Minutes - 9 Nov 2022

Data Standards Advisory Committee, Meeting Minutes

Date: Wednesday 9 November 2022
Location: Held remotely via MS Teams
Time: 10:00 to 12:00
Meeting: Committee Meeting No: 48

Download meeting minutes (PDF 244KB)

Attendees

  • Andrew Stevens, Data Standards Chair
  • Luke Barlow, AEMO
  • Damir Cuca, Basiq
  • Chris Ellis, Finder
  • Prabash Galagedara, Telstra
  • Peter Giles, CHOICE
  • Melinda Green, Energy Australia
  • Chandni Gupta, CPRC
  • Jason Hair, Westpac
  • Rob Hale, Biza
  • D’Arcy Mullamphy, Adatree
  • Lisa Schutz, Verifer
  • Aakash Sembey, Origin Energy
  • Stuart Stoyan, Fintech Advisor & Investor
  • Zipporah Szalay, ANZ
  • Tony Thrassis, Frollo
  • Barry Thomas, DSB
  • James Bligh, DSB
  • Ruth Boughen, DSB
  • Terri McLachlan, DSB
  • Michael Palmyre, DSB
  • Mark Verstege, DSB
  • Paul Franklin, ACCC
  • Vaughn Cotton, ACCC
  • Andre Castaldi, OAIC
  • Elaine Loh, OAIC
  • Linda King, OAIC
  • Glenn Waterson, AGL

    Chair Introduction

    The Data Standards Chair (Chair) opened the meeting and thanked all committee members and observers for attending meeting # 48.

    The Chair acknowledged the traditional owners of the lands upon which they met.  He acknowledged their custodianship of the lands and paid respect to their elders, past, present and those emerging.  He joined the meeting from Cammeraygal lands.

    The Chair noted that it has been another busy month for the Data Standards Body (DSB) with the release of version 1.20.0 of the Consumer Data Standards (CDS) and version 1.19.0 of the CDS support for the Java Artefact suite. 

    The Chair noted that as part of the DSAC refresh some members will be retiring and he thanked them for their inputs and contributions.  The Chair said that we will also welcome some new members with expertise in the consumer and privacy areas who will join the DSAC from the December meeting.   

    The Chair noted that based on community feedback the final DSB Implementation Call in 2022 will be held on 15 December 2022 and recommence on 19 January 2023. 

    The Chair noted that the DSB and Treasury (TSY) will be hosting a Consent Review Workshop on 22 November to consider opportunities to simplify the rules and standards to support a better CDR consumer experience.  He encouraged members to attend. 

    The Chair wanted to thank interns Le Minh Truong and Ethan (Yebin) Ge for all their hard work over the last few months.  They joined the team via the internship program at the University of Melbourne and worked with the engineering team to enhance the DSBs engineering tools.

    The Chair noted that Glenn Waterson (AGL) and Kate O’Rourke (Treasury) were apologies for this meeting. 

    Minutes

    Minutes

    The Chair thanked the DSAC Members for their comments, and last-minute feedback on the Minutes from the 12 October 2022 Advisory Committee meeting. The Minutes were formally accepted.   

    Action Items

    The Chair noted that in regard to the two outstanding Action Items that the DSB would provide an update on how they will engage with banks in relation to cyber security, fraud and breach situations and the preferred priority of consultations.

    The DSB noted in terms of how they will engage with banks in relation to cyber security and fraud breach incidents, that there is a lot of activity going on behind the scenes across government around cyber security for the Consumer Data Right (CDR) and they would need to defer to TSY on this for the time being as it would be inappropriate for them to double up.  However, they said they were actively trying to engage with any source of information which improves their awareness of cybersecurity issues and would welcome any suggestions on fora they could join or channels they should be part of to improve their awareness.

    The Chair noted that they and the DSB have very narrowly defined functions in the CDR.  They said that primarily the DSB advises the Chair, the Chair makes Data Standards, and in that process, can also revise, change, enhance and implement new standards.  They said they have no investigation rights or obligations and no response obligations, and their role was very much secondary to other parties and at this point they’re taking their lead from TSY. 

