תקן אבטחת מידע
ISO 27001
Israel’s Privacy Regulations
On May 8 2018, the privacy protection (data security) regulations came into force in Israel, at the same time the European GDPR regulations came into force, which are intended to improve the security of information in the databases of the citizens of the European Union.
The 1981 Privacy Protection Law and the 2018 Privacy Protection Regulations are the laws established in Israel to protect the privacy of Israeli citizens, and apply to any organization in Israel (private or public) that stores personal/sensitive data.
Who is bound by the regulations and at what level?
Every person/organization that maintains a database of any type and size is obligated to comply with the regulations according to the level appropriate to the nature of the database in their possession:
2. Basic security level - repositories that are not under sole management, but are not subject to the obligation of a medium/high security level.
3. The medium security level - a database with more than 10 authorized persons whose information is used and given to another or one that contains medical information, criminal information or any other sensitive information.
4. The high level of security - a database with more than 100 authorized persons with information to be used by delivery or a database that includes sensitive information on over one hundred thousand people or more.
1. Single management - a database to which there are at most 2 authorized owners and it is managed by a single manager or a company owned by a single person. Mostly, it will be small businesses and they will require the lowest level of security.
The process of complying with privacy protection regulations
After testing and reaching a conclusion regarding the organization's relevant security level, all privacy protection regulations relevant to that security level must be applied. Some of those regulations are (the process of complying with the regulations):
1. Mapping the organization's databases.
2. Preparing a gap survey according to what exists in the organization versus what is required by the regulations.
3. Building a work plan according to the gap survey.
4. Monitoring and assistance in correcting the gaps.
5. Preparation of documents for the registration of the database in the registrar of the databases - Ministry of Justice.
6. Appointment of an information security officer (for companies required by this).
7. Preparation of procedures and policy documents.