The Privacy Protection Law - you should take it personally

גיא הוכמן – מנכ"ל Genie 

בעיכוב קליל ואופייני שנמשך שנים, אושר בקריאה ראשונה בישראל התיקון לחוק הגנת הפרטיות. החוק מגדיר את נושא הגנת המידע, מבטל תקנות מיושנות ומקנה סמכויות משמעותיות יותר לרגולטור באופן שמתקרב לחוק הפרטיות של האיחוד האירופי (GDPR), אך עדיין לא מעניק לאזרחים שליטה מלאה בשימוש שנעשה במידע שלהם.

במאמר זה אעסוק בעקרונות החוק, במטרותיו ובהשפעותיו על הארגונים והעסקים שמשתמשים במאגרי מידע. היערכות נכונה תאפשר לכם לכבד את פרטיות הלקוחות שלכם ולחסוך מעצמכם קנסות כבדים, אישום פלילי ופגיעה במוניטין

Your customers live, buy and hang out online and on social networks and you, as marketers who know how to leverage their consumer behavior, benefit from valuable big data, which allows you to get to know your customers and sell more to them. But all this goodness has a price: the possibility of violating their privacy.

Privacy protection - a law with teeth
"A person shall not harm the privacy of another, without his consent." This is the language of the Basic Law on Human Dignity and Freedom from 1981 which states that violation of privacy is a criminal offense and a civil wrong. In 2017, the Knesset approved the privacy protection regulations, which detail the manner in which the information security obligation is applied to any entity that manages or processes a database of personal information.

In fact, the privacy protection regulations are a revolution in information security regulation in Israel. They impose on you, business owners, companies and organizations that hold databases containing personal information, administrative, technological and legal obligations regarding the way you secure the information - and this according to the sensitivity of the information in your possession:

· Security level for the database with a single authority.
· Basic security level for information, such as: full name, phone, address.
· Medium security level - social security number, medical information, financial information, consumption habits, political opinions, beliefs and more.
High level of security - business and public databases that are designed to collect information for the purpose of providing it to others, or that contain sensitive information about 100,000 people or more, or that the number of authorized persons to access this information exceeds 100.

For each level of security, the law defines regulations detailing the manner of application that will ensure the privacy of the record holders:
Writing an information security procedure, performing physical controls to protect the information, such as access control or security cameras, response procedures to information security incidents, mapping the computer systems connected to the databases, how information security is managed, and more.

Do not meet the requirements of the law? You will find that his bite hurts.
The enforcement of the Privacy Protection Law is already felt on the ground and the members of the Authority for the Protection of Privacy are no slouch... The authority has administrative enforcement capabilities in all sectors of the economy and the authority to investigate criminal investigations, up to the point of filing charges.

Therefore, if you want to avoid heavy fines and a criminal record, get ready today to protect your customers' privacy. Our privacy protection teams at Genie, which include highly experienced information security managers and legal advisors, will accompany you in the planning and implementation of privacy protection solutions, in a structured process that includes 5 steps - until you meet the requirements of the law:

1. Mapping the databases
Mapping all the computer systems and databases that are in the possession of the organization and contain sensitive information to which the Privacy Protection Law refers: databases of customers, leads, employees, suppliers and more (yes, even an innocent Excel file on the laptop of Tzipi from sales, may complicate you...).

2. Checking the level of information security
Identifying the level of information security required in the relevant databases.

3. Gap survey
Finding the gaps between what is present and what is desired in the organization's information security systems.

4. Application and implementation
Writing a procedure for the protection of information and implementing information security tools to comply with the requirements of the Privacy Protection Law.

5. Management folder
Preparation of a management folder to respond to information incidents and to present the information protection system in a surprise audit
of the Authority for the Protection of Privacy.

Successfully!
Guy Hochman - CEO Genie