    The Chair noted that since the recent data breaches, board-level discussions across the country were focussed on topics like access, authorisation and data minimisation which were words he only used to hear in the CDR world.  He said there now appears to be well intentioned and well-designed forward work in relation to InfoSec and other access controls happening as these are now front of mind with directors and businesses country-wide which is a healthy thing. 

    One member asked whether there had been any issues raised by Government, particularly with new Ministers coming in, with regards to Optus and CDR, and was there a bigger focus around that?

    The Chair noted that following the last meeting and the discussion we had around the presentation by Verifier on the “impact that the current approaches to ID have on CDR” he reached out to the Hon Stephen Jones MP’s office and spoke to his advisor, Chloe Andrews to make those links and to offer assistance and input from the DSAC members if needed. 

    One member noted that in terms of the Privacy Act, they are actively involved in the work and they want to implement that as soon as possible.  They noted that there was an opportunity for CDR to play a bigger role around cyber security, customer protection and consent management; bringing all these different elements into a single ecosystem would be very useful for the organisations as well as the customers. 

    The Chair noted that we are all working towards a greater alignment across the system and you can’t have different digital economies; we are building the foundations for a digital economy.

    One member noted that on the CDR front there is an opportunity to position CDR as part of the solution.  He noted that recently some of the larger financial institutions have been saying we should slow down the CDR, but he thinks the opposite.  He said there was an opportunity for the CDR to be part of the solution rather than having some of those larger players leverage it as a question mark/opportunity.

    Another member noted there is an opportunity and a threat.  They said that for Australia’s prosperity and survival we need a good privacy-by-design consented data sharing economy otherwise we will not get anywhere. They also said there is an opportunity for DSAC members who have connections in telco, energy and banking to begin a lobbying process.  This view was echoed by the members.

    Another member noted in light of the heightened level of security and minimising potential exposure, they said if they had more clarity on the intended or allowable usage, it would help reduce the amount of data that’s flowing across different systems, and they would like to see more clarity on what is allowed versus what it isn’t. 

    The member also noted that Services NSW are working on some identity solution and how it’s going to include consent management, opt in, data minimisation and the ability for the consumers to interact with consent with what they want or don’t want to share.  They said there was an opportunity for the CDR to step in, and asked if rather than having different systems if we could put it under one?

    The Chair noted that as there is no TSY representative at the meeting today, but this would be passed onto them. 

    ACTION:  DSB to pass details of Services NSW working on identity solution to TSY

    One member noted that in terms of the discussion on cyber, that the CDR could help on two parts; the data holder (DH) side and also the access to the data being from a recipient.  But they said security for DHs was also a separate topic where it doesn’t get solved necessarily by all of CDR.

    The Chair noted that a lot of people are focussed on incident response and communication. He noted that there needs to be balance, which is important, with the prevention part in responding to the threat environment. He noted that the risk management framework¸ threat work and mitigation is where the priority should be. 

    The Chair noted that in terms of the preferred priority of consultations, the DSB provided an updated as follows:

    The DSB noted that they have updated the Future Plan for the DSB.  For the period of Jan-Mar 2023 they have not populated as yet as they wanted an initial conversation with the DSAC.  They said they had quite a lot to do in the Oct-Dec 22 period, especially for the CX Team but most of the items are either “business as usual” or “engineering”.  They said they were not looking for prioritisation on those but more on the Backlog, which are items that have been raised by the DSB or the community around enhancing the regime.  They said they needed advice from the DSAC on the prioritisation of these items as the community would not be able to provide enough consultation brain space on these items all at once.

    The DSB noted that there are three major themes on the work that is being proposed which are:

    • Preparation for Action Initiation (AI)
    • Operations
    • API amendments

    The DSB asked of those three themes, should we be doing it evenly or biased towards one and how as a group can we provide ongoing feedback?

