Data Standards Advisory Committee, Meeting Minutes
Date: Wednesday 8 May 2019
Location: ANZ Core A Conference Suites, Upper Ground Floor, 833 Collins Street, Melbourne
Time: 14:00 to 16:00
Meeting: Committee Meeting No: 10
- Andrew Stevens, DSB Chair
- Kate Crous, CBA
- Emma Gray, ANZ
- Mark Perry, Ping Identity
- Ross Sharrott, Moneytree (via WebEx)
- Stuart Stoyan, MoneyPlace
- Jamie Twiss, Westpac
- Mal Webster, Endeavour Bank (via WebEx)
- Viveka Weiley, Choice (via WebEx)
- Andy White, AusPayNet (via WebEx)
- Patrick Wright, NAB
- Warren Bradey, Data61
- James Bligh, Data61
- Rob Hanson, Data61 (via WebEx)
- Stuart Low, Data61 (via WebEx)
- Terri McLachlan, Data61
- Michael Palmyre, Data61 (via WebEx)
- Louis Taborda, Data61
- Stephen Bordignon, ACCC
- Anjelica Paul, OAIC (via WebEx)
- Kathryn Wardell, Treasury (via WebEx)
- Lisa Schutz, Verifier
- Lauren Solomon, CPRC
- John Stanton, Comms Alliance
- Luis Uguina Carrion, Macquarie Bank
The Chair of the Data Standards Body (DSB) opened the meeting and thanked all committee members and observers for attending Meeting No 10. The Chair thanked ANZ for hosting the current meeting.
The Chair noted that Lisa Schutz (Verifier), Lauren Solomon (CPRC), John Stanton (Comms Alliance), Luis Uguina Carrion (Macquarie), Bruce Cooper (ACCC) & Daniel McAuliffe (Treasury) were apologies for this meeting.
The Chair noted that we have received some suggested changes from the committee in regards to the April minutes which will be discussed later in the meeting.
The Chair noted that Kathryn Wardell from Treasury has joined the meeting via WebEx.
The Chair advised that he has a new email address which will be circulated to committee members to update their contacts.
ACTION: Circulate new contact details of the Chair to committee members.
The Chair thanked the Committee Members for their comments and feedback on the Minutes from the 10 April 2019 Advisory Committee Meeting.
In reviewing the April minutes Committee members suggested some clarifications be added which were agreed. It was also agreed that an updated draft of the April minutes be circulated to members for review prior to being uploaded on the DSB website.
ACTION: Circulate the draft April Minutes to committee members for final review.
The Chair noted that the Action Items were either completed or would be covered off in discussion during this meeting.
Further discussion was held as follows.
It was noted that the action item to invite Oakton to a future Advisory Committee meeting is still outstanding as the timing was not quite right. The Chair has suggested that ACCC invite Oakton to the June Advisory Committee Meeting, if that timing is appropriate, to provide a briefing.
ACTION: ACCC to invite Oakton to attend the June or a subsequent Advisory Committee Meeting.
It was noted that in previous discussions, ACCC had indicated it would undertake industry consultation on the Directory design and ACCC confirmed it is intending to proceed with this process towards the end of May 2019.
It was noted that the action item for ACCC presenting on the liability issues is also still outstanding and will be covered off in a future meeting.
It was noted that Andy White has introduced the Chair & Warren Bradey to Payments NZ electronically and that a meeting will be arranged. The Chair will provide an update on the discussions to the committee at the next meeting.
It was noted that Payments NZ have now published V1.0 of their standards and that they are working collaboratively with the banks on the voluntary scheme. It was noted that they are proceeding with payments first and that there are a number of components that they are still considering. The Chair has asked James Bligh to reach out to them to get a view on the differences and their approach prior to the next DSB meeting.
ACTION: Chair to provide an update on the discussions with Payments NZ at the next Advisory Committee Meeting.
ACTION: James Bligh to reach out to Payments NZ and report back to Chair.
Technical Working Group Update
A summary of the progress from the last committee meeting on the Working Groups was provided in the Committee Papers.
The progress update was taken as read.
A further update was provided on the API & Information Security Working streams by James Bligh as follows:
It was noted that good progress has been made over the last month. At this stage, the API stream has closed the feedback period for the decisions relating to API payloads and end points for all the data APIs excluding scheduled payments. These have been circulated to the Advisory Committee members for review and comments, with the feedback period closing on 10 May 2019.
