Introduction
In today’s digital era, data is a valuable asset. Many businesses collect, process, and store personal data of customers, employees, and suppliers. However, collecting and using personal data also entails significant risks to individuals’ privacy. To safeguard the privacy of Israeli citizens, the Privacy Protection Law, 1981, was enacted.
Recently, the Israeli Knesset approved Amendment 13 to the Privacy Protection Law, designed to align the law with the evolving technological landscape and enhance privacy protection for Israeli citizens. This amendment introduces substantial changes affecting all businesses in Israel, making it crucial for every business to be aware of these changes and their new obligations.
Key Changes in Amendment 13
- Expansion of the Privacy Protection Authority's Powers
The amendment grants the Privacy Protection Authority broader enforcement powers, including the authority to impose increased fines for violations of the Privacy Protection Law. Fines can reach millions of shekels depending on the severity of the violation and the resulting damage.
- Strengthening Data Security Requirements
- Implementation of advanced protection technologies: Businesses must implement advanced information security measures depending on the level of sensitivity of the data.
- Access management requirements: Businesses are required to ensure access to information only to authorized persons and to conduct periodic audits.
- Monitoring and reporting: Continuous monitoring of access to information must be carried out and serious incidents must be reported to the Privacy Protection Authority.
- Increasing transparency regarding the collection and use of personal information
Businesses are obligated to inform customers how their information is used and provide an accessible and clear privacy policy.
- Appointment of a Data Protection Officer (DPO)
- Certain businesses must appoint a Data Protection Officer (DPO) responsible for ensuring compliance with the law within the organization.
- The DPO is required to oversee regulatory compliance and provide guidance on data security and privacy protection.
- Expansion of the Right to Compensation
The amendment expands individuals' rights to claim compensation for privacy violations, even in cases where no direct financial damage has been caused.
What Every Business in Israel Must Know?
- The amendment applies to all businesses in Israel, regardless of their size or industry.
- Businesses must update their privacy protection policies to comply with the new requirements.
- Implementing advanced data security measures and access controls is mandatory.
- Customers must be provided with clear information on how their data is used.
- Certain businesses are required to appoint a Data Protection Officer (DPO).
Testimonial
🔒 Gap mapping and professional advice: It is recommended to map gaps against the requirements of Amendment 13 to the Privacy Protection Law with the help of an expert consultant in the field. This mapping will help the organization identify risks, understand the gaps against the new regulation, and formulate an adapted action plan. This action will ensure compliance with the requirements of the law, prevent exposure to fines, and improve the organization's risk management.
Summary
Amendment 13 to the Privacy Protection Law is a significant reform impacting every business in Israel. Businesses must be aware of these changes and take the necessary steps to align their operations with the new legal requirements. Non-compliance with the law’s provisions can result in substantial fines and reputational damage.
Written by: Idan Tzabari, Information Security and Strategy Consultant IT