What does the Bill do?
The Bill is intended to ensure three things: Respect, Care and Trust, when customer data is exchanged.
What data is involved?
Customer data is data a business creates or collects about you (its customer). In the case of a bank, this could be your transaction history. In the case of an electricity service provider, it could be information on your specific usage. The Bill covers individual customers, as well as businesses and trusts.
Respect means …
Respecting the customer’s authority over their data.
- Use of the services regulated by the Bill is opt-in for consumers, who can opt out at any time.
- Customer Data is only ever exchanged with the free and informed consent of the customer.
- Data holders and receivers must ensure consent can be easily withdrawn at any time.
- Penalties apply if customer data is accessed in breach of the rules.
Care means …
Care for the data during exchange.
- The government can set standardised safeguards, processes, and penalties around the electronic exchange of customer data. This means all customers using the system can have confidence in the level of protection provided for their information.
- The government does not access, hold onto or transmit customer data at any point during the exchange.
Trust means …
- Privacy protections for personal information remain in place at all times.
- Only trusted people, with trusted systems, are able to make data or action requests using the Bill, thanks to the accreditation regime.
- Breaches are enforced by MBIE or the Office of the Privacy Commissioner, depending on the nature of the issue.
The Bill also unlocks product data
Product data is data about a good or service a business provides. In the case of a supermarket, it could be the cost of different foods. In the case of a mobile phone plan provider, it might be information about what data, text and call allowances are for each of the plans they have.
When product data in a sector is designated in future, designated businesses will need to make the certain data about their products available in formats that can be automatically read and processed by a computer. This will enable easy product comparison and switching.
There will be consultation with the relevant sector before product data is designated.
The Bill does not:
The Bill does not mean businesses will create or collect new data about you
The Customer and Product Data Bill is about data which businesses already create or hold about customers – like account and transaction information. It does not create new obligations to collect or create data.
The Bill does not give the government powers to store or share your data
The Bill enables standards to be made so that people and businesses can connect and exchange data securely with one another. It also provides for some standard safeguards for customers regarding consent, complaints and enforcement. It does not create a way for the government to store, view or share your data.
The Bill does not prohibit businesses from using existing data access and exchange arrangements
Many businesses already have existing data access and exchange arrangements, such as between your bank and your budgeting app or accounting software. The Bill will not prohibit businesses from using these arrangements. However, the Bill would apply to your business if your business was designated (refer to the last concept for more information).