A first legislative step in the fight against cyber threats: New data security regulations

The new regulations strive to remove the vagueness regarding data security in the current laws and regulations, which are simply not compatible with current technological advancements.

By
February 22, 2017 21:06
3 minute read.
Hacker in a hood

Hacker in a hood. (photo credit: INGIMAGE)

 
X

Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analyses from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user uxperience almost completely free of ads
  • Access to our Premium Section and our monthly magazine to learn Hebrew, Ivrit
  • Content from the award-winning Jerusalem Repor
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief

UPGRADE YOUR JPOST EXPERIENCE FOR 5$ PER MONTH Show me later Don't show it again

The Israel Law, Information and Technology Authority (ILITA) within the Justice Ministry, trusted with implementing and enforcing privacy protection laws and the security of personal information in Israel, has formulated new data security regulations. The new regulations are to be debated and approved in the Knesset, based on an agreement between ILITA and the Justice Ministry’s counseling and legislation department.

A draft of the regulations was published by ILITA in February 2010.

Be the first to know - Join our Facebook page.


Since then, ILITA has presented the draft in various professional conferences and seminars. After receiving extra input and commentary from the public, agents in the business and from professional circles, and after implementing the lessons learned from data security events associated with the notorious “Saudi hacker” security breach in 2012, ILITA published a second, updated draft in June 2012.

Approval of these regulations will mark a first and important step by ILITA toward regulating the obligations of organizations in Israel that manage or retain personal data, and in the fight against possible cyber threats, while maintaining the principal goal of reducing the threat of the misuse of data stored by these organizations, thus minimizing the threat of a data security breach and maximizing data protection abilities.

The new regulations strive to remove the vagueness regarding data security in the current laws and regulations, which are simply not compatible with current technological advancements. A primary innovation of the regulations is the obligation of organizations whose databases of personal information might have been exposed to report to ILITA any serious cyber-attack.

Furthermore, the regulations compel database owners to notify the data objects regarding breach events.

On top of that, the new regulations aspire to prepare organizational procedures for dealing with various data security events, and also to clarify organizations’ duties and the individual responsibilities of the various authorized personnel within the organizations that have access to sensitive data.



On one hand, the purpose of the regulations is to protect the organizations themselves from possible criminal, civil or administrative ramifications of data privacy breaches, and on the other to create a uniform market, based on global data protection standards and especially the stringent European standard, to assist all parties in cooperating on and dealing with mutual security threats such as the aforementioned “Saudi hacker” case.

The draft regulations include a long list of actions organizations must take to regularize internal data security. For example, organizations must make their head of data security a direct subordinate of a senior organization official. In addition, every database will be required to include an internal “road map” document containing a general description of the types of data within it, the data collection activity it acquires, the types of usage of the data, any transfer of the data out of the country, etc. Risk surveys must be regularly conducted, procedures established regarding compartmentalization and monitoring of data usage and access, and much more.

Finally, the draft imposes on a duty on database owners to annually reevaluate the organization’s protocols and procedures and update them if necessary, for example if there has been substantial alteration to the database’s systems or to the process of data processing, or if new technological threats have arisen might be relevant to the database’s systems.

While these welcome and necessary changes have not yet been officially approved by legislators, they reflect the current position of ILITA, based on existing laws and regulations, in the effort to enforce the legal directives within the organizations and bodies that manage Israelis’ data.

The author is the head of Dan Hay & Co. Legal Offices, which specializes in privacy, databases and cyber law.


(http://www.danhay.co.il)

Related Content

OVERVIEW OF the Human Rights Council at the UNHRC
July 22, 2018
EU member states should follow the US and leave the UNHRC

By TOMAS ZDECHOVSKY