POL I CY The Israeli Insurance, Pension & Finance Newspaper 14 Special edition 2022 Israel is now enacting new legislation to enhance cyber and privacy protection as part of the global objective to do so. Legislation Relating to Privacy Protection One of the most important new acts of legislations is the bill regarding Privacy Protection Law (Protection of Privacy Bill) (Amendment 14), 2021 (the Bill) which was approved in first reading on 7 November 2021 by the Israeli Knesset (Parliament). The Bill constitutes another step in adapting the Privacy Protection Law (PPL) to advanced technology. The Bill consists of three main provisions, aimed at: (i) expanding the administrative enforcement measures of the Privacy Protection Authority (the Authority); (ii) reducing the scope of duty for database registration; and (iii) adapting terms relating to the protection of personal data to technological developments. First, the Bill expands the administrative enforcement measures available to the Authority in respect of financial sanctions that may be imposed, focusing on the size of the database and the type of data it contains. Pursuant to the provisions of the Bill, a “Database Officer” may substitute the financial sanction imposed by the Authority with an administrative notice or an undertaking from the offender to refrain from another violation. Both remedies are subject to approval by the Attorney General. It is also proposed that the Authority receives broad inspection, investigation and enforcement powers. Second, the Bill partially reduces the duty to register a database, taking into consideration the bureaucratic burden and difficulties on the Authority and on the “Database Owner”, that divert resources from core activities designated to protect privacy. Thus, the proposal is to oblige registration of a database based on criteria of size and sensitivity. Third, it is proposed to revise and modernize the terms and definitions of the PPL, to expand the protection of privacy, similarly to the GDPR. The Bill should be submitted for second and third readings to the Knesset in the coming months. In addition, on 25 January 2022, the Privacy Protection Authority published a work paper regarding the role of the Data Protection Officer (DPO) for organizations and companies. The Authority also published a “guidance kit” which includes practical recommendations for companies which intend to appoint a DPO. The Authority recommends that a DPO be appointed in organizations which provide data-driven services and/or whose operation causes an increased privacy risk. According to the Authority, there are several organizations which are obliged to appoint a DPO, however even those that are not obliged to do so, are encouraged to voluntarily appoint a DPO who may assist in doing business with foreign entities that are subject to the GDPR. Pursuant to the Authority, the DPO is the officer responsible for privacy protection within the organization and for applying work and compliance procedures. The DPO should be privacy-oriented in terms of professional experience and skills, both academically and technologically. The Authority further recommends that the role of the DPO, who should have the relevant professional experience and skills, shall include the following responsibilities: (i) regulating the data management procedures within the organization; (ii) supervising and monitoring privacy-related issues within the organization;(iii)providingguidance and training to employees; and (iv) involvement in all “material” issues relating to protection of personal data within the organization. Legislation Relating to Cyber Protection According to a report recently issued by the Israel National Cyber Directorate (“the Cyber Directorate”), during 2020, Developments in Cyber Protection and Privacy Protection laws and regulations in Israel Continued on page 42 By Adv. Sigal Schlimoff and Adv. Omer Shalev Gross Orad Schlimoff & Co. law firm Cyber and Privacy Protection are at the heart of Israeli regulators: Israel becomes a leading country in the cyber field from technological aspects, unicorn cyber companies and the diverse startups that emanated thereof. The regulatory development is following this important trend
RkJQdWJsaXNoZXIy MjgzNzA=