(1) Without limiting paragraph 56BB(d), the consumer data rules may include the following rules:
(a) rules conferring functions or powers on the Data Recipient Accreditor;
(b) the criteria for a person to be accredited under subsection 56CA(1);
(c) rules providing that accreditations may be granted subject to conditions, and that conditions may be imposed on an accreditation after it has been granted;
(d) rules providing that accreditations may be granted at different levels corresponding to different risks, including the risks associated with:
(i) specified classes of CDR data; or
(ii) specified classes of activities; or
(iii) specified classes of applicants for accreditation;
(e) rules for the period, renewal, transfer, variation, suspension, revocation or surrender of accreditations;
(f) notification requirements on persons whose accreditations have been varied, suspended, revoked or surrendered;
(g) transitional rules for when an accreditation is varied, is suspended or ends, including about the disclosure, collection, use, accuracy, storage, security or deletion of CDR data;
(h) rules about a matter referred to in subsection 56CE(4) (about the Register of Accredited Persons).
Note: The rules described in paragraph (g) could, for example, include a requirement that the CDR data be disclosed in accordance with the relevant data standards to an accredited person. Some of these transitional rules could be similar to some of the privacy safeguards.
(2) Without limiting paragraph (1)(b):
(a) the criteria may differ for different classes of persons; and
(b) the criteria may include the payment of a fee.
Any fee must not be such as to amount to taxation.
(3) Without limiting paragraph (1)(e), each of the following may be a ground for varying, suspending or revoking an accreditation:
(a) a failure to comply with a requirement in this Part or in the consumer data rules;
(b) a failure to comply with a requirement in the privacy safeguards.
Note: An example of a variation could be the imposition of a condition, or changing the level of an accreditation.
(4) If the consumer data rules include rules enabling decisions to be made to vary, suspend or revoke accreditations, the rules must permit the making of applications to the Administrative Appeals Tribunal for review of those decisions.
Note: The consumer data rules can also provide for internal review of these decisions, and internal and AAT review of other decisions (see section 56BJ).