The Israeli Law Information and Technology Authority (ILITA) has published a consultation draft guide on protecting personal information in workplace environments.
The purpose of the proposed guide is to reflect ILITA's view of the principles applicable to the right of privacy in personal information that employers store and process, and recommend adequate practices to implement these principles.
The guide is not obligatory. However it reflects ILITA's interpretation of the law. Once formally released, the guide will serve as a basis for ILITA's enforcement activities in workplace environments.
Six main practices are particularly recommended under the proposed guide: (1) review the data collected by the employer throughout the employment term and the purposes of data collection; (2) identify and map the stored data, the data's use and manage access to the data; (3) maintain adequate information security rules, procedures and mechanisms; (4) provide appropriate guidance to relevant personnel; (5) maintain close supervision on outsourcing services; and, (6) Set an explicit and clear policy that covers the permitted use of the computer systems by employees, and the employer's ability to monitor such use.
The guide is comprised of three chapters. The first introduces the general principles for collecting and processing personal information. Among these rules are the need to receive the employee's informative and freely given consent to the processing of the employee's information, to process the data for merited purposes and to the extent no grater than required, to provide adequate transparency of the employer's privacy practices, to avoid processing data otherwise than for the purpose for which the data was collected, to maintain confidentiality and security of the data, to allow employees access and right to amend their personal information and to monitor outsourcing services through adequate contractual requirements and audits.
The Second chapter provides a deeper look into the practices of data management and divides the data life cycle to three phases. It begins with the proper procedures for managing the personal information of job applicants, including job interviews, information that the employer cannot request (such as genetic data, military profile, religion, sexual orientation, etc.) and the employer's relations with job placement services.
The next phase is the management of the employee's file. This section covers on-going data collection about the employees, the principles for maintaining an employees' database, information security practices, and the required data mapping process.
The last data-cycle phase discusses proper data retention practices.
The third chapter of the guide provides ILITA's insights about the regulation of monitoring technology. ILITA relies in that regard on an opinion delivered last year by the National Labor Court opinion that laid down a comprehensive set of rules on employers' right to monitor their employees. According to the opinion, every employer must form an adequate policy that covers the boundaries of permitted use of the employer's computer systems (including e-mail, applications and telephone usage), provide a clear understanding about the employer's monitoring practices and receive the employees' consent to the policy.
ILITA requests the public to comment on the proposed guide until June 17 this year.
Israeli employers and International corporations who operate in Israel should review the proposed guide and assess the impacts of its provisions on their privacy practices. While some of the provisions are already implemented by many employers, others will need to allocate additional attention and resources to meet the guide's requirements.
A copy of the guide (in Hebrew) is available on ILITA's website.
For further details contact Dan Or-Hof, CIPP, at Pearl Cohen Zedek Latzer.
A copy of the guide (in Hebrew) is available on ILITA's website.
For further details contact Dan Or-Hof, CIPP, at Pearl Cohen Zedek Latzer.