Wireframe ref | Type | Requirement level | Statement | Reference | Checklist ref | Focus area |
---|---|---|---|---|---|---|
01 | CDR Rule | MUST | A data holder must update a CDR consumer’s consumer dashboard as soon as practicable after the information required to be contained on the dashboard changes. | CDR Rule 4.27 | 5CM2.00.01 | |
02 | CX Standard | MUST | As part of the withdrawal process, the data holder MUST advise the consumer to review the consequences of withdrawal with the Data Recipient before they stop sharing their data. The data holder MAY consider using or paraphrasing the following message(s): • ‘You should check with [Data Recipient] before you stop sharing to understand the consequences.’ • ‘You should check with [Data Recipient] to see if your service will be impacted before you stop sharing.’ | Withdrawal Standards, Withdrawing authorisation: Consequences | 5CM2.00.02 | |
03 | CX Standard | MUST | As part of the withdrawal process, the data holder MUST inform the consumer about the handling of redundant data and the right to delete. The data holder MAY consider using or paraphrasing the following message(s): • ‘CDR data is either deleted or de-identified when it is no longer required.’ • ‘[Data Recipient] will have specific policies on how to handle your data once it’s no longer required.’ | Withdrawal Standards, Withdrawing authorisation: Redundant data | 5CM2.00.03 | |
04 | CX Guideline | MAY | Data holders should use the phrase 'Stop sharing' or 'Stop data sharing' to refer to how a consumer can withdraw authorisation. | 5CM2.00.04 | ||
05 | CX Guideline | MAY | Data holders should introduce positive friction to the withdrawal flow to mitigate user error and unintended consequences. Data holders may choose to do this via a 2-step authorisation withdrawal process. | CX Research 32 | 10 Usability Heuristics for User Interface Design: Error prevention (Nielsen) | 5CM2.00.05 | |
06 | CX Guideline | MAY | Data holders should provide a message to consumers that withdrawal was successful. This message should be clearly visible on the dashboard and shown as soon as withdrawal has taken place. | 10 Usability Heuristics for User Interface Design: Visibility of system status (Nielsen) | 5CM2.00.06 | |
07 | CX Guideline | MAY | Data holders should provide CDR Receipts reflecting the details of the authorisation shown on a consumer's dashboard. CDR Receipts should be provided in writing, such as in an email, when: 1. Authorisations are successfully established 2. Authorisations are withdrawn 3. Authorisations expire 4. Authorisations are amended CDR receipts should also outline details on complaint handling and resolution processes. Dashboards should provide a way for consumers to request a copy of their CDR receipts. | 5CM2.00.07 | ||
08 | CDR Rule | MUST | (1) If a data holder receives a consumer data request from an accredited person on behalf of a CDR consumer, the data holder must, in the circumstances specified in a sector Schedule, ensure that it provides the CDR consumer with an online service that: (c) has a functionality that: (v) as part of the withdrawal process, displays a message relating to the consequences of the withdrawal in accordance with the data standards; | CDR Rule 1.15(1)(c)(v) | 5CM2.00.08 | |
09 | CDR Rule | MUST | (1) A data holder must keep and maintain records that record and explain the following: (b) amendments to or withdrawals of authorisations to disclose CDR data; | CDR Rule 9.3(1)(b) | 5CM2.00.09 | |
10 | CX Guideline | MAY | Data holders are expected to record how the withdrawal was requested by the consumer in relation to CDR Rule 9.3(1)(b), but the rules do not require the method of withdrawal to be shown on the dashboard. However, data holders may wish to do this on the dashboard and/or in any CDR Receipt they choose to provide. | 5CM2.00.10 | ||
11 | CX Guideline | MAY | Data holders can refer to accounts using recognised nicknames, icons, account numbers, and account type. They can also include information on other elements the account may refer to such as any related plans, services, properties, numbers, and products. | 5CM2.00.11 | ||
12 | CX Standard | MUST | Effective from July 1st 2024: Data holders MUST advise consumers to check with the relevant data recipient for information about how their data may be handled. The precise wording of this message is at the discretion of the data holder. The data holder MAY consider using or paraphrasing the following message: • ‘You should check with [ADR brand/the data recipient] for more information on how they are handling your data, and for any other permissions you may have given them. See [ADR]’s CDR policy or their Dashboard for more information.’ | Dashboard Standards, Data Holder Dashboards, Data Holder Dashboard: Data recipient handling details | 5CM2.00.12 |