Updated @March 6, 2024
This section provides examples for how to implement insight disclosure consents.
On this page
Overview
Insight disclosure consents allow consumers to consent to share CDR insights outside the CDR system with specified persons for a range of prescribed purposes. This increases consumers’ ability to engage with unaccredited parties in a way that limits the data they share to only what is necessary for the prescribed purpose.
As per the CDR rules, insight disclosure consents permit accredited data recipients, or CDR representatives that hold the CDR data as service data, to disclose data to a specified person for one or more of the following purposes:
- verifying the consumer’s identity;
- verifying the consumer’s account balance;
- verifying the details of credits to or debits from the consumer’s accounts; but
- where the CDR data relates to more than one transaction - does not authorise the accredited data recipient to disclose an amount or date in relation to any individual transaction
An insight disclosure consent is not a permitted use or disclosure if the CDR insight includes or reveals sensitive information within the meaning of the Privacy Act 1988.
For further guidance, see OAIC's CDR insights.
Wireframes and guidelines
Detached flow - default example
The following wireframes show a basic example of an insight disclosure consent requested by an accredited data recipient. In this example,
- the consumer has selected the specified person during pre-consent;
- the collection/use consent has already been separately established, allowing a disclosure consent to be requested in a separate consent flow.
While the CDR rules referenced in the key requirements and annotations of this flow relate specifically to accredited data recipients, equivalent rules for CDR representatives requesting an insight disclosure consent can be found in the CDR rules Division 4.3A.
Download open source asset
Open sources design assets are created in Figma for the purposes of assisting implementation. This Figma file contains annotated wireframes and working prototypes for Insights disclosure consents, including:
- Detached flow - default example
| Item | File | Date released | Version introduced |
|---|---|---|---|
March 6, 2024 | 1.29.1 |
For past versions, refer to Change log.
References
These CX Guidelines were informed by consultations and research conducted in 2019 to 2022, including the following:
- Consultations
- ACCC 2020, Draft v2 Rules consultation (see concept 5.2 Insight disclosure)
- Treasury 2021, Draft v3 Rules consultation
- DSB 2021, Noting Paper 207 - Draft v3 Rules Analysis | Anticipated Data Standards
- DSB 2021, Decision Proposal 222 - CX Standards | Insights and Trusted Adviser Disclosure Consents
- CX research
- DSB 2020, Phase 3 Round 8 summary (PDF)
- DSB 2021, Disclosure Consent Research Report (Q4 2021, R1-2)
- Other
- Nielsen Norman Group 2019, 10 Usability Heuristics for User Interface Design (Visibility of system status)
- CPRC 2021, Vulnerability, capability, opportunity
- Australian Government Style Manual 2021, Literacy and access
- OAIC 2021, Consumer Data Right insights
- OAIC 2022, Privacy Safeguard 12
Quick links to CX Guidelines:
→ cx@consumerdatastandards.gov.au → cx.cds.gov.au | cds.gov.au
