Let my people know!

Survey: 92% of data breach cases can be prevented by simple intermediate controls.

By DAVID MIRCHIN, ANTHONY HERMAN
January 11, 2012 22:29
2 minute read.
Credit card

Credit card 311. (photo credit: Brand X Pictures)

 
X

Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analyses from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief

UPGRADE YOUR JPOST EXPERIENCE FOR 5$ PER MONTH Show me later

The recent disclosure of Israeli credit card details by a group of hackers is an opportune time to examine whether Israel should introduce data breach notification laws.

Such laws would require organizations to notify customers if their personal information is stolen or lost. This is important for two reasons. First, customers would be alerted about any theft or loss of their personal information and would then be able to take steps to protect themselves.

Be the first to know - Join our Facebook page.


Second, notification laws would motivate companies to improve security measures to protect personal information they have collected from their customers because a failure to do so could result in a public relations nightmare and notification costs. As the old saying goes, “an ounce of prevention is worth a pound of cure.”

Similar laws already exist in other countries. California got the ball rolling in the United States 10 years ago when it enacted legislation requiring notice of security breaches. Most US states have followed that lead and now require organizations to notify the customers involved if they have been the subject of a data breach. Some states impose civil and even criminal penalties for a failure to properly notify.

The European Union is moving in a similar direction. The E-Privacy Directive already requires EU member states to introduce mandatory data breach notification obligations in connection with the telecommunications sector. Certain countries, such as Germany, have gone further and impose a more general obligation to issue notifications in cases of data breaches. Interestingly, the European Commission is currently proposing to fine organizations up to five percent of their annual turnover if they breach privacy regulations, which would be a meaningful incentive for companies to become even more serious about data protection.

Some organizations may argue that the cost for implementing security measures is too high. However, one survey shows that in 92% of data breach cases, simple intermediate controls could have detected and prevented the breach. There are now security experts who are saying that a standard and relatively inexpensive step like encryption could have foiled the Saudi perpetrators.

The cost for protecting customer data is not likely to be prohibitive and, in any event, should be less than the damaging effects of a data breach for an organization which may result in negative publicity and a loss of customer confidence.

JPOST VIDEOS THAT MIGHT INTEREST YOU:


Albert Einstein said that “in the middle of difficult lies opportunity.” While the Saudi hacker scheme is an unpleasant affair, it does present an opportunity for a public debate, and hopefully some legislative follow-up, about the need for data breach notification laws in Israel. The ideas bandied about in recent days, including the creation of an anticyber terror task force or a Bank of Israel investigation, would be helpful.

Like a modern-day Moses, we need a leader to stand-up and say: “Let my people know!”

The writers are lawyers in the Technology and Privacy Group at Meitar Liquornik Geva & Leshem Brandwein.

Join Jerusalem Post Premium Plus now for just $5 and upgrade your experience with an ads-free website and exclusive content. Click here>>

Related Content

David Ben-Gurion
September 20, 2018
Center Field: Needed: Zionist salons in Hebrew, not just English

By GIL TROY