    One member suggested more evenly targeting key things that are easy and quick, but they needed to be guided by the DSB. 

    Another member said that this sounded like a demand model and ask if the DSB had a supply mode and how much can their team do?

    The DSB responded that they didn’t have a supply model at the moment as they were trying to groom the backlog and then they could determine their iteration planning. Not having a supply model is not because they don’t know what the team can do, it’s because its more about what the community can bear. 

    The member suggests it might be worth having a loose supply model, so they can have a good understanding of what they are able to get through during a month or a quarter.  The member said they would be happy to input into a supply model if required.

    Another member noted that they see this as a two-by-two matrix; things that are complex to implement on one axis and things low/high and things that will unblock a lot of data usage low/high.  No regrets is more clarity on insights because that will affect telco and energy as one of the gaps is usage as an insight for instance solving that will unblock a lot of usage and that’s low technically and high use. Another one that is medium use but high technically and important for telco and energy there is a lot of activity with brokers who have for commercial customers, letters of authority for multiple meters or mobile accounts etc., there is a big question how that is catered in the authorisation. 

    Another member noted that it is not so much as what were the main priorities but what were our core levers and acknowledge what stage we were up to as a body.  Without this kind of framework it will be hard to decide what’s important.  They also noted that supporting the ADRs should take priority. 

    One member suggested it would be good understand the work that TSY was doing on benefits realisation so the DSB had a good indication of what TSY were looking to measure and how these different priorities fed into that.  They also suggested the DSB should also be prioritising the different issues based on what’s going to be easiest but also what can be done discreetly as DSB item versus what’s going to require greater cross agency collaboration.

    One member also noted the TSY benefits realisation work and suggested this was going to help understand the relative impact of the DSB’s work and drive those benefits.  They suggested assessing ease vs impact in terms of prioritisation, and trying to unblock as much as possible to enable uptake and progress of the ecosystem.

    Another member noted that they are all important, “AI” isn’t urgent as yet, so a principle based is important early.  But they noted that “operations” is critical, especially with energy coming along.  They also said that in the absence of an implementation entity for the CDR, this is the only way to tackle operational matters as they arise.

    The Chair then asked the Energy members for an update on how they were going with the energy go live. 

    One Energy member noted that they have an exemption from the Australian Competition & Consumer Commission (ACCC) for go live.

    Another Energy member noted they officially went “go-live” that morning – earlier than the compliance date of 15 November 2022.  They thanked the ACCC onboarding team who were very supportive throughout the process.

    The Chair congratulated the Energy member for successfully going live.  He also asked the DSB, based on the feedback provided today, to come up with a prioritisation framework and present back to the DSAC.

    ACTION:  DSB to present a prioritisation framework to the DSAC at the December meeting

    Working Group Update

    A summary of progress since the last DSAC meeting on the Working Groups was provided and these DSAC Papers were taken as read.

    Technical Working Group Update

    The update was provided on the Technical Working Group by James Bligh as follows:

    The DSB noted that they had been very busy with supporting energy going live and also complex accounts and secondary users for the banking sector.  They have been focussed on supporting the maintenance iteration process and urgent requests that are coming up for implementation.  The DSB said they were pleased to hear the news that the first energy retailer had gone live and also that Australian Energy Regulator (AER) went live with the Product Reference Data (PRD) information for energy last month.  

    The DSB published version 1.19.0 which incorporated the Maintenance Iteration 12 outcomes including the draft API standards for telco.  They said a holistic thread had been opened up for feedback and they would move into candidate status in the near future. They expected the telco standards to evolve considerably as they had not had as much feedback as they would have liked, however, this was not a complex designation as most of the stuff in the telco standards was ground that has been trodden before. 

    The DSB noted that they were starting to wind down their consultations coming up to the Christmas period and preparing for the next quarter.  They noted that the InfoSec report was being reviewed internally and would be circulated for consultation shortly. 

