The Knesset Law and Constitutional Committee has approved measures that will require companies and groups that collect data on Israelis to protect the information from hackers. The new rules, which supply specific criteria to organizations on the types of security needed, will apply equally to government and private sector organizations.
The measures are based on research done by the Justice Ministry, and recently completed at the behest of Justice Minister Ayelet Shaked. Under the measures, organizations will determine whether the data they hold is of low, medium, or high sensitivity for privacy; for example, medical information will be considered as part of the latter category, while membership in a store club might be listed in the former categories.
Each level of sensitivity will require more severe cyber-security strictures and standards. Organizations will have to apply specific approved solutions that meet standards described in the measures. Failure to do so could leave them subject to civil or criminal actions in the event of a security breach. Organizations will also be required to hire a security officer (an existing member of the team may take this role on) who will report directly to top management, and whose job will be to familiarize him or herself with security solutions, and act as the point person with legal authorities if there is a security breach. Penalties for failing to comply with the rules that could have prevented a breach have yet to be worked out.
“Approval of these measures is a significant step forward in protection of information and defense of privacy,” said Shaked. “In an era when cyber-attacks are increasing and in light of the increased collection of data by organizations, as well as the invasion of privacy we are witnessing around the world, these measures become extremely important.”