yes, this is required". This appears to have very significant ramifications for all multi-brand data holders. Using a well-known example - Westpac and St George - both are brands of the Westpac Banking Corporation, both operate under the same ABN and AFSL and credit licence. Does this make them the same Data Holder(JJ - note original was 'ADR')? If it does, then your response to #1655 suggest that a past client of St George (that closed their last St George account within the past 24 months), but that is still eligible for data sharing to Westpac (has Westpac online banking and an open Westpac account), that they must be able to data share their closed St George accounts. Is this right? | Additional clarification | ACCC | Merged in to 1655 |
| 1771 | Based on https://cdr-support.zendesk.com/hc/en-us/articles/5465006047375-Ceasing-Secondary-User-Sharing, are we allowed to display the secondary user given name or any other info so that the AH can perform this disable action for a particulare sec user as per rule? | Clarification | ACCC | Open |
| 1773 | Secondary User - Back to Ceasing of Sec user, one of the key points stated "This indication applies to the accredited person legal entity and all of its brands and software products." so… would it be similar to that Westpac / St George subject above where it's expected to block all of them? | Secondary User | ACCC | Actioned |
| Ticket # | Question | Category | Organisation | Action |
|---|---|---|---|---|
| 1749 | Review this CDR Support Portal Ticket please | N/A | ACCC | Actioned |
| 1752 | Question part 2: ", they will register themselves with industry value 'all', instead of creating 3 entries of one each for 'banking', 'energy' and 'telco'" | ACCC, DSB | Pending | |
| 1759 | 2. Software product - When we collect customer consent to get access to their data, do DH need show customer know how their data collected will be used by ADR product apart from showing the type of data (transaction read, acc read etc) and duration of data being collected? 3. Reporting and complain compliance - Is there any system reporting and complain management portal requirement for ADR similar to ADH. If yes, can you please share the link to the doc. 4. Request for general guidance for ADRs and flow diagrams |
ADR, Consent | ACCC | Pending |
| 1757 | Banking sector - Given a scenario, when the Non individual NI removes last remaining NR from the account and NR have an active consents for that account. Due to some reason that consent(s) are not withdrawn by the NR via consent dashboard and NI is not provided with the consent dashboard either and NI can only use the manual process to withdraw the consent, which may be not be at the same time when the last NI was removed. Hence, CDR data sharing will continue until all the consent are removed. For example, last NR associated with the account was removed on say 1 September 2022 and consent withdrawal request was received and processed on 20 September 2022. So technically, there was no NR associated with account for 20 days and CDR data was shared during that period Questions: Is this the breach of CDR Rules as there was no NR and CDR data sharing continued during that period? |
Compliance | ACCC | Pending |
| Ticket # | Question | Category | Organisation |
|---|---|---|---|
| 1758 | Follow on Question, on a Joint Account when it comes to DOMS side, is this functionality that's controlled by DOMS as in non disclosure? | Rules | |
| Ticket # | Question | Category | Organisation |
|---|---|---|---|
| 1107 | The 'lastUpdateTime' property in the Customer schemas states 'If no update has occurred then this date should reflect the initial creation date for the data'. If an update has occurred, but we don't store an update time for just the data in the schema, should we exclude this optional property, or leave the value as the initial customer data creation date? (possibly implying 'no update has occurred') https://consumerdatastandardsaustralia.github.io/standards/#tocScommonperson x-fapi-interaction-id header. | ||
| 1106 | Amending Account for An Existing Consent Scenario with PAR - CTS scenario is failing as scope parameter is not passed in token response. related to scope parametr in response .#15 section 5.2.2 of Draft-06 mentions Auth Server “shall return the list of granted scopes with the issued access token” shall return the list of granted scopes with the issued access token if the request was passed in the front channel and was not integrity protected; FAPI 1.0 F |
| Ticket # | Question | Category | Organisation |
|---|---|---|---|
| TBA | If a product is not available to customers via a digital channel currently, is the DH still required to share that data? | Category separated by commas Ref: https://cdr-support.zendesk.com/hc/en-us/articles/900003420066-Guidance-for-data-holders-CDR-products-and-eligible-consumers-updated-20-January-2021- |
ACCC Rules Interpretation |
| Ticket # | Question | Category | Organisation | Action |
|---|---|---|---|---|
| 1075 | When can the energy sector expect energy specific wireframes to be developed? e.g the default example wireframe in the consumer dashboard is banking specific. | Consumer Experience, Standards | DSB | CDR Support Portal Article |
| Ticket # | Question | Category | Organisation | Action |
|---|---|---|---|---|
| Ticket-number | Question | Category separated by commas | Intended recipient | Answer |