    The Chair asked DSAC members to reach out to their networks to encourage other telco organisations to contribute to discussions as they were now well advanced but further input was required. 

    One member asked what NBN’s position was on the Rules/Standards because they would have a fair bit of insight around this. 

    The Chair noted that NBN have been a DSAC member previously and that NBN was only tangentially touched by the designation as a lot of the data clusters are retail oriented.

    The DSB noted that they had seen success in energy and banking for feedback through the help and support of industry bodies like Australian Banking Association (ABA) and Customer Owned Banking Association (COBA) in banking and Australian Energy Council (AEC) in energy. The DSB said they haven’t been able to get the same traction with CommsAlliance to date, and that’s something that could help.

    Consumer Experience (CX) Working Group Update

    A further update was provided on the CX Working Group by Michael Palmyre as follows:

    The DSB noted that research on the CX of Authentication was continuing, and a round of research on app-to-app authentication had concluded, and a further research was planned on alternative approaches to authentication and preliminary insights and considerations are being consolidated as part of the planned authentication uplift work.

    The DSB noted that they are planning to publish an accessibility report outlining recommendations for an uplift of the accessibility standards, and a response to these recommendations is also being developed to commence consultation on the accessibility uplift.

    The DSB noted that they were working closely with TSY while progressing the development of a v5 Rules Noting Paper to outline anticipated standards impacts and positions. They said this would be published on GitHub for the community to review, but preliminary views are welcome in the Noting Paper (NP) 276 placeholder. They said the NP was expected to outline areas that may require standards amendments, such as CX standards for business consumer disclosure notifications and business consumer statements. They said the paper would not cover telco standards, which were already being consulted on separately.

    The DSB said they had been working closely with TSY and ACCC in relation to a number of secondary user queries that were raised by CDR participants on the Implementation Call about implementing the functionality required by rule 1.15(5)(b)(i) and 4.6A(a)(ii) following recent clarifications published in the Ceasing Secondary User Sharing article. They said this was beyond the DSBs scope but they have been working with ACCC and TSY on the best way for stakeholders to escalate this issue. 

    The DSB said they had finalised the second version of Decision Proposal (DP) 267, which would be published for consultation in November. They said a special edition of the Implementation Call was held on 27 October, where the proposed telecommunications standards were discussed with a range of telco stakeholders in order to inform their feedback on the final standards proposals. They said the proposals in DP267 would consider feedback from this workshop.

    The DSB said they were holding a Consent Review workshop on 22 November to consider opportunities to simplify the Rules and Standards in order to support a better CDR consumer experience while maintaining key consumer protections. They said an accompanying Noting Paper would be available on GitHub (see Noting Paper (NP) 273), and that the workshop was capped at 100 pax.

    One member asked because the workshop was capped at 100 pax, from a consumer representative side was there anything in particular they should focus on and/or bring to the table?  They also asked what was the timing for the release the NP 273?

    The DSB noted that they didn’t have a date for the release of NP 273 but it would be before the workshop and open for feedback for a couple of weeks, they also noted this would not be the only point of engagement for consultation on this topic.

    The DSB noted that in terms of what they should be focussing on with these intended changes would be the tension with respect to the consent flow between the need to support informed consent without introducing too much cognitive load; interaction; consent fatigue; and anything in the 4.11 Rules. 

    One member noted that how the workshop is framed would impact the feedback received and most people attending would be sitting in a prescription model trying to work back.  They said their starting position would be, “if not principles, why not?”

    Another member noted that part of the cognitive load issue was that the CDR Policy had to happen with consent.  He noted that everything was becoming additive and there needed to be a look at what the situation was today with all the consents versus what was needed to do. 

    Another member agreed with the CDR policy expanding, particularly in relation to CDR representatives and other affiliated parties, which need to be added in, but which didn’t necessarily make sense to the consumer.  On the idea of reducing prescription, they said they agreed that this was a good idea particularly for ADRs who were looking to implement in a way that was more principles based.  They said there was merit in considering what the benefits were of some prescriptiveness in how the implementation goes for DHs so consumers had a consistent experience.  They said this might help in the implementation process having more prescriptive guidelines about what explicitly needs to be included for DHs to meet their obligations, as opposed to trying to provide a new consent flow process as an ADR. 

