What is the Consumer Data Right (CDR)?

A DataOps Article.

What is the Consumer Data Right (CDR)?

You may have heard it mentioned, particularly if you’re in “Open Banking”. But CDR is the future of how we access and ultimately share our data with “trusted” third parties.

It will be introduced into the Australian banking sector initially from the middle of 2020, with scope/functionality evolving in phases, and ultimately roll out across other sectors of the economy, including superannuation, energy and telecommunications.

Vendor Benefits

The Consumer Data Right is a competition and consumer reform first!

  • Reduced sector “monopolization” (increased competition).
  • CDR encourages innovation and competition between service providers.
  • Access to new digital products & channels.
  • New, to be innovated, customer experiences.

Consumer Benefits

  • Immediate access to your information for quicker decision making.
  • Better transparency of vendor(s) pricing and offers.
  • Increase in products to support your lifestyle.
  • Consumer power e.g. ease of switching when dissatisfied with providers.

Vendor Risks

  • CDR Compliance is mandatory for Data Holders
  • Implementing CDR (on top of legacy platforms) is non-trivial.
  • Non-compliance penalties may be severe (fines and trading restrictions)
  • CDR is rapidly evolving & continually changing. Continuous conformance validation & upkeep required.
  • Increased access to data, means increased “attack footprint”.

Be warned! Although the CDR is expected to create exciting new opportunities, there are also clearly defined conformance requirements. In a nutshell, breaches of the CDR Rules can attract severe penalties ranging from $10M to 10% of the organization’s annual revenue.

Who is responsible for CDR?

Ultimately CDR may evolve to a point where it is self-regulating. However, at present at least, the accreditation of who can be part of the ecosystem (i.e. Data Holders & Data Recipients) will be controlled by the relevant industry regulators*.

*In Australia the ACCC is responsible for implementing the CDR system. Only an organisation which has been accredited can provide services under in the CDR system. An accredited provider must comply with a set of privacy safeguards, rules and IT system requirements that ensure your privacy is protected and your data is transferred and managed securely. 

How do consumers keep their data safe?

The CDR system is designed to ensure your data is only made available, to the service providers, after you have given authentication and consent.

Note: The diagram below, based on Australian oAuth2/OIDC security CDR guidelines, shows the key interactions between the Consumer, The Data Recipient (e.g. a Retailer App on a Phone) and a Data Holder (a Bank).

Australian CDR uses oAuth2/OIDC Hybrid Flow

Consumers can control what data is shared,  what it can be used for and for how long. Consumers will also have the ability to revoke consent and have information delete at any time.

CDR is the beginning of an interesting new information era. Learn more about the Consumer Data Right and accreditation on the CDR website.


Smells that indicate that you need TDM

You may have heard of code smells or even smelly test environments.

But, what about Data Smells?

In this post we discuss top smells that indicate you need Test Data Management.


In computer programming, a code smell is any characteristic in the source code of a program that possibly indicates a deeper problem.[1][2] Determining what is and is not a code smell is subjective, and varies by language, developer, and development methodology.

The term was popularised by Kent Beck on WardsWiki in the late 1990s. Ref Wikipedia.

Invariably every IT problem has a symptom that we call smells.

In this post lets focus on the most popular ones associated with Test Data Management

Top 15 TDM Smells

  1. Testers waste large amount of time creating data rather than testing the application.
  2. Data provides doesn’t meet the requirements for testing (has incorrect mix of data).
  3. DevTest cycle /and project slippage to data unreadiness.
  4. Dependency on other experts to provide the Test Data (experts that may have other priorities).
  5. System Data lacks integrity (is incomplete) and limits System Testing.
  6. Up or Down stream data hasn’t been prepared in similar fashion, causing E2E integrity issues.
  7. Data Related defects caused by data being in unrealistic state i.e. False Positives.
  8. Test Data Creation is (or is deemed) too complicated or time consuming.
  9. Test Data is too large causing refreshes to take too long.
  10. Test Data size (production size) causes performance bottlenecks & broken batch processing in smaller test environments.
  11. Data has been copied from production and has PII data i.e. Data is insecure.
  12. Testers (& developers) don’t understand what the platform data looks like. Resulting in the engineers fumbling in the dark as they try to exercise it effectively.
  13. Due to Data complexity, Testers can’t easily find (mine) the data sets once it has been deployed.
  14. Test results are being corrupted by testers “only” using/reusing the same small data sets  (data contention).
  15. Lack of data reuse (or automation) resulting in continuous reinvention and repeated mistakes.

In Conclusion

Test Data is an essential, if not somewhat complicated, and often ignored, aspect of effective Devops & Quality engineering. However treating it as an after thought will invariably result in the smells described above. Smells that will introduce suboptimal DevOps/DataOps operations, unwanted project delays and poor testing.

Do you have other ideas on Test Data Management Smells, then please let us know?

Post By Jane Temov

Jane is an experienced IT Environments Management & Resilience Evangelist. Areas of specialism include IT & Test Environment Management, Disaster Recovery, Release Management, Service Resilience, Configuration Management, DevOps &Infra/Cloud Migration. 

what is data analytics internal audit

What Is a Data Analytics Internal Audit & How to Prepare?

