Volume: 3 Issue: 4
The Israeli Parliamentís Constitution, Law and Justice Committee approved on 21 March 2017 the Protection of Privacy (Information Security) Regulation 2016. The Regulation is the result of almost seven years work, and will establish comprehensive obligations on both private and public database owners once approved by the Knesset.
“The Regulation can be read as a manual with specific actionable requirements. It introduces modern concepts of information security, such as the need to encrypt data in transit and at rest, and the need to perform risk assessments, penetration tests and timely reviews of security controls," said Dan Or-Hof, Founder of Or-Hof Technology and IP Law. "It also creates the obligation to report data breaches.”
Under the Regulation, database owners will have to comply with different levels of information security requirements depending the category they fall into. This is determined by the contents of their database and the number of persons with access to it. Database owners in control of mid and high level databases will have to comply with a higher standard of technical security and the new data breach reporting obligation.