    Another member noted that they had some feedback from their customers on what their consumers were saying when they contacted institutions including that one bank would never support sharing of customer data with third party organisations; another bank’s policy position was that they don’t support third part apps; another bank said that they didn’t support third parties; and a particular ADR was not eligible even though they are an on the ADR register etc.  They said these were some of the things that end consumers were currently seeing. 

    The member noted that the CDR needs to work out how to get the DHs to communicate the appropriate messages to end consumers. 

    The Chair asked the ACCC if it would be useful for the member to send the feedback to them for follow up.  The ACCC agreed it would. 

    ACTION:  Members to send feedback from end users on their experiences to ACCC

    One member noted that there was a tension between consistency with what they see in the ADRs across consent to keep it simple.  They said there was a benefit of having consistent language so the consumer knows they’re in the guardrails of a safe CDR, and that the education piece from TSY was important.

    The Chair noted that there was a challenge in what we were doing as everyone would love to be principled based but if you’re principled based you would end up with some variation at the consumer level so in some ways, we would need to do both. 

    The Chair asked one member in the light of what’s happened on the sensitivity of data, have the call centre operatives had their scripts updated for the fact that unless it is an ADR under the CDR, they would not share your data. 

    A number of members confirmed that the language in their scripts had been updated.  They did note that the context that the customer explains things sometimes was not clear, and the call agent would tend to err on the side of caution. 

    One member noted that they were quite comfortable with the progress the big four banks had made with the support in call centres.  They said it did fall down a little when their brands came on board which needed a little more work, and that the non-majors were further behind. 

    The member noted that customers usually raised issues with the ADR first, and if there was something they could give, as an ADR, to the customer if they needed to go back to the bank, then they would be happy to receive this.

    They also noted that in terms of principles it would be good to understand going into the workshops the principles of the rule makers when consents are concerned was important because they were going to make some principles up, and there are already principles that rule makers adopted for consents.

    In addition, the member noted when a consent was made in a lending scenario for example, with multiple banks, the consumer needed to consent to multiple banks to collect their data.  They said the consumer ends up with consents/receipts which outline the consent they’ve given twice (one for DH and one from ADR). They said this was another aspect of the consent flow that was producing volumes of information. 

    The DSB noted that at the workshop they would be sharing the Principles used by the Consent Review Working Group which had guided the analysis and that would be the reference point of what could be simplified, why and what it needed to uphold.  They noted the point on the original rationale for the rules.

    The DSB noted that on consent and CDR receipts the member’s view was a valid one, and ADRs provides a receipt.  They said DHs were not required to provide CDR receipts, it is optional, but in a read access environment it may be of limited value, however, for AI there was increased importance because what you authorise was an action that may actually trigger a whole bunch of different events, so by having that kind of record from a DH, is anticipating some of the needs that may emerge with AI.

    One member noted that they think the CDR had over-engineered the consent, and the prescription of it, as a proxy for trust.  They invited the committee to pull back from that and look at what we want.  We want recognition of the CDR as a high trust way to get consumer data and we want some ways to get that no matter how as a consumer you’re dealing with it.  They said trust does not necessarily get created by unbundled, very unpacked consent.

    One member noted we have relied on consent so much and one of the reasons’ is that we don’t have great safeguards in the Privacy Act.  They said once we harmonise the ecosystems and don’t have an ecosystem within a digital ecosystem, we would be able to get those things more clarified. They said with the Privacy Review coming up, we needed to make sure that the baseline safeguards are set, and then we would not need to rely on consent as much. 

