Consumer Data Right Information Security Profile
The Information Security Profile draft is evolving as decisions are made.
Data61 and the standards
Data61 has been appointed as technical advisor to the interim data standards body by the Australian federal government, as part of the introduction of Consumer Data Right legislation to give Australians greater control over their data.
The Consumer Data Right is intended to apply sector by sector across the whole economy, beginning in the banking sector. The energy and telecommunications sectors will follow. In the first instance Australia’s four major banks have been tasked with implementing an open banking standard by 1 July 2019, and so developing an open banking standard - building on existing open banking and financial API standards - is Data61’s immediate focus. All other banks will need to comply with these standards by 1 July 2020.
This work is being delivered by a newly formed team within Data61 - the Consumer Data Standards team - acting as the interim standards body. The work of the team will be overseen by Mr. Andrew Stevens as interim Chair, with industry and consumer advice provided by an Advisory Committee. Data61 will be working closely with the Australian Competition and Consumer Commission (ACCC) as lead regulator of the Consumer Data Right, supported by the Office of the Australian Information Commissioner (OAIC).
A number of working groups are being established to support Data61 designing and testing the open standards it develops. Input provided by the Advisory Committee and working groups, alongside draft guidance materials, API specifications and implementation materials will be shared openly. At present, three work streams are being proposed:
- API Standards
- Information Security
- Consumer Experience
This repository will be used to seek feedback from working groups, share drafts and proposals and review standards as they develop. Feedback on proposed decisions by the Data Standards Body will be collated and presented to the Chair, who has decision-making authority in relation to the Standards.
For more information, contact firstname.lastname@example.org. Further updates will be added to this page as the Consumer Data InfoSec Profile work gets underway.
Rules of engagement
We're committed to undertaking conversations relating to the technical standards in the open. Questions or comments that participants might ask us via email or private message are likely to be questions or comments other participants have as well. Our answers will be of interest to everyone. There are likely to be experiences and lessons everybody working in this ecosystem can learn from. Having these conversations transparently helps us reduce duplication, resolve issues faster and keep everyone up to date with the conversation.
We ask that all contributors to the Consumer Data Standards repositories comply with the GitHub Community Forum Code of Conduct.
In addition, it would be appreciated if the following rules are adhered to when commenting or contributing:
- Please provide a single, considered response to each proposal covering all feedback concerning the proposal.
- For transparency, if you work at or are associated with an organisation with an interest in the standards, please indicate this in your response.
- Please ensure you are aware of and compliant with any social media guidelines or internal processes for response set by your organisation before providing feedback.