Security breach notification bill proposed in the Knesset

A bill recently brought before the Knesset (the Israeli Parliament), seeks to oblige owners and holders of databases, to notify data subjects and the Database Registrar at the Israeli Ministry of Justice, if their database has been breached. According to the proposed amendment to the Protection of Privacy Law (see the proposed amendment bill, in Hebrew), the Database Registrar may impose monetary sanctions upon those that fail to issue a breach notification within a reasonable time.

The term “breach” is defined in the bill as a “penetration into a database, by someone who is not authorized to do so, in a manner that discloses data from the database to those that are not authorized to view it, or to the public at large.” The explanatory notes for the bill emphasize that the reason for the proposal stems from ”the miniature war between Israeli hackers and hackers from Arab countries. Both hackers penetrate online databases and numerous credit card details belonging to Israelis have been exposed as a result of these clashes.” An identical bill was proposed in February 2012 (during the 18th Knesset), by Knesset Member Uri Ariel and a group of other Knesset Members.