Minutes - 13 Jul 2022

Data Standards Advisory Committee, Meeting Minutes

Date: Wednesday 13 July 2022
Location: Held remotely via WebEx
Time: 10:00 to 12:00
Meeting: Committee Meeting No: 44

Download meeting minutes (PDF 237KB)

Attendees

  • Andrew Stevens, Data Standards Chair
  • Peter Giles, CHOICE
  • Melinda Green, Energy Australia
  • Chandni Gupta, CPRC
  • Joanna Gurry, NAB
  • Jason Chair, Wesptac
  • Rob Hale, TrueLayer
  • Richard Hough, ANZ
  • Lisa Schutz, Verifer
  • Aakash Sembey, Origin Energy
  • Stuart Stoyan, Fintech Advisor & Investor
  • Tony Thrassis, Frollo
  • Glenn Waterson, AGL
  • Barry Thomas, DSB
  • James Bligh, DSB
  • Ruth Boughen, DSB
  • Rob Hanson, DSB
  • Terri McLachlan, DSB
  • Michael Palmyre, DSB
  • Mark Verstege, DSB
  • Paul Franklin, ACCC
  • Sophia Collins, OAIC
  • Emily Martin, Treasury
  • Kate O’Rourke, Treasury
  • Belinda Robertson, Treasury
  • Phil Schofield, Treasury
  • Todd Heather, Value Management Consulting
  • Sally Mainsbridge, Value Management Consulting
  • Luke Barlow, AEMO
  • Jill Berry, Adatree
  • Damir Cuca, Basiq
  • Chris Ellis, Finder

Chair Introduction

The Data Standards Chair (Chair) opened the meeting and thanked all committee members and observers for attending meeting # 44.

The Chair acknowledged the traditional owners of the land which in his case was the Cammeraygal people.  He acknowledged their custodianship of the land and paid respect to their elders, past, present and those who are emerging. 

The Chair noted that the DSB had published two Decision Proposal for the telecommunication sector - Decision Proposal 256 – Telco Endpoints and Decision Proposal 257 – Customer Data Payloads for Telco, and that Maintenance Iteration # 11 is nearing conclusion. 

The Chair also noted there were three Noting Papers available for review on GitHub – Noting Paper 248 – Energy PRD, Noting Paper 255 – Approach to Telco Sector Standards and Noting Paper 258 – Independent Information Security Review.  With respect to the assessment of the InfoSec profile in the Data Standards, and the future directions the Chair noted it was a good time to have this reviewed again. 

The Chair noted that Joanna Gurry is stepping down from the Data Standards Advisory Committee (DSAC) as she has recently departed NBN and joined National Australia Bank (NAB) as the Executive of Data Delivery.  He acknowledged Jo’s contributions to this DSAC and the Consumer Data Right (CDR). He hoped to keep in touch and wished her well. 

Joanna Gurry thanked the Chair for having her on the DSAC and noted that it has been great to follow the developments and the really difficult technical work. Gurry said it has been great to be able to contribute over the last couple of years and work with the committee. 

The Chair said farewell to Ivan Hosgood, the DSB’s Solution Architect who was responsible for the Register Standards.  The Chair said Ivan was heading to France with his partner, to learn the language, explore the history, culture, food and wine.  The Chair expressed hope that Ivan will continue to contribute to Data Standards consultations via GitHub and acknowledged his contributions at the DSB and the ACCC. 

The Chair noted that Luke Barlow (AEMO), Jill Berry (Adatree), Damir Cucua (Basiq) and Chris Ellis (Finder) are apologies for this meeting. 

Minutes

Minutes

The Chair thanked the DSAC Members for their comments, and last-minute feedback on the Minutes from the 9 June 2022 Advisory Committee meeting. 

The Chair noted the DSB would incorporate any last-minute feedback from the committee and circulate again for review. 

ACTION:  DSB to circulate the updated minutes to committee for final feedback

Action Items

The Chair noted that Treasury (TSY) had an Action Item to provide an update on the Consumer Campaign and asked if they can provide that as part of their regular update.

