V1.2.0 Release Notes
Release notes for version 1.2.0 of the CDR Standards.
This version of the standards is considered to be the binding baseline for the Phase 2 implementation of the Consumer Data Right regime currently targeted for July 2020.
High Level Standards
|Binding Statement||Modified the introduction section to include a statement of binding that is aligned to the legal framework for the CDR regime||Introduction|
|Clarification of DateTimeString||Change to the description of the DateTimeString type to clarify the baselining of time to UTC. This is a clarification only and does not materially change the standards||Common Types Section|
API End Points
Information Security Profile
|Concurrent Consent Decision||Incorporated the changes articulated in Decision 85 regarding concurrent consent||Consent Section|
|Client Registration Discovery||Added the requirement that the client registration end point be included in the OIDC discovery response||Security End Points Section|
|Security TLS Certificate||The constraint that security end points requiring TLS only must use a certificate obtained from the CDR CA has been removed||Security End Points Section|
|Defect: Data cluster language for basic scope||CX Standards: minor defect correction for location of ‘balances’.
'Account name and type' now changed to 'Account name, type and balance'.
'Account numbers, balances and features' now changed to 'Account numbers and features'.
Page 21: Data Standards Language
|Single/Concurrent consent guideline||CX Guidelines: example for ADRs to present withdrawal election prior to establishing a new consent.||CX Guidelines
Page 64: Subsequent Consent
|Rule 4.23(b) example: historical data||CX Guidelines: showing how DHs may present static ‘1 Jan 2017’ reference in authorisation flow to reflect rule 4.23(b).
CX Guidelines now also suggest other locations for this information that are not required in the rules or standards.
Page 82: Authorise / Confirmation
Page 96: ADR dashboard
Page 108: DH Dashboard
|Rule 7.4 and 7.9 example: compliance with Privacy Safeguards 5 and 10||CX Guidelines: example for privacy safeguard requirement on dashboards. Rules regarding disclosure of datasets, references to ADRs and DHs, and date of initial and final disclosure.||CX Guidelines
Page 96: ADR dashboard
Page 108: DH dashboard
|CDR Branding||CX Guidelines: official CDR branding included in screens that refer to accreditation, with reference to ACCC-supplied assets.||CX Guidelines
Pages 10, 37, 39, 77, 110
|Accreditation check||CX Guidelines: statement regarding ACCC-provided URL for consumers to use to verify accreditation||CX Guidelines
Page 39, 111
|Password copy||CX Guidelines: clarified example of copy regarding CDR participants never asking for consumer passwords. Presented in body copy and footer.||CX Guidelines
Pages 71 - 75
|CDR Rule 7.12(2)(b)||CX Guidelines: inclusion of rule in reference to outsourced providers.||CX Guidelines
Page 58, 62
|Design patterns||CX Guidelines: guideline on encouraging consumers to be privacy conscious.||CX Guidelines
Page 53, 95, 108
|Rules references||CX Guidelines: amended rules references.||CX Guidelines
Pages 40, 58, 98, 99, 107
|CDR Receipt: Rule 4.18||CX Guidelines: copy updated to clarify that ADRs may but are not required to provide a CDR receipt on the consumer dashboard.||CX Guidelines