Israeli Privacy Regulator Publishes Draft Guidance on the Role of the Board of Directors in Data Security

The Israeli Privacy Protection Authority issued new draft guidance outlining specific obligations for corporations processing personal data, to ensure compliance with the Israeli Privacy Protection Law and associated regulations. This draft guidance primarily applies to corporations that engage in significant processing of personal information, or those posing a significant risk to privacy due to their organizational nature, the sensitivity of the data processed, or the scale of, and authorized access to such information.

Emphasizing the crucial role of the board of directors, the draft guidance requires that the board identify a responsible stakeholder within the company to ensure compliance with privacy regulations. The board is also tasked with the immediate notification of security incidents to the Privacy Protection Authority, oversights of the enforcement of the regulations, and decision-making on essential issues regarding the utilization and management of personal information within the corporation.

Click here to read the draft guidance of the Privacy Protection Authority on the role of the board of directors in fulfilling the corporation’s obligations according to the privacy protection (Data security) regulations (in Hebrew).