fbpx

Organizing for the implementation of the Privacy Protection Law (Databases)

We would like to inform you that recently there has been a significant development in the field of enforcement of the Privacy Protection Law
Regarding databases. 
It should be emphasized that failure to comply with the regulations under the law constitutes a criminal offense.
We will remind you that in March 2017, the Knesset approved the Privacy Protection (Information Security) Regulations, which detail the manner
The application of the information security obligation, imposed by the Privacy Protection Law, on any entity that manages or processes a database of
Personal information (the regulations entered into force in May 2018)

required according to the regulations
The regulations detail steps for managing and implementing information security, in accordance with the sensitivity of the databases and information
found in them, according to 4 levels of security that the regulations define:

  • Security level for a database with a single authority
  • Basic security level - Information such as full name, phone, address.
  • Medium security level  17, medical, financial information, consumption habits, political opinions, beliefs and more as defined by law.
  • High level of security - Databases, including those of a public body, whose purpose is to collect information for the purpose of providing it to others or which contain sensitive information, as described above, about 100,000 people or more or the number of authorized persons to access this information exceeds 100.

According to the level of information security, the regulations require implementation in several subjects, for example:

Writing an information security procedure

Physical controls to protect the information (for example cameras / access control)

Strengthening information security in the personnel recruitment process

Response procedure for information security incidents

For information security events mapping computer systems related to databases

Information security management

How do you organize?

The organization begins with the discovery of all the databases that contain information defined by law as requiring security, some of them are self-evident, some less so, for example an Excel file containing certain personal details about interested parties - may be considered a database.
After mapping the databases, the level of information security in the databases is actually tested and based on the results, the necessary route to protect them to the right extent within the law is built.

Phase I - mapping and review of gaps

Mapping the databases that exist in the kibbutz (such as community, employees, suppliers, customers).

Determining the level of information security (single authority, basic, medium, high).

Gap survey (the gaps that exist versus what is required to be carried out in the regulations).

Phase B - Implementation of the requirements of the regulations and reduction of gaps

Implementing the completion of the gaps in favor of compliance with privacy protection regulations.

Preparation of a folder for the purpose of management and presentation in case of an audit by the Authority for the Protection of Privacy.

for further details:

Do you have any questions?

Fill out the form and our representative will work with you:

Skip to content