The Chair noted that ACCC provided some information on the Incident Management Working Group at the Implementation Advisory Committee on the Monday before the DSAC meeting and invited the ACCC to provide a further update as part of their regular DSAC update.

The Chair also asked members to reach out to the ACCC or DSB, if they are interested in joining this Working Group. 

The Chair noted that in response to the Action Item on benefits realisation and success measures, that Todd Heather and Sally Mainsbridge from Value Management Consulting (VMC) had been engaged by TSY to conduct the piece of work and they will be joining us today to present on this topic. 

Working Group Update

A summary of progress since the last DSAC meeting on the Working Groups was provided, and these DSAC Papers were taken as read.

Technical Working Group Update

The update was provided on the Technical Working Group by James Bligh and Mark Verstege as follows: 

The DSB noted that there has been a couple of issues that have arisen around energy. One being around closed accounts which is a different scenario to banking as it is less understood and it has implications for what’s being going on with the secondary data holders’ concept with Australian Energy Market Operator (AEMO).  The DSB said there was a Decision Proposal (DP) being raised on this matter in order to close out the gaps for schema, instead of using the maintenance iteration process.

The DSB noted the other issues in Energy articulated in Noting Paper 248 – Energy PRD.  Feedback on this topic had been received on GitHub. 

One member asked if the DSB can expand on the related closed account issue. 

The DSB noted that the Rules for closed accounts in energy was slightly different to what it was for banking. In banking, there was a requirement to continue to provide details on closed accounts and to provide transactions for a certain amount of time, which was accommodated in the Data Standards and schemas.  The DSB noted that Rules for closed accounts in the energy sector are slightly different in that there was guidance on certain data sets no longer being required if an account is closed.  The DSB noted that there would be an initial expectation that a closed account would be still eligible for CDR data requests, particularly for retail consumers which would be a very unlikely scenario, but for commercial and industrial (C&I) customers this would be very likely.

The DSB noted that the feedback on GitHub is that the schemas don’t allow schema compliance unless Data Holders (DH) supply non-required data for closed accounts.  The DSB noted that we don’t have an “is closed” flag, so an Accredited Data Recipient (ADR) can’t read through the list and determine that an account is closed and therefore the Data Standards cannot put conditionality on specific data fields. The DSB noted that the DP was about closing that gap, especially because it was very close to November, and because the DSB doesn’t think this was an issue for retailer consumers, but they noted they’re open to the idea of tying a future data obligation to the C&I dates next year as their understanding is that it would most likely be an issue for retailers. 

The same member asked if a closed account is a non-current account or is there some other distinction?

The DSB noted the closed account is a scenario where the customer still had an open account but they had a previous account that was closed.  They further noted that in a retail scenario this was unusual, but for C&I it is a likely situation where somebody had 15 current locations, with one closed.

The DSB noted at the last meeting an issue was raised as urgent around transition arrangements for CDR revocation endpoint hosted by ADRs.  The DSB thanked everyone for contributing feedback, which the DSB had mostly incorporated, with the exception of some feedback from the ADRs as they were still considering the impact to DHs and making sure ADRs were accommodated during that extended transition.  The DSB noted the change would go into the version 1.18.0 release.

The DSB noted that an Independent Health Check was conducted by Thinking Cyber Security, which was made available last week.  They noted the Health Check may not have incorporated everything the ecosystem was expecting, but hopefully it would facilitate discussion going forward.  They noted the Health Check covered a lot of ground and is extremely detailed. The DSB invited feedback around what other aspects may need to be considered.  They also noted that these Health Checks are not intended to be static.   

The DSB noted that AEMO has been running a series of workshops related to changes to the Market Settlement and Transfer Solutions (MSATS) in order to support customers that had recently switched by making their historic usage data available. The DSB noted a number of concerns were raised, not with the MSTATS solution, but with the ancillary processes around confirming that a customer, during a move-in – move-out, is the current customer.  The DSB said they were asked to host a workshop in order to look at those issues in the CDR space, and to help AEMO determine whether they can make that change to MSATS and give energy retailers comfort that they could then support that change. 

Consumer Experience (CX) Working Group Update

A further update was provided on the CX Working Group by Michael Palmyre as follows: 

The DSB noted it had been another busy month with the regular activities, CX artefacts releases and minor revisions and general updates. 

