Report recommends additional data privacy protection

By ABE SELIG
Citing the wide-ranging abilities of computers to access personal and private information, the 2009 Comptroller's Report suggests that the protection of privacy should be more stringently upheld, and mentions the National Insurance Institute and the Population and Immigration Authority as two government bodies in need of privacy-protection reforms. "The information age has given rise to many ways of gathering information, sending it quickly from place to place, crosschecking it with other information, and sorting through it to deduce results," the section of the Comptroller's Report, entitled "Privacy Protection - Guarding Personal Information in Government Databases," states. "This information is found in the hands of many public and private bodies, and they are tasked with the duty of protecting it," the report continues. "But without organized security and fundamental inspection, there is a substantial concern that this information could be utilized negatively." The report adds that security failures in recent years have allowed leaks of personal information regarding citizens and entire population groups to get out - in complete violation of the Privacy Protection Law. That law, which was originally passed in 1982, states that, "All persons have the right to privacy and to intimacy" and defines "guarded information" as "data on the personality, personal status, intimate affairs, state of health, economic position, vocational qualifications, opinions and beliefs of a person." To address the situation, the report recommends various steps towards improving security for private information in government institutions. Within the Population and Immigration Authority, the report recommends the appointment of "information security managers" who would be tasked with overseeing the implementation - and if need be, performing the tasks necessary for the fulfillment of - the requirements of the Privacy Protection Law. The report has slightly stronger recommendations for the NII, among them activating and utilizing privacy protection measures that have been planned since 2007. It also recommends that the NII conduct a danger survey to specify privacy protection policies that may be problematic, and to arrange for the building of necessary organizations that would be responsible for information protection. Finally, the report recommends enhanced cooperation between security officers and the unit's manager for protection of private information at the NII, along with the strengthening of employee knowledge concerning their duties with regard to protecting information privacy.