1. A data holder shall provide the customer with a permission dashboard to monitor and manage the permissions a customer has provided to data users.
2. A permission dashboard shall:
(a) provide the customer with an overview of each ongoing permission given to data users, including:
(i) the name of the data user to which access has been granted
(ii) the customer account, financial product or financial service to which access has been granted;
(iii) the purpose of the permission;
(iv) the categories of data being shared;
(v) the period of validity of the permission;
(b) allow the customer to withdraw a permission given to a data user;
(c) allow the customer to re-establish any permission withdrawn;
(d) include a record of permissions that have been withdrawn or have expired for a duration of two years.
3. The data holder shall ensure that the permission dashboard is easy to find in its user interface and that information displayed on the dashboard is clear, accurate and easily understand
…