Here are the draft Code Standards, again with commentary omitted for brevity - but still recommending that you read the full text.
[Standard 6] Protect client information
A person who gives financial advice must take reasonable steps to protect client information against loss and unauthorised access, use, modification, or disclosure.
[Standard 7] Resolve complaints
A person who gives financial advice must provide arrangements for resolving complaints by clients.
A complaint is an expression of dissatisfaction made to or about a person, related to its products, services, staff or the handling of a complaint, where a response or resolution is explicitly or implicitly expected or legally required.
One concern - and it must have been a tension present in more areas of the draft Code than just these two areas - is the extent to which the Code might cover requirements for Financial Advisers that are already present elsewhere. Either in FMC Act (once amended), or in other law or regulation. These privacy and complaints process are two such areas where the Code Working Group is introducing a standard that is well covered elsewhere. The danger of doing so is that the standard somehow varies. The potential for variation, especially in a Code which is meant to be brief and easy for clients to understand, is significant. The standard on complaints includes a definition of complaint so broad that it would appear to include any vaguely expressed gripe. In the commentary it appears to suggest that all these must be resolved using someone other than the adviser. For smaller businesses this would mean many frequent referrals to the dispute resolution body. I am not sure that is the intention.
Two solutions exist - remove these standards, or make them work better as signposts. The signposting approach to drafting has been used elsewhere - there are several direct references to the law - and could be used here as well, drawing attention to the regulatory requirement for a dispute resolution scheme, and the requirement to maintain competence to meet privacy law and regulation.