Dramatic Overhaul of Israeli Data Security Regulations
bigstockphoto
Last week, the Israeli Parliament (the Knesset) promulgated the Protection of Privacy Regulations (Data Security), 5777-2017 (the “Regulations”). This marks the consummation of a legislative process that began in 2010 with the Israeli Law, Information, and Technology Authority (ILITA, the Israeli privacy regulator) when the first draft of the Regulations was published for public comment.
The Regulations introduce a far-reaching reform to the existing information security regulations which date back to 1986 and have become ill-suited for our technology era. Among other issues, the new Regulations introduce an overarching data breach notification requirement for the first time in Israel. Such requirements are common in many other jurisdictions. In the United States, breach notifications have led to a wave of class action suits against data handlers whose databases were breached.
When will the Regulations apply?
The Regulations will enter into force in late March 2018, giving data handlers 12 months to prepare.
To whom will the Regulations apply?
The Regulations apply to anyone who owns, manages or maintains a database containing personal data in Israel. All Israeli organizations, companies and public agencies are subject to the Regulations. The Regulations would require these actors to reevaluate their information security protocols and adapt them to the newly promulgated requirements.
bigstockphoto
Last week, the Israeli Parliament (the Knesset) promulgated the Protection of Privacy Regulations (Data Security), 5777-2017 (the “Regulations”). This marks the consummation of a legislative process that began in 2010 with the Israeli Law, Information, and Technology Authority (ILITA, the Israeli privacy regulator) when the first draft of the Regulations was published for public comment.
The Regulations introduce a far-reaching reform to the existing information security regulations which date back to 1986 and have become ill-suited for our technology era. Among other issues, the new Regulations introduce an overarching data breach notification requirement for the first time in Israel. Such requirements are common in many other jurisdictions. In the United States, breach notifications have led to a wave of class action suits against data handlers whose databases were breached.
When will the Regulations apply?
The Regulations will enter into force in late March 2018, giving data handlers 12 months to prepare.
To whom will the Regulations apply?
The Regulations apply to anyone who owns, manages or maintains a database containing personal data in Israel. All Israeli organizations, companies and public agencies are subject to the Regulations. The Regulations would require these actors to reevaluate their information security protocols and adapt them to the newly promulgated requirements.
