Just before the beginning of the new year, we held a fascinating conference with the participation of the Commissioner of the Privacy Protection Authority , in cooperation with IDU Israel Directors Union’ , to discuss Amendment 13 to the Privacy Protection Law and the PPA’s new Directive on the duties of the Board of Directors regarding Data Security regulations.
I addressed two key issues:
Regarding Amendment 13, organizations should consider a series of steps to ensure compliance to the requirements of privacy laws, including: examining the need to appoint DPO and Information Security officer in correlation with the law; updating notifications to data subjects; updating their privacy policy; establishing appropriate organizational procedures; adopting an internal compliance plan, and more.
As for the new directive regarding the Responsibilities of the Board of Directors in connection with Data Security regulations, following the public comments and the dialogue we and the IDU have conducted with the PPA, certain changes were made by the PPA to the original draft. However, in my view, the directive is still a significant legal development, as it specifically demands the board of directors’ involvement in meeting concrete regulatory requirements. It may also lead to further legal exposure of the organization and the board of directors, both in terms of privacy law and corporate law.
This conference concludes a dynamic year here in fields of policy & regulation relating to privacy, data security and artificial intelligence. This includes Amendment 13, the National Strategy on AI, the Medical Data Portability Law, the Directive on the Responsibility of the Board of Directors abovementioned and more. In an era of uncertainties, perhaps the certain thing in these fields for the private sector is that the coming year will bring with it more developments, challenges and engagement.
Read the full article in Globes (English)