“Given the rise in cyber-attacks and data security events, managers need to ensure that the company is prepared for events of this kind,” – warned the lawyer. Reuven Edelman, legal advisor to the Privacy Protection Authority, at a conference organized by the law firm Pearl Cohen Zedek Latzer Baratz. More than 60% of companies choose to pay ransom in the wake of cyberattacks, said Rafael Franco, founder and CEO of Code Blue and former deputy head of the National Cybersecurity Directorate.
Adv said. “The main purpose from our perspective is to get managers to play a more proactive role in the way the company relates to personal data.” Edelman, Head of the Legal Department at the Privacy Protection Authority. At the conference, which was organized by the Pearl Cohen Zedek Latzer Barats law firm, in cooperation with the GCS (General Counsels) of the GCS organization, following new instructions from the Privacy Protection Authority obligating managers to supervise data security in the company.
Edelman said managers are required to “ask questions and demand answers about how prepared the company is to handle events, what type of personal data the company uses, if there is consent from people, if data is transferred abroad, and more.”
Edelman stressed that it is the responsibility of the Board of Directors to protect the information contained in the organization’s networks as much as possible. He said that in the coming years, directors will be asked to increase their involvement in this issue, among other things, “due to the increase in cyberattacks in Israel and around the world, especially since the outbreak of the war, which has caused a major crisis.” “Rising threats to companies and the entire economy.”
Edelman pointed out that the Privacy Protection Authority’s application targets companies, not managers themselves. The Privacy Authority checks whether the company brings issues to the attention of managers, as required by the instructions. In cases of violation, penalties can be imposed on the company, including financial penalties, in accordance with Amendment No. 13 of the Privacy Protection Law, which gives the authority broad enforcement powers. In addition, Edelman explains that the instructions on the responsibility of directors are not aimed at every company with a data bank, but rather at companies in which the management of personal information is at the core of their activities.
Code Blue founder and CEO and former Deputy Head of the National Cybersecurity Directorate, Rafael Franco, revealed at the conference that despite the advanced protections they operate, more than 60% of companies choose to pay the ransom that hackers demand from them. He recommended that companies prepare for these attacks and stressed that he is against paying ransoms.
“If we prepare properly and make preparations for the crisis, the probability of the unexpected happening in the event of a cyber attack will decrease,” he said. For this reason, Franco recommends focusing on several key aspects when preparing for a cyberattack. He says that, among other things, a company must understand who the attacker is, ensure that the company complies with regulatory requirements and that investment in data security is above average in the sector, and examine the multidimensional organizational capacity to recover and prepare for a cyber attack event.
Franco warns that the threat to Israel’s economic space has intensified, especially since the events of October 7. He said that Iran and cybercriminals are exploiting more advanced technology in order to carry out smarter and more harmful attacks, including data encryption. Stealing and extorting customers. He said, “We are witnessing a big change here. The attackers are no longer hiding and the threat has become public and clear.”
circumstance. Haim Ravia, partner and head of the Internet, privacy and copyright practice group at law firm Berl Cohen, said the PCA’s instructions to directors place a heavy burden on them. He cautioned that tests of the directive’s applicability require examination and judgment by each company, and that the key tool it calls for in its implementation – the corporate enforcement plan – is familiar in the context of securities and competition law but still new in law. Privacy context.
circumstance. The US ruling on the issue is also expected to impact courts in Israel, noted Ilan Jerzy Partner, head of Berl Cohen’s Capital Markets and Securities Practice Group. “US courts have set out in a number of rulings the actions that a reasonable board of directors would be expected to take in order to prepare for cyberattacks, reduce the chances of them occurring and minimize the damage that may occur as a result. In the meantime, standards and deadlines for reporting have been set regarding the occurrence The occurrence of the cyber attack, its scope and the damages that may be caused as a result, these standards will undoubtedly be adopted and implemented in court rulings by the courts in Israel, and will serve as a standard with regard to the care responsibilities of the Board of Directors, taking into account the instructions of the Israel Securities Authority and privacy protection laws.”
Jerzy said: “For some time now, US regulators have imposed fines, ranging from a few million dollars to hundreds of millions of dollars, on companies operating in the United States or whose shares are traded on US stock exchanges. At this stage, rulings have been issued against Israeli companies for The companies will pay compensation amounting to a few million shekels, but it seems that the compensation amounts will also rise significantly depending on the extent of the damage to the company’s customers and shareholders.
Published by Globes, Israel Business News – en.globes.co.il – on December 9, 2024
© Copyright Globes Publisher Itonut (1983) Ltd., 2024
Comments are closed, but trackbacks and pingbacks are open.