The Israeli Privacy Protection Authority (the Israeli privacy regulator) has announced a new enforcement unit focused on “broad supervision”. The new unit was recently launched within the criminal and administrative enforcement branches of the Privacy Protection Authority. The new unit is entrusted with conducting broad sectoral and subject-based investigations in order to examine compliance with the Israeli privacy law and the recent data security regulations.
According to the Authority’s press release, the unit is expected to conduct audits of about 150 organizations by the end of 2018. These audits will focus on organizations that manage large amounts of sensitive personal information, such as consumer membership clubs, medical institutions, entities that provide platforms for managing information about minors, institutions of higher education, the hospitality industry, platforms that use personal information in connection with elections and companies that provide data processing and storage services.
The new enforcement unit aims to detect violations of the Israeli Protection of Privacy Law, increase awareness to the provisions of the law, identify industry failures requiring intervention and particularized oversight and obtain a sectoral understanding of compliance with the provisions of the law.
As part of these broad oversights, organizations will be required to respond to audit questionnaires and to provide various data that will help to assess their compliance with the provisions of the law and the regulations. The issues examined will include, for example, the manner in which organizations obtain consent for the use, retention, and processing of personal information. Once the questionnaires are processed, the Privacy Protection Authority will determine which organizations ought to be subject to a particularized audit.
The press release (in Hebrew) is available here.