Work space for the consumer data right information security profile development in Australia
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Consumer Data Right Information Security Profile

The latest Information Security Profile Draft is published at:

The Information Security Profile draft is evolving as decisions are made.

Data61 and the standards

Data61 has been appointed as technical advisor to the interim data standards body by the Australian federal government, as part of the introduction of Consumer Data Right legislation to give Australians greater control over their data.

Please visit the Consumer Data Standards Web Site at:


You can subscribe to and view CDR Information Security newsletters here

Change Log

The change log can be found here

Workshop Material

Presentation Slides 16th November 2018 Workshop

Presentation Slides 6th December 2018 Workshop

CDR Overview

The Consumer Data Right is intended to apply sector by sector across the whole economy, beginning in the banking sector. The energy and telecommunications sectors will follow. In the first instance Australia’s four major banks have been tasked with implementing an open banking standard by 1 July 2019, and so developing an open banking standard - building on existing open banking and financial API standards - is Data61’s immediate focus. All other banks will need to comply with these standards by 1 July 2020.

This work is being delivered by a newly formed team within Data61 - the Consumer Data Standards team - acting as the interim standards body. The work of the team will be overseen by Mr. Andrew Stevens as interim Chair, with industry and consumer advice provided by an Advisory Committee. Data61 will be working closely with the Australian Competition and Consumer Commission (ACCC) as lead regulator of the Consumer Data Right, supported by the Office of the Australian Information Commissioner (OAIC).

A number of working groups are being established to support Data61 designing and testing the open standards it develops. Input provided by the Advisory Committee and working groups, alongside draft guidance materials, API specifications and implementation materials will be shared openly. At present, three work streams are being proposed:

  • API Standards
  • Information Security
  • Consumer Experience

This repository will be used to seek feedback from working groups, share drafts and proposals and review standards as they develop. Feedback on proposed decisions by the Data Standards Body will be collated and presented to the Chair, who has decision-making authority in relation to the Standards.

For more information, contact Further updates will be added to this page as the Consumer Data InfoSec Profile work gets underway.

Rules of engagement

We're committed to undertaking conversations relating to the technical standards in the open. Questions or comments that participants might ask us via email or private message are likely to be questions or comments other participants have as well. Our answers will be of interest to everyone. There are likely to be experiences and lessons everybody working in this ecosystem can learn from. Having these conversations transparently helps us reduce duplication, resolve issues faster and keep everyone up to date with the conversation.

We ask that all contributors to the Consumer Data Standards repositories comply with the GitHub Community Forum Code of Conduct.

In addition, it would be appreciated if the following rules are adhered to when commenting or contributing:

  • Please provide a single, considered response to each proposal covering all feedback concerning the proposal.
  • For transparency, if you work at or are associated with an organisation with an interest in the standards, please indicate this in your response.
  • Please ensure you are aware of and compliant with any social media guidelines or internal processes for response set by your organisation before providing feedback.