It was noted that all the Information Security proposals are also out for feedback with some closing for comments this week and the remainder closing next week. There have also been discussions through the ABA Working Group to cover matters considered by the parties as commercially sensitive.
It was noted that the next publishing date for a full update is 30 May 2019 although we will continue our practice of continuously updating the site as any revised decisions are made.
It was noted that as at the 30 May 2019, the published standards will effectively be V1.0 of the API & Information Security Standards.
It was noted that after V1.0 is published on the 30 May 2019, we will be holding some workshops to bring people together from the whole ecosystem to review the flow of the standards as a whole.
It was noted that a decision proposal for scheduled payments will be released for normal consultation in the next day or so. This will allow us to incorporate it into the next version of the standards (V1.0). It was also noted that administration and discovery proposals are still outstanding and these will be finalised this week.
A further update was provided on the Engineering Work stream by Stuart Low as follows:
It was noted that the Engineering Working Group has got to the point that it has an initial technical check available for testing the product API’s for both client and server side. This will be combined into an initial conformance suite (live conformance and also static payload). It was noted that a demonstratable video on the CDS Engineering – Sprint 3 Update is now available for viewing.
It was noted the DSB team is providing technical input to the ACCC Directory design team to ensure there is alignment between the Directory and the standards.
ACTION: To circulate the video link to committee members for sharing with their teams.
A further update was provided on the User Experience Work stream by Michael Palmyre as follows:
It was noted that the Phase 2 design and research work has commenced and will further advise on the core requirements for V1 of the CX guidelines. Three different streams of work (Stream 1: Consent Flow v.2; Stream 2: Manage and Revoke; and Stream 2: Authenticate, Notify, Reauthorise) are being conducted for efficiency which will provide a breadth of expertise, ideas and focus on different aspects.
It was noted that we have had the first workshops with those agencies and they are developing prototypes this week. Testing will commence next week in the first round of research. Similar to our previous approach it was noted we will publish those prototypes and the direction they are going within the next week.
It was noted that the agencies engaged are: Greater than Experience (in partnership with ThoughtWorks), GippsTech, and Tobias. Greater than Experience have also been engaged for a short piece of work to leverage their expertise on consent, privacy and trust. They will review and revise the consent flow from Phase 1 and provide the assets as input to the three research elements in Phase 2.
It was noted that we have also wrapped up broad ecosystem feedback on the Phase 2 flows which has also been fed through to the agencies that are doing the work.
It was noted that we have requested contributions to the CX workstreams to enable us to see what other major banks and fintechs are doing. There has been some contribution, although not as much as hoped, but the feedback received has been helpful.
It was noted that the CX workstream will continue to provide updates and will be moving to a centralised location so that we can start publishing decision proposals and/or consultations drafts for proposed guidance on issues such as language etc.
The Chair has requested that Michael Palmyre provide an interim update on the Phase 2 insights, key issues and recommendations at the next Advisory Committee meeting.
ACTION: Michael Palmyre to provide CX Phase 2 interim update at the June Advisory Committee Meeting.
The Chair has also requested that Michael Palmyre work with the other work stream leaders on the implications of how the CX findings will influence what we have already and then provide a complete pack of CX Phase 2 and the implications on the other work streams at the 10 July Advisory Committee Meeting.
ACTION: Michael Palmyre to provide full CX Phase 2 update at the July Advisory Committee Meeting.
ACCC noted the intersection of the rules and directory work with Data61 work streams, including the CX work, and confirmed it is assessing the Data61 outcomes for any impact on its rules and Directory work.
The Chair thanked the team leaders for all the work they are doing and for the innovations they are bringing, like the video of engineering outputs.
Key issues for ongoing review
It was noted that at the last committee meeting, members were asked to identify key priority areas that they considered the committee should focus on going forward. Members provided a list of issues for consideration and it was noted the common themes were:
- consent flows;
- joint accounts;
- closed accounts;
- review of Info Sec Stream; and
- how the test plan strategy will be developed.
It was recommended and agreed that the initial review of these issues be done through the working group steams with input from the specialist teams and then fed back for further discussion by the Advisory Committee. It was also noted that as part of the review process consideration would be given to testing the end to end flows to ensure they operate as expected.
It was suggested that joint accounts and revocation be dealt with earlier and consent flows will be dealt with contemporaneously with the CX Phase 2 work.
