Some participants have noted that clause 2.2, item 3(a), subitem (c) of Schedule 2 refers to “email filtering and blocking methods” and have concluded that the requirement to filter and block unauthorised access to CDR data only applies in respect of emails (and not for example, to SMS or direct messaging services). This is incorrect. Clause 2.2, item 3(a) of Schedule 2 sets out measures that include but are “not limited to” the list of subitems. The key measure is to have “Data loss and leakage prevention mechanisms” and this would capture filtering and blocking methods in relation to SMS and other types of electronic messaging.
For more information on ADR to consumer disclosures, see our article: ADRs sending CDR data to consumers (e.g. via email or direct messaging) and the Schedule 2 Security Provisions.