NAB Pays $751,200 for Alleged Consumer Data Right Breaches — A Wake-Up Call for Data Holders

Published: 23 June 2025 | Source: ACCC Media Release – 19 June 2025

Australia’s fourth-largest bank, National Australia Bank (NAB), has paid $751,200 in penalties after the ACCC issued four infringement notices over alleged breaches of the Consumer Data Right (CDR) Rules.

The case centres on data accuracy failures — specifically, NAB’s alleged failure to disclose or correctly disclose credit card limit data in response to requests from four CDR-accredited fintech providers acting on behalf of consumers.

This is now the highest CDR-related penalty paid to date in Australia.

At Bane Legal Services, we don’t provide legal advice — but we help businesses stay compliant by connecting them with trusted commercial and data privacy lawyers. If you're a bank, retailer, energy provider, or any other CDR data holder, it’s critical to ensure your systems meet legal requirements. We’ll help you find the right legal expert to review them.

What Went Wrong?

According to the ACCC, NAB allegedly:

• Failed to provide accurate credit limit data on four occasions

• Sent incomplete or inaccurate responses to requests from accredited CDR providers

• Undermined fintech tools (including mortgage broking apps) that depend on real-time, accurate CDR data to help consumers compare financial products

While NAB cooperated with the ACCC and rectified the issues, the size of the penalty reflects the seriousness of the breach — and the growing regulatory importance of the CDR regime.

ACCC Deputy Chair Catriona Lowe commented:

“Poor data quality prevents consumers from experiencing the full benefits of the CDR… [it] can impact financial decision-making, product switching, and the ability to access better deals.”

What Is the Consumer Data Right?

The Consumer Data Right (CDR) is a game-changing, economy-wide reform that gives Australians the legal right to safely transfer their personal data from businesses (data holders) to accredited third parties (data recipients).

The aim? To help consumers take control of their data to compare, switch, and save on everyday products and services — from banking and energy to, soon, non-bank lending and telecommunications.

Under the CDR framework:

• Banks, energy providers and other data holders must share consumer data accurately, securely, and on time

• Accredited providers must meet strict standards to access and use that data for consumer benefit

• The system is regulated by the ACCC, Office of the Australian Information Commissioner (OAIC), and Treasury

Key Takeaways for CDR Participants and Business Owners

If your business is a data holder under the CDR framework — now or in the future — here’s what you need to know:

• Data accuracy is non-negotiable

• Failure to comply with the CDR Rules can result in enforcement action and public penalties

• Consumer trust is on the line — especially for industries that rely on secure, real-time data sharing (like fintech and energy)

In the second half of 2024 alone, more than 530,000 Australians used CDR-powered services, with over 582 million consumer data requests made. As the system grows, so too will regulatory oversight.

CDR Sector Rollout – Who’s Next?

The CDR began with banking (2020), expanded to energy (2022), and is set to include non-bank lenders by mid-2026. Telecommunications and insurance sectors are also being considered.

If you’re in a sector that handles sensitive consumer data, the time to audit your systems, review your compliance processes, and connect with a commercial lawyer is now.

Not Sure If You're CDR-Compliant?

At Bane Legal Services, we’re not a law firm — but we know who to call when it’s time to get your legal house in order.

Whether you’re preparing for CDR accreditation, dealing with complex data-sharing obligations, or want to reduce the risk of enforcement action, we can help you connect with a qualified Australian commercial lawyer who understands the evolving CDR regime.

Need help navigating your CDR compliance obligations?

Book a free consultation — and we’ll introduce you to the right expert for your business.

Disclaimer: This article is based on a public media release by the Australian Competition and Consumer Commission (ACCC). Bane Legal Services is not a law firm and does not provide legal advice. For legal advice tailored to your circumstances, we can connect you with a qualified lawyer.