On the 13th February 2017, the Privacy Amendment (Notifiable Data Breaches) Act was passed in the Australian Parliament, introducing a mandatory notification regime. This bill commences on the 23rd February 2018 and will require organisations to notify data subjects and regulators in the event of an “eligible” data breach.
Notifiable Data Breach (NDB) implications for email
Email is a critical business communication tool and by its nature contains personal information stored in mailboxes and data archives. However spear-phishing, ransomware, and impersonation attacks are plaguing organisations, with 90 percent of phishing cybercrime exploits starting with email, making it the single biggest threat vector to businesses and the data they manage.
Organisations will be obliged to carry out a security assessment in the event of a suspected breach of their email systems. They will also need to complete the assessment within 30 days of becoming aware of the breach. Following such assessments, organisations must notify the Office of the Australian Information Commissioner (OAIC) and prepare a statement setting out the organisation’s identity. Contact details, description of the breach, type of information compromised and recommendations about what individuals should do in response to the breach.
Mimecast’s proven portfolio of cloud-based, security and cyber resilience services for email can be a vital component of any organisation’s Notifiable Data Breaches compliance strategy.