    The Chair noted that on TSYs communication plan, the work that was going on and the priorities, principles and the prescriptions that go with that are one thing, but in the light of the recent breaches and the heightened sensitivities at this point, TSY had been waiting for the right time to communicate the CDR program and promoting its use.  They said it seemed that something was different now, we had a second message to use the CDR because it has “ABC” protections, but the real one was what the CDR offers.  He noted that there was a need for communication and guidance and waiting for the communication program as a whole may not be the right thing to do.  He said he would reach out to TSY in regard to this.

    Stakeholder Engagement

    A summary of stakeholder engagement including upcoming workshops, weekly meetings and the maintenance iteration cycle was provided in the DSAC Papers, which were taken as read. 

    Issues Raised by Members

    The Chair thanked all members who had tabled discussion items.  

    Presentation by Biza

    Rob Hale from Biza presented on three issues as follows: 

    1. Data Holder Production Verification Testing (PVT) in new sectors

    Hale noted that CDR participants typically create accounts with banks in order to undertake PVT. As the DHs have an obligation to publish data they need an ADR application to test those services.  ADRs need DH accounts to make sure the ADR’s CDR solution is working.  So this is typically done by creating accounts with banks. These are legitimate consumer bank accounts, used for testing purposes. 

    With energy going live this creates a challenge as there is currently no ADR application available and even if there was, participants aren’t able to create test Energy accounts that would result in the installation of multiple electricity meters on their houses. 

    Hale noted that this challenge was resurfacing the API metrics discussion we had some time ago and the suggestion that legislation may be required to mandate that DHs provide test accounts for ADRs and other interested parties to use. 

    2. Potential NFR issue with Secondary DHs

    Hale noted that prior to Energy coming online, an ADR would request CDR data from a DHs systems, but with energy if we need Standing, Usage or DER data that request must go to a secondary DH (currently AEMO).  This requires an additional hop to send service point data and return corresponding NMI data. 

    Hale noted that at present, an initial service point call is taking around 6 seconds and thereafter around 1.5 seconds and that this is without CDR load.  He noted that this would need to be monitored closely because the concern was that under load, when waiting for all these responses for ADR requests, there could be a negative impact on other requests from other ADRs as we only have so much capacity to handle so many in flight requests. He did note that there were provisions in the rules to reject requests if it’s going to degrade performance of the ecosystem but we would prefer not to use that ability.

    3. Withdrawal of Secondary User by Account Holder for a specified Accredited Person (Rule 1.15(5)(b)(i)

    Hale noted that the rules stated the account holders should be able to block secondary user sharing for a specific accredited person.  This had cascading ramifications for intermediaries, Reps, multi-brand ADRs and multi software product ADRs and it was technically not possible to do this for a Sponsored Affiliate.

    Hale noted that Biza had put in a submission into ACCC and TSY outlining the issues as they see them and suggesting some methods to overcome those.  They wanted to be fully compliant with the rules but currently the ambiguity is making it troublesome for participants to categorically state that they are in this area. 

    The Chair asked on the NFR issue, what was the mix between NFR compliance and CX impact they saw or was it both? 

    Hale noted that there is a risk of tripping over the NFRs because the requested data cannot be obtained from the secondary DH in the required time. This means they may be effectively buffering those requests. Ultimately there is a limit in terms of how many inflight requests can be held in this manner.

    One member noted that the first problem was ideally solved by making sure we created as smooth ecosystem as possible.  They said when they looked at it from an ACCC perspective, they were sitting on a lot of metrics and information that would be beneficial to ACCC in terms of whether compliance was happening or not.  They said they were proactively looking at creating reports and providing them to the ACCC and recommended that other ADRs did similarly. 

    The member noted that in terms of PVT testing, they had resorted to developing sample applications and creating and registering test accounts which were real live bank accounts, that they used to simulate and conduct the actual tests. They said the pros with this was that they got the full ecosystem cycle.

    Hale noted that recreating a consumer’s issue was often challenging and then even determining if it’s working after you’ve made some corrective action was challenging too, which was not good for the consumer and the ecosystem.