The DSB noted that some of the key pieces of work were around authentication research.  In terms of the Independent Health Check, the DSB noted they had started piloting some CX research for different approaches to authentication.    

The DSB noted they were also refining the CX metrics which they use in their research, and that this work would be made public shortly.

The DSB noted that they are planning some research for data language standards for the Telco sector, and there was a DP in the works.  The DSB noted that there was a change proposed as part of Maintenance Iteration 11 (MI11) in order to treat customer data language clusters as sector agnostic which was consistent with the CX principles and the technical standards.   

The DSB noted that there are a couple of other changes related to energy that have come out of MI 11. The scheduled payments scope was revisited which highlighted some misalignment between the CX standards and what’s actually shareable in that authorisation scope.  There will also be some change requests that they will be included in MI 12 for consultation. 

The DSB noted in terms of the Accessibility project that had been conducted by PwC’s Indigenous Consulting (PIC) and the Centre for Inclusive Design that the first report was published last week, and it was a great survey of the landscape around accessibility and related legal obligations. The DSB note three key recommendations from the report:

  1. More extensive and active incorporation of the Web Content Accessibility Guidelines (WCAG), including into the Data Standards and related products;
  2. An independent Data Standards Design System be developed that was focused on the needs of data sharing and consent models, and that could, if appropriate, support consistent, accessible, and inclusive data sharing methods across the economy; and
  3. A scoping study be conducted into the development of a Usability and Inclusivity framework.

The DSB noted that in the coming weeks the project’s final report, including the complete list of recommendations, would be available.  The DSB plan to publish a response to the complete list of recommendations as they expect it may trigger some changes relating to CX Data Standards for Accessibility.

One member asked whether there was any way to get visibility of the CX Working Group activities around the authentication work.

The DSB noted that was in the quarterly plan at a high level, and when they get to the first round of an alternative authentication approach, they would publish a brief and seek feedback.

One member noted that in terms of CX metrics and the metrics associated with authentication consents they would like to shine a light on consent.

The DSB noted that they had existing CX research, which informed CX Data Standards development, guidelines developments, but they were not collecting CX research from live implementations.  The DSB noted they had been refining authentication, which they feel would then be more appropriate to metrics like trustworthiness, informed consent etc.  They noted that they would also publish this work and seek feedback.

The Chair noted that yesterday the DSB meet with Gayle Milnes, the National Data Commissioner and her team at the Office of the National Data Commissioner (ONDC) and he invited Barry Thomas, the General Manager of the DSB to provide an update.   

Thomas noted they had a very productive meeting with ONDC who are in a world of creating the framework for their form of data sharing.  The ONDC data sharing regime is quite different to what we’re doing, there about sharing government data with a lot less scope for payload standardisation in the form that we do and a lot of the exchanges will tend to be more bespoke, because they’re very specific data sets.  That said, there is a great deal that they could benefit from the CDR’s Data Standard’s approach to data security, InfoSec and API standardisation.  

Thomas also noted there was an acknowledgement that when the ONDC was dealing with consumer data, they would have to address the consent issue, which is a challenging problem due to the size of the data sets that they would be often working with.

Thomas noted that there were lots of opportunities for the DSB and ONDC to work together and everyone was conscious that it was in the country’s best interest that this was done in a joined-up fashion.  He noted that if they were running down their own path to solve these problems in parallel, but different way to the way we are, it would create a lot of friction which would benefit no one.  He noted that this collaboration was in its early days, with a lot more work to do, but it was a very productive and positive meeting - a real meeting of minds and its neat fit of what we’ve done and what they need.  He hopes to get a lot of constructive outcomes from that, and in particular for people providing services into the data sharing space because we’ll be able to have a lot more standardisation to enable vendors to service both markets.

The Chair noted that scope of the ONDC includes trying to catalogue and understand the data sets that would potentially be shared, right through to the accreditation arrangements.  The Chair noted they did mention to the ONDC that accreditation was an ACCC responsibility and the ONDC may wish to reach out to ACCC around the accreditation standards.  He noted that ONDC are still at the legislation and policy interpretation end of the Data Availability and Transparency (DAT) Act implementation and it was an open and productive meeting. 