No one wants to deal with a data audit. You haven’t invested so much time into putting everything together just to have someone else come in and start raising questions. Hopefully, an audit will never happen to you. Still, the possibility that an audit could happen tomorrow is there, and this post is about what a data analytics internal audit is and how to prepare for it.

Continue reading “What Is a Data Analytics Internal Audit & How to Prepare?”

How to Organize a Test Data Management Team

So, you’ve recently learned about what Test Data Management is and why it’s amazingly valuable. Then, you’ve decided to start a TDM process at your organization. You’ve read about what Data Management includes, learned how TDM works, and finally went on to start implementing your Test Data Management strategy. But then you got stuck, right at the start. You’ve got a question for which you don’t have an answer: how to organize a Test Data Management team?

Well, fear no more, because that’s precisely what today’s post is about.

We start with a brief overview of Test Data Management itself. Feel free to skip, though, if you’re already familiar with the concept. We won’t judge you for that; we’re just that nice.

Continue reading “How to Organize a Test Data Management Team”

what is data provisioning in test data management

What Is Data Provisioning in Test Data Management?

This post aims to answer a simple question. Namely, what is data provisioning in the context of Test Data Management (TDM.)

Socrata’s glossary of technical terms defines data provisioning as:

The process of making data available in an orderly and secure way to users, application developers, and applications that need it.

But remember what we want here is to understand what data provisioning is in TDM. While the question itself is—seemingly—simple, you’ll see that it can quickly generate a lot of other questions that need answering if we are to see the big picture.

We start by taking a look at the current state of affairs in the software development world. You’ll understand why applying automation to the software development process is vital for modern organizations and what roles the automated testing plays in this scenario.

We then give an overview of TDM. You’ll learn what Test Data Management is and why it is essential for a healthy testing strategy.

With all of that out of the way, it’ll be time for the main section of the post, where we’ll see what data provisioning is and how it fits into the TDM puzzle.

Let’s get started.

Continue reading “What Is Data Provisioning in Test Data Management?”

what is the primary objective of data security controls

What Is the Primary Objective of Data Security Controls?

When you develop a data security architecture and strategy for your organization, your main objective is to protect the organization’s data.

To do that, you first need to identify all threats and vulnerabilities associated with that data and inform the business about the security risks you identified. Next, you need to introduce appropriate countermeasures to manage those risks based on the risk appetite of the organization. To do that successfully, you need data security controls and you need to have a firm grasp on what the primary objective of data security control is. Today, I want to help by answering these questions in this post.

First, we’ll cover the definition of data security controls, what their main goal is, and why understanding security control objectives are important. Then, we’ll review the seven main security control types and their primary objectives. Following that, we’ll dive into security control categories that allow us to further define these controls. Let’s start by first defining data security controls.

Continue reading “What Is the Primary Objective of Data Security Controls?”

What Does Data Management Include? Introductory Guide

Data management helps you and your organization capture data in a structured and organized way. Also, data management helps improve data quality and makes the data easier to discover. Correct data management implementation brings many advantages to your organization, allowing you and your team to make more informed decisions and improve inefficient processes. But what does data management include?

Data management tackles topics such as data collection and data processing. Let’s take a deeper look at data management. In this article, you’ll find out some of the most important data management best practices and pitfalls.

Continue reading “What Does Data Management Include? Introductory Guide”

How to Perform a Data Quality Audit, Step by Step

A data audit helps you assess the accuracy and quality of your organization’s data. For many organizations, data is the most valuable asset because it can be deployed in so many ways. Organizations can use their data to improve existing processes or services, make important business decisions, or even predict future revenue. And of course, it’s of great value for the marketing team.

However, when your organization doesn’t adhere to standards or processes related to data accumulation and storage, you might end up with poor-quality data. By regularly conducting a data quality audit, you make sure the quality of your data stays high. Even if the quality decreases at some point, you can take immediate action to fix or improve problematic processes.

This article will help you understand how to get started with a data quality audit. First, let’s discuss the importance of a data quality audit.

Continue reading “How to Perform a Data Quality Audit, Step by Step”

what is a data pipeline in hadoop

What Is a Data Pipeline in Hadoop? Where and How to Start

Did you know that Facebook stores over 1000 terabytes of data generated by users every day? That’s a huge amount of data, and I’m only talking about one application! And hundreds of quintillion bytes of data are generated every day in total.

With so much data being generated, it becomes difficult to process data to make it efficiently available to the end user. And that’s why the data pipeline is used.

So, what is a data pipeline? Because we are talking about a huge amount of data, I will be talking about the data pipeline with respect to Hadoop.

Continue reading “What Is a Data Pipeline in Hadoop? Where and How to Start”

how to build a data management platform

How to Build a Data Management Platform: A Detailed Guide

Does your business need to gain better data insights? Would you like to collect, organize, and activate data from any source, be it online, offline, mobile, and more? Then you need a data management platform, or DMP.

Let’s start with a brief introduction to DMPs. Data management platforms allow you to organize, collect, and activate audience data from any source. Through this, a DMP will add value to your business by providing insights about your customers.

Today, you can buy a DMP from a number of vendors. However, the cost usually ranges from $80K to over $1M for large implementations.

But don’t fret—you have another option. You can build one yourself.

In this post, I’m going to explain how a data management platform works, features of a DMP, and the architecture for building a DMP.

Continue reading “How to Build a Data Management Platform: A Detailed Guide”