Consumer Data Right: Privacy Impact Assessment (March 2019)



Treasury has prepared a second version of the Privacy Impact Assessment (PIA) for the Consumer Data Right (CDR), in accordance with the Privacy (Australian Government Agencies – Governance) APP Code 2017 and the Office of the Australian Information Commissioner’s (OAIC) Guide to undertaking Privacy Impact Assessments.

This second version of the PIA incorporates stakeholder feedback received as part of the public consultation undertaken on the first version of the PIA between 21 December 2018 and 18 January 2019. Submissions to that consultation are now available.

In addition to seeking public feedback, Treasury also engaged a privacy consultant to conduct independent quality assurance of the PIA. This second version of the PIA also reflects feedback from the consultant’s report [PDF 922KB].

The PIA is a living document, and updates will occur where any changes to the CDR significantly impact upon privacy. The next version of the PIA will be completed once the CDR Rules and Standards have been finalised. The CDR Bill also mandates assessments of privacy impact as part of the sector designation and rulemaking stages.