One member noted that they are interested to see the ONDC’s scope because when they had their information last session, the ONDC were trying to solve inter-government agency data sharing, and the ONDC were going to look at extending their implementation beyond that.  The member expressed concern that federal government needed to expedite this implementation because they met with Services NSW last week who was looking at running ahead in being able to share government data. The member clarified that they were concerned that there would be a fragmented government data sharing model that’s not facilitated by the federal government and aggregators or integrators into those data sets is going to be incredibly costly and challenging to integrate.

The Chair agreed that the member had made a good point, and there could be an integrated State and Federal model here but it would have to be influenced rather than controlled. He then said he would raise this next time he meets with ONDC on their proposed work with the States, given that as this stage agencies can be accredited users, but also under different models.  

Stakeholder Engagement

A summary of stakeholder engagement including upcoming workshops, weekly meetings and the maintenance iteration cycle was provided in the DSAC Papers, which were taken as read. 

Issues Raised by Members

The Chair thanked all members who had tabled discussion items.  

A member had raised a discussion item about the process for enabling a business account to be eligible for data sharing.  The Chair invited Treasury (TSY) and the Australian Competition and Consumer Commission (ACCC) to provide an update in relation to this as part of their regular updates.   

Treasury Update

Kate O’Rourke, First Assistant Secretary CDR Division, TSY provided an update as follows:

TSY noted that the Hon Stephen Jones MP (Assistant Treasurer and Minister for Financial Services) is getting up and running with CDR issues. 

TSY noted that issues are being raised in relation to the CDR roll-out to the energy sector in the lead up to the October and November compliance dates, including at the July CDR Implementation Advisory Committee (CDR IAC) meeting.  Treasury is scheduling additional, energy specific, Implementation Advisory Committee on alternative fortnights to the CDR IAC to ensure common issues that require input from all the CDR agencies are able to be resolved as quickly as possible.   

TSY noted that there has been continued work in relation to the Telco sector, action initiation and payment initiation at the framework level, open finance with a focus on non-bank lending (NBL) and supporting the finalisation of the Statutory Review by Elizabeth Kelly. 

TSY noted that following the review of the CDR Rules last year, they are continuing to think about CDR consents and are also considering possible government data sets for future extension of the CDR following the Strategic Assessment. 

TSY noted the importance of business data flowing effectively.  TSY noted that the ACCC is at an inquiry stage of the issue of nominations of authorised representatives for business data accounts, and that TSY is staying close to it in case there’s a question around whether the Rules are fit for purpose. 

One member asked, in regard to the nominated business representatives’ issue, if it was more particular to banking because energy is grappling with some issues in that field?

TSY noted that the nominated business representatives’ issue was raised around how the four big banks had done it so far under the existing Rules.  TSY said they were, however, happy to talk about how this may apply in the energy sector offline and will reach out to the member.

ACTION:  TSY to reach out to the member to discuss the nominated business representatives’ issue in the banking sector and the energy sector.

The DSB recommended the major energy retailers got involved so they could understand the discussion as the issues raised are on the DH side, and the internal processes of how they manage data sharing permissions, which is equally applicable to energy retailers when the C&I obligations come in.

One member asked whether there are any plans to release the findings from the Gateway Review that took place in April. 

TSY noted that this Review was initiated by the Department of Finance and they do this for all programs where the government IT spend is over a certain amount, but unfortunately the Department of Finance does not publish those findings.  TSY said they would reach out to the member to see if their specific aspects that they could follow up on their behalf. 

ACTION:  TSY to reach out to member about the findings from the Gateway Review

Presentation on benefits and outcomes framework for the CDR Program

Bel Robertson, Treasury Assistant Secretary, who has the responsibility of the Program Management Office Function for the CDR Program, introduced presenters Todd Heather and Sally Mainsbridge from the Value Management Consultants (VMC). TSY noted that VMC have been engaged to lead the work for the CDR Program on benefits and outcomes.

