Israel’s Privacy Protections and Data Security for Telecommuting due to Coronavirus Spread

Barnea Jaffa Lande & Co.
Contact

In light of the coronavirus pandemic and the constantly developing guidelines from the Ministry of Health, many companies are moving to telecommuting and working from home. This is a solution that supports business continuity even at this time of uncertainty. However, alongside the clear advantages, this form of employment also poses risks in terms of data security and privacy infringements.

Under the Privacy Protection Law and the Privacy Protection Regulations (Data Security), a company that holds a database containing personal information is required to operate in a manner that ensures protection of the data’s integrity and prevents unauthorized entry into the database, while setting internal routine protocols as well as protocols for data breach events. In doing so, the Regulations establish an active obligation to set security protocols according to the level of sensitivity of the information held, including in cases of remote access. The Regulations even encourage the prohibition or significant restriction of the use of removable media, such as external drives or flash drives, and even laptops. The reason for this requirement is the ease with which a data breach event may occur, even under simple circumstances of theft or loss.

While working out of the office allows a business relative control over compliance with the law and internal protocols as to the mode of operations and protection of documents, infrastructure that allows remote access may not only weaken the protection of computer systems, but also make supervising employees’ conduct more difficult.

On March 11, 2020, the National Cyber Security Authority published the Telecommuting Protection Recommendations for Businesses and Organizations. These recommendations primarily address security measures to reduce cyber risks, inter alia, steps relating to IT personnel in organizations. Pursuant to the recommendations, remote access must be carried out by means of a device familiar to IT personnel, be performed in a targeted and restricted manner suited to the needs of the company, and the information systems must be protected with adequate measures. The need for increased technological means, for instance settings that ensure disconnection of inactive connections to the system after an appropriate time, should be considered in order to reduce the elevated risk to the organization’s infrastructure.

In addition to the technical experts required to establish the necessary protections and protocols, an essential aