Privacy Protection chief: New regulations prevent cyberattacks

“In our experience, cyberattacks could have been avoided in many cases if companies had adhered to privacy protection (data security) regulations. Unfortunately, there are many companies in Israel that have not adequately complied with data security regulations, perhaps due to sanctions,” the lawyer said. The violations were not significant, and they became the target of cyberattacks, Gilad Simama, Commissioner of the Privacy Protection Authority (PPA), said this week, “Once the penalties enter into force according to the amendment to the law, we expect that many companies will intensify their efforts and raise the level of data security in order to comply with the requirements. “organizational.”

circumstance. Samama was speaking at a conference organized by Lipa Meir & Co. lawyers and the Israel Directors Union (IDU), which was held last week about Amendment No. 13 to the Privacy Protection Law, which was recently passed by the Knesset and includes changes and amendments to the Privacy Protection Law, which has not undergone any major changes since About 30 years. The amendment to the law includes, among other things, expanding the enforcement powers of the Privacy Protection Law to include a mechanism to impose financial penalties in large amounts for violations of the Privacy Protection Law and regulations, in addition to strengthening the criminal investigative powers of the Life Protection Authority, and the obligation to appoint a data protection officer for some organizations. It also narrows the scope of The obligation to register digital databases and in some cases sets out instead an obligation to notify a data protection authority (PPA) in relation to a sensitive database.

circumstance. Samama added, “The most important achievement of amending the Privacy Protection Law is the ‘repricing’ of the violation of the right to privacy. In future cases that the Data Protection Authority will manage after the amendment to the law enters into force against companies.” Those who violated the law and regulations, financial penalties may reach millions of shekels, so organizations must prepare according to the entry into force of the amendment to the law, as its consequences will be widespread and significant.”

The Board of Directors’ responsibility to supervise and prevent electronic attacks

The conference also addressed the new guidance recently published by the Decision Makers Association regarding the responsibility of the Board of Directors to fulfill the obligations stipulated in the Privacy Protection (Data Security) Regulations, including the duty to monitor and ensure the company’s compliance with the provisions of the law and regulations, to formulate regulatory policies on substantive issues in the field of Managing personal data, and being heavily involved in complying with a number of concrete requirements of data security regulations.

circumstance. Samama pointed out that “the Data Protection Authority’s directive regarding compliance with data security rules by the company’s board of directors will enter into force immediately and will be implemented according to the circumstances of each case. I believe that the board of directors of a company whose primary business is to process personal data and in which there is a risk to privacy Its clients must be significantly involved in supervising and monitoring compliance with the provisions of the law and regulations, in order to increase the level of compliance with regard to the security of the data being managed.”

circumstance. Samama added that the importance of the Data Protection Authority’s directives becomes clearer given the state of data security in companies, and even more so due to the increase in serious cyber attacks against Israeli companies since the outbreak of the war.

circumstance. Vered Zulekha, Partner and Head of the Cyber ​​and AI Practice at Lipa Meir & Co., noted: Advocates, to the broad consequences of Amendment No. 13 for many organizations in the economy, stated that “as part of the preparations for after the amendment comes into force, and to comply with the provisions of the law, organizations should already consider taking a series of steps to ensure that the gaps in relation to the requirements of the law are closed.” , including: identifying the types of information in its databases, examining the need to appoint a data protection officer and a data security officer; updating notifications to data subjects; establishing appropriate regulatory procedures; and more.

Regarding the new PPA guidance on board responsibility, the lawyer said. Zulekha confirmed: “After the discussion that we and the Directors Union conducted with the Power Purchase Authority as part of the public comment stage, the Power Purchase Agreement included some changes in the final version, taking into account the separation of executive and supervisory powers.” “The roles are reserved for the board,” Zulekha noted. “This is an important legal development for boards to which the Directive applies, because beyond the duties of setting policy and oversight, this Directive requires the involvement of the Board in relation to specific regulatory requirements, for example in “Relates to the database definitions document.” Circumstance. Zulekha also said: “This could be an important milestone because it could expand the potential legal exposure of the organization and the board, both in relation to privacy law and corporate law, to the extent that the board was found to have not complied Directors with directions.

Managers’ preparations for the new situation

Managers who participated in the event expressed concern that the new guidance may be complex to implement and raised the need for a practical “toolkit”.

“We recognize the great importance of the issue of data security and privacy protection in the age of advanced technology,” said Hadar Zoviov Hacohen, CEO of the Israel Directors Association. “Shifting responsibility towards boards of directors in this area is important, and we conducted a survey among the director community and raises the need for increased awareness and comprehensive understanding.” Commitments The IDU, as a substantive body providing practical tools to Union members, will work in collaboration with the PPA and will help disseminate this guidance and provide practical tools for its implementation.

Regarding the implementation of the directive, Zviov said: “We believe that the PPA should continue to invest in broad explanation, so that all boards are aware of the regulatory requirements and updates. Collaboration between the PPA and the PDU is essential to ensure full compliance with the regulations.” And to protect public data privacy, we call on all boards of directors to take the matter seriously, study new developments in depth, and work to implement them optimally in the organizations they serve.”

Published by Globes, Israel Business News – en.globes.co.il – on October 8, 2024.

© Copyright Globes Publisher Itonut (1983) Ltd., 2024.


chiefcyberattacksPreventprivacyProtectionRegulations