TSY noted that VMC is currently running Stage 2 of the project and they would be reaching out to external stakeholders, DSAC members and other participants to run discussions and meetings on CDR benefits and outcomes. 

Work to date on benefits has established a baseline for the Program and developed an initial view of CDR outcomes and lead indicators and this has been represented in a detailed map of the components of the program and in an outcome map form. 

VMC noted that they had just commenced Stage 2 with the objectives to i). validate the measures of the program’s longer term strategic outcomes ii). to review and update the regimes practical reporting measures of program success and iii). socialise and validate the CDR Value Proposition and measures of success. 

VMC noted that benefits will be measured in the following categories:

  1. CDR Enablement – Operational effectiveness
  2. Data Sharing and Access – Activity measures
  3. Economic Outcomes – Strategic measures

VMC noted that the next step is measuring and reporting progress towards success by engaging stakeholders to understand how they measure and report on progress; refine key measures; translate into requirements for a reporting dashboard; start with practical / proxy measures where necessary; extend towards ideal measures; prototype dashboard, seek feedback and start refining; and publish initial benefits report.

VMC noted that TSY would schedule consultation and feedback sessions with the CDR community over the coming months and the Program Management Office (PMO) would be seeking expressions of interest from the community. 

One member asked what would be defined as consumer success and what are the plans to measure it. They also asked, would TSY be seeking expressions of interest from the consumer group. 

VMC noted that at this point in their work, they are keen to engage as broadly as they can which will help them understand where different parties are coming from and the best ways to measure the successes.  In terms of how they would measure success for consumers, VMC noted they have developed 80 to 90 individual measures and they will be refining those through consultation across a wide range of stakeholders. 

VMC noted that in terms of the operational effectiveness measures, it is important that the early success measures include awareness and understanding as they’re going to be the lead indicators and they will underpin the successful achievement of the broader outcomes and economy wide benefits from CDR. VMC noted the level of consultation will be important as they need to reflect those early indicators as well as the longer-term consumer success indicators. 

The Chair noted that it is important that consumer groups, ADRs and actual consumers are involved in this consultation process as it will be incredibly valuable.

One member asked how the previous work, including the Financial Gateway Review, will be incorporated into this phase of work. 

TSY noted that all previous work on benefits and outcomes has been reviewed and assimilated into the current version of the benefits and outcomes framework. They noted that the CDR will move and grow, it is not a static type of program and that they are building an enduring benefits and outcomes ecosystem for the Program. 

One member asked whether TSY had thought about the time horizon and to what horizon are they measuring different measures.  They also asked what was the interrelationship between some of the earlier measures and the later measures, particularly when TSY are tracking progress but also managing progress? 

VMC noted that the benefits need to be monitored and measured over a long period of time and the framework being established, including ongoing measurement, directly links the operational activity and strategic measures.

The member also asked what was the timing around the ending of consultation and then tracking and reporting measures?

TSY responded that consultation would be ongoing and enduring but they do plan to have a dashboard for lead indicators and performance functioning before the end of the year.

One member asked whether they are making any assumptions on what action initiation will bring as they have made a massive assumption that as soon as you get action initiation, the ecosystem is going to start to get some power behind it?

VMC confirmed that as the CDR ecosystem expands the benefits and outcomes will be assessed and incorporated.  

The Chair thanked VMC for presenting, and thanked TSY for stewardship of this session, and noted that members have found this very useful, and he stated he was expecting to see active participation in this process.

TSY noted that their next steps are to reach out to the DSAC members and set up some sessions for further discussion. 

ACCC Update

Paul Franklin, Executive General Manager ACCC CDR Division provided an update as follows:

ACCC noted that an infringement notice has been issued to the Bank of Queensland for alleged breaches of the Competition and Consumer Act in relation to the Consumer Data Right obligations.  ACCC had been undertaking a number of investigations of banks for non-compliance and this was the first infringement notice they’ve reported on. 

ACCC noted that the first meeting of the Incident Management Focus Group would be held Friday 15 July. 

ACCC noted that the next version of the Register and Accreditation Application Platform (RAAP) including features to support CDR for Energy, is due to be released within a week.

