The OAIC has published a report summarising its assessment of 7 accredited persons’ compliance with Privacy Safeguard 1 (which requires CDR entities (including accredited persons) to have a policy describing how they manage CDR data, and to maintain internal practices, procedures and systems to ensure compliance.)

Privacy Safeguard 1 and CDR Rule 7.2 outline the requirements for CDR entities (including accredited persons) to handle CDR data in an open and transparent way.

All CDR entities must also take steps that are reasonable in the circumstances to implement practices, procedures and systems that will ensure they comply with their CDR obligations and are able to deal with related enquiries and complaints from consumers.

The targets of this assessment were the 7 CDR accredited persons that were active on the CDR register as at 1 November 2021.

The report identifies obligations where the OAIC found 3 or more accredited persons either did not fully comply or had privacy risks.

None of the instances of partial or non-compliance, or privacy risks, were serious enough to warrant further regulatory action at this point. It made recommendations that, if implemented, will adequately address the partial or non-compliance and privacy risks.

The report also identifies areas of good privacy practice.

The OAIC says the assessment helped to inform recent updates to the Guide to developing a CDR policy.

If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.