written security

Background

In May 2018, the “Privacy Protection Regulations (Information Security) – 2017” which were passed by the Israeli parliament in March 2017, went into effect, replacing the antiquated regulations dated in back 1986. These regulations, initiated and supervised by the Privacy Protection Authority, set out the manner in which the information security requirement of the Israeli Privacy Protection Law are to be implemented by all parties who maintain or process databases containing personal information.

Upon the going into effect of the regulations in May 2018, the level of implementing personal data security in Israel took a huge leap forward. These requirements apply to all of the owners, managers and maintainers of databases in Israel, including organizations, companies and public entities.

Our firm is a leader provider of services to various organizations who are in need of assistance in examining their compliance with the Israeli, European and American privacy protection regulations. These organizations span many fields of activity, from education, medicine, human resources and a variety of public companies. We developed the necessary expertise and we possess the knowhow required to assist organizations in contending with the challenges presented as a result of the implementation of the regulations in Israel and abroad.

Privacy Protection Regulations – the Israeli Regulations

These regulations address the issues of physical and logical protection of databases which are relevant to the vast majority of organizations in Israel. The Israeli regulations will apply to all business owners in Israel who possess databases as the term is defined in the Privacy Protection Law. The regulations divide the databases into 4 required levels of information security, based on the sensitivity of the material, the number of users with access to the database and the size of the population, the details of which are stored in the database.

The Regulations contain provisions for the realization of the obligations and liability of the organizations in the area of information security regarding the personal details of customers, vendors and employees. The goal of these regulations in to set out information security principles that will protect against misuse by third parties as well as misuse by employees of the organization. The regulations are modular and they set out obligations that increase in severity as the information processing activity of the organization becomes more significant, as the information becomes more sensitive and as more and more people in the organization are exposed to the information.

GDPR – the European Standard

Concurrently, in May 2018, the General Data Protection Regulation (GDPR) of the European Union also went into effect.

The European Regulations address the issues of collection, saving and transfer of personal data of private individuals and set out uniform rules for the protection of privacy. The regulation applies to any organization which comes into contact with personal data of citizens of the EU., and defines the fundamental rights of the European residents with regard to their personal data and the protection of such data. According to the regulation, the data collected by the organization belongs solely to the subject of the data and the company has to relate to such data accordingly when it uses it. Non-compliance may result in significant penalties.

For additional reading on this issue, click on the following link: GDPR [ 1015 kb ]

CCPA– the American Standard

U.S. Household Protection Standards that apply to companies that execute transactions in California, the California Consumer Privacy Act (CCPA), are stricter than the GDPR in that while the GDPR protects the data of the private individual, the CCPA expands such protection to the entire household.

The following criteria apply to the CCPA regulations:

  • The company has an annual revenue turnover of more than $24 million
  • The company holds data of more than 50,000 customers / households or more than half of the company’s revenue turnover derives from sales of data of its customers / households.

A company breaching the regulations may be subject to penalties in the millions of dollars (between $100-$175 per individual customer / household).

Our added value

Concurrently, in May 2018, the General Data Protection Regulation (GDPR) of the European Union also went into effect.

  • Service based on professionalism and the individual attention of the department’s senior staff
  • Performance of projects and work around the world, utilizing the services of local experts from member firms of the international Grant Thornton network (of which we are the local Israeli member firm).
Partner Head of IT audit and Advisory Department

Hanan Twizer, CPA

Contact us