ACCC noted that the multilateral testing sandbox would be launched this month, which would allow all participants to test against the participant tools (mock register, mock DH for banking and energy, and mock DR), and to undertake multilateral testing with other participants’ test solutions.  The ACCC encouraged DHs to make their test solutions available, especially with a variety of data that would provide a useful sample for DRs.  The decision to build the sandbox was influenced by the desire to allow participants to test with a variety of data that reflects the complexity of the real world, which the Conformance Test Suite (CTS) is unable to reflect.

ACCC noted that some participants had concerns about the processes implemented by the major banks in order to enable non-individuals (businesses) to nominate individuals to share data on their behalf.  The ACCC said they were taking the concerns raised by participants seriously and were conducting a review of the processes implemented by the major banks and would communicate their findings about whether there is non-compliance with the Rules. 

One member asked in terms of the multi-lateral testing in the sandbox, had the ACCC managed to overcome the issue of sample data sets being representative of the real world but not compromising privacy of consumer data? 

The ACCC noted the sandbox allows all participants to make tests data available so any DH who had data that reflects their product sets could see what a possible transaction will look like if you retrieve it through CDR.  The ACCC noted that for privacy reasons it’s not possible to use genuine customer data. 

The member noted that they assumed it wouldn’t incorporate redirected one-time passwords, consent flows or any of that complexity that relies on a consumer owning the account. 

The ACCC noted that the sandbox is effectively an environment in which they had all the participant tools hosted to test against but anyone who wants to put a solution into that environment in order to test with it, and they encouraged them to do so.  The ACCC noted that the participant did not need to be accredited to use this environment.

One member noted that if the data is not representative of the product, and what is received in response in production, then it is useful but not as useful.

The ACCC noted that they didn’t have the sandbox for the go-live for non-major banks where everyone would engage in multi-lateral testing with each other’s test solutions and the sandbox fills that gap.  The ACCC said this is relevant for the onboarding of the energy sector, and also for existing participants who needed to go through a Data Standards version upgrade or other changes etc. 

One member noted that it’s not going to be an exhaustive list of transactions, but it would likely include the key products which the DHs had today, but not some of the legacy products which may be included in the CDR.

The DSB noted that the ACCC tech team and the DSB engineering teams had been collaborating on a way of creating manufactured data that could be used in an open-source context, which can be expanded to cover-corner cases or even invalid data, or at least sparse data, rather than just fully rich data.  The combined team had developed mocks and developed to that emerging Data Standard so as these Data Standards emerge, they can add data as well.  They have been working on a process of getting a more sophisticated manufactured approach. 

One member asked ACCC whether participants actually use the sandbox and the DH obligations for continuous testing.  From and ADR perspective, they don’t want to end up with a situation where things are going into production and they’re still not working regardless of whether the sandbox is used or not. 

The ACCC noted that there was an existing obligation to undertake testing, and they had built the sandbox because without it there’s no capacity for multilateral testing.  Every participant that goes live makes an attestation that they had done adequate testing but in a number of cases, they’ve seen issues that should have been seen in production. 

The Chair noted that this will be very helpful and it will also continue to improve over time and it’s a very positive step forward.

One member noted that it’s a very useful compliment to the CTS which has a specific purpose and isn’t intended to be comprehensive.   They had raised the risk internally with the upcoming Financial Grade API (FAPI) obligations that with their release on the 19 August, they won’t be able to complete the CTS testing because of the timing of the CTS and keeping pace with standard releases.  They noted that any additional efforts they can make to accelerate the timing of the CTS being available in step or shortly after the release of the standards or future data obligations obviously extends the window of possibility for participants to test against CTS as another validation point.      

Meeting Schedule

The Chair advised that the next meeting will be held remotely on Wednesday 10 August 2022 from 10am to 12pm.

The Chair asked if any members would be interested in hosting the October DSAC meeting in Melbourne to reach out to the DSB. 

ANZ offered to host the October meeting in their conference suites in Melbourne.

ACTION: DSB to reach out to ANZ to lock in the details for a face-to-face meeting in October.

Other Business

No other business was raised.

Closing and Next Steps

The Chair thanked the DSAC Members and Observers for attending the meeting.

Meeting closed at 11:28