The Chair has suggested that we produce a matrix of the issues and their alignment across legislation, rules and standards as part of the review.
ACTION: DSB to produce a matrix of the key issues for the next committee meeting.
A discussion was held on decision rights and the need for clarity. It was noted that only the Chair has decision rights in respect of the standards and that the team will provide more clarity if a decision has been approved by the chair or if it is still in the consultation process.
One member highlighted that there is only a limited amount of work their teams can do until there is certainty as to the legislation and timing of the introduction of the regime. The members indicated it would be important that sufficient time is provided between the legislation being finalised and the data holders building to the requirements, prior to a live implementation.
Kathryn Wardell from Treasury advised that there was no specific update from Treasury at this time, noting it is business as usual whilst they are in caretaker mode prior to the election.
Stephen Bordignon from the ACCC provided an update on the Rules and the Directory status as follows:
In terms of the Directory, the work is continuing with Oakton. It was noted there has been on-going co-design work with Data61 to make sure that there is alignment with the standards. It was confirmed ACCC are developing material to consult on with eco-system participants before the end of May 2019.
In terms of the testing approach, work is underway to develop a test strategy and the aim is to have a document to consult with the eco-system by the end of May. The ACCC noted it is still to determine a testing partner.
ACTION: ACCC to provide the expected timetable including the test regime and the testing partner appointment process at the next committee meeting.
The engineering lead noted that the DSB has built tools and artefacts that will allow ecosystem participants to start testing for conformance. The tools will be progressively improved and expanded over the next week or two. This will enable data holder teams to pick them up and start seeing from a technical perspective what is working and what isn’t as they build to the rules and standards.
The Chair has asked that ACCC reach out to Data61 to have Oakton look at the degree to which those tools can build a foundation for testing and their robustness.
In terms of the rules, it was noted that consultation on the draft released at the end of March closes Friday 10 May 2019.
For the Data Recipient accreditation, ACCC noted they are mainly focussing on developing guidance material on insurance and info security and are targeting to undertake a consultation with the Advisory Committee by the end of May 2019. After this initial review a fuller public consultation will commence by the 2nd week of June 2019.
In terms of the email that was sent by ACCC to the big four banks asking for confirmation (by 15 May 2019) of their intention to proceed with a voluntary implementation of product reference data from 1 July 2019, some members of the Committee suggested that a fuller response would be provided if the response date was delayed for a further week. ACCC agreed to refer this request to the author of the email.
ACTION: ACCC to advise if the feedback period for a response to the potential voluntary implementation of Product Reference Data can be extended post the election.
A discussion was held on how ACCC propose to consult on the registry design. It was noted ACCC are considering adopting a similar approach to that used by the DSB in providing decision proposals on GitHub for comment. It was noted by Committee members that this would be a useful way forward for interested industry participants.
A discussion was held on the technical mechanisms that would enable a nuanced approach to facilitate the temporary suspension of access for organisations accredited in the registry. ACCC noted that there will be a process included for revocation of data recipient accreditation and allowing for a temporary suspension of an accredited recipient from the register. It was noted that the use case for this was around ACCC’s compliance enforcement toolkit.
The Engineering lead noted that from a technical perspective, this is fundamentally around the accreditation of a data recipient and the potential for variations in accreditation based on a product or service being delivered by the data recipient.
It was agreed that given both the Rules and the Standards will be in a V1.0 draft form by the end of May, it would be of value for the Advisory Committee to review the over-arching alignment and application.
ACTION: That an overarching Standards and Rules update be added as an agenda item at the next committee meeting.
The Chair noted that in regards to the renewal of the Advisory Committee membership, he is still awaiting an indication on when energy and other sectors are planned for implementation to determine what changes would be most beneficial to assist the working of the DSB. It was noted the Chair is intending to advise members of the proposed Committee structure going forward prior to the next meeting.
The Chair noted that on the 22 March 2019, the Interim Data Standards Body made a submission on the ACCC consultation paper on energy data access models.
A discussion was held on preparing a briefing for the Treasurer of the next government in relation to the Data Standards Body. It was agreed that it would be beneficial to prepare a brief with the current state of play and some of the issues.
The Chair advised that the next meeting will be held on Wednesday 12 June 2019 from 2pm to 4pm at the Data61 offices in Eveleigh.
Closing and Next Steps
The Chair thanked the Committee Members and Observers for attending the meeting.
Meeting closed at 3:25