POL I CY The Israeli Insurance, Pension & Finance Newspaper 42 Special edition 2022 Developments in Cyber Protection and Privacy Protection laws and regulations in Israel the extent of cyber events in Israel increased by about 50% in comparison to 2019. The State of Israel decided to enact a new bill, to deal with Cyber Protection and to provide extended authority to the Cyber Directorate. Accordingly, in 2021 a new bill proposal was published which shall initially have effect for a temporary period of two years, during which a new comprehensive “Cyber Law” will be contemplated. If approved, the Bill is expected to boost Israeli cyber protection, and consequently become an important risk mitigating measure for cyber insurers, insuring Israeli risks. The Bill defines the authority of the Cyber Directorate in cyber events, while protecting “vital public interests”, such as public safety and human life, Israel’s economy, environmental protection, as well as the prevention of “Severe Security Incidents” and ensuring the proper function of vital systems. The Bill grants the Cyber Directorate the authority to provide instructions to organizations concerning a “Cyber-Attack” and a “Severe Cyber-Attack”, when the following cumulative conditions are met: (a) the existence of a “vital operation” by the organization, namely an operation which is of importance to the public as a whole or to significant segments of the public, including IT and communication services; (b) there is a “critical exposure” which is not being addressed by the organization; (c) an attack against the organization may result in significant harm to a vital public interest. The Bill addresses the issue of privacy protection, and states that the Cyber Directorate is not allowed to collect privacy protected data in the course of its involvement in cyber events, unless such data has significant “defensive value” or in the following conditions: (a) the collection is permitted by law or (b) the Court approved the collection after considering the degree of invasion of an individual’s privacy compared to the importance of protecting a “vital public interest”. Another interestingguidelinerelating to cyber protection is the Opinion of the Israeli Bar Association’s Ethics Committee Regarding the Protection of Confidential Data. This opinion relates to the duties which apply to lawyers who hold sensitive data of their clients and requires them to apply high protection measures These new legislations and guidelines are part of a general objective of the Israeli regulators to rapidly increase the degree of cyber and privacy protection in Israel to a relatively high level in the next few years. No doubt we will see additional regulatory initiatives in the near future. Continued from page 14 RegTech - Turning Regulation from a Liability into an Asset search and manage regulatory documents or the documents of the regulated entity. On top of this comes the ability to manage board and board committee meetings by formulating an agenda derived mainly from the regulation and integrating all intraorganizational regulatory reports within the platform, and thus close the compliance circle. The use of technological systems facilitates meeting regulatory requirements, thereby significantly reducing the risk and exposure to regulatory sanctions and fines. According to the 2007 Regulation ‘Reducing the Financial Sanction Amounts (Financial Services Regulations (Insurance))’, the Insurance and Capital Markets Authority is authorized to reduce the amounts of financial sanctions applied to regulated entities in cases where the violation is not recurrent, or when the violator is able to demonstrate that actions have been taken to prevent recurrence and further damage. As the technological systems document the organization’s control and enforcement work and providing a complete and orderly documentation of regulation management processes, thereby enabling the regulated entity to demonstrate to the regulator, should that be necessary, that its regulation management processes are in order. The future is here – in the regulation area as well. The technologies implemented in the next few years will not make compliance fun, but the manual work with its high potential for error will be replaced by a much friendlier technology that will significantly reduce the risk for violations and save considerable time and money, and mainly, spare us that huge daily headache we all know so well. Once there was only a manual way to manage this, you had no choice. Now, when technologies are available, regulated entities will have to make sure they join the digital revolution and put the past behind them, also when it comes to compliance. Continued from page 34
RkJQdWJsaXNoZXIy MjgzNzA=