    One observer asked about the visibility of the production data and whether it provided an opportunity to resolve some of the issues that got raised about data quality, because if there was a way for the regulators to have more visibility of the data that’s being shared in the ecosystem than that could help alleviate some of the concerns about issues being raised and not necessarily be traced back to a defined cause but reliance on ADRs to provide reports rather than hands on investigations by the regulators.

    AEMO noted that in energy they do have non-production environments that they used in the shared energy ecosystem with third parties so there was a precedent for dummy NMIs.  They said in their non-production environment they had a raft of data sets available from the work they did with the AER and Energy Made Easy (EME) so there were certainly things they could do to take the cost and complexity out of it.  

    The Chair acknowledged AEMOs progress in the energy go live and thanked them for all the great work.

    AEMO noted that they were now live and they had the South Australian legislation come through last week which supported them being involved. 

    One member noted that pre-production data reflected some actual customer data so we needed to make the effort to ensure that it was dummy data.

    Another member wanted to acknowledge that PVT was an important step and we needed to figure it out. 

    Treasury Update

    The DSB noted that on the secondary user data sharing issue, while resolution may involve standards at some point, but at the moment it was very much a question with TSY as it’s a rule question, which they were considering.

    Barry Thomas, from the DSB provided an update on behalf of Treasury as follows: 

    TSY thanked all DSAC members who had contributed to the most recent CDR consultations, including on AI, extending the CDR to telecommunications and operational enhancements to the CDR rules.

    TSY were working through the submissions to provide advice to the Minister and aimed to finalise the AI bill for introduction in Parliament and the revised CDR rules soon.

    TSY noted that for the non-bank lending designation, they were expecting to be able to provide an update on that shortly and the next step would be to issue a rules and standards design paper for the community to consider.

    ACCC Update

    Paul Franklin, Executive General Manager ACCC CDR Division provided an update as follows:

    ACCC noted that the preparation and onboarding for energy data sharing had been a major focus and they were delighted to have heard the news about Origin Energy had been activated as our first DH.

    ACCC noted in collaboration with the Incident Management, Data Quality, and Ecosystem Performance Working Group, the Technical Operations team had evaluated feedback and delivered a series of changes to the Service Management Portal to improve the Incident Management Tool Set.  The changes would enhance the incident management resolution process by categorising incidents and their progress more precisely and include:

    • Identified issues that incident categories needed to be reviewed to better align with the issues raised
    • Refined the existing data quality subcategories to avoid ambiguity
    • Introduced new customer fields to better identify the API or end point impacted by the incident
    • Modified incident management workflow and removed the fixed state in the workflow
    • Added instructions into the incident management portal and updated the Incident Management Guide

    ACCC had also considered the proposal for Service Level objectives, which were being reviewed by the Working Group. 

    ACCC noted that 57 DHs had notified them of noncompliance with the ceasing of data sharing rules.  They had previously written to participants to ask them about their expectation about those rules and they’ve indicated that there was some room for clarifications between the rules and standards.  They proposed not to take any regulatory action in the short term until they get more clarity.

    ACCC noted that there was some obligations that commenced on the 1 November for banking DHs. 8 DHs have indicated they had gaps in their solutions of which 6 have reported delayed delivery of functionality required on the 1 November. 

    ACCC noted that in terms of the transaction per second throughput they had introduced Basiq to some of the major banks, as well as conversations directly with some of the banks, and bilaterally agreeing to higher throughput.

    Meeting Schedule

    The Chair advised that the next meeting will be held remotely on Wednesday 14 December 2022 from 10am to 12pm. 

    Other Business

    The Chaired once again thanked the retiring members and looks forward to welcoming the new committee members at the December meeting.

    The Chair noted that he will be reaching out to Minister Jones advisor, Chloe Andrews to invite the Minister to our December meeting.  

    Closing and Next Steps

    The Chair thanked the DSAC Members and Observers for attending the meeting.  

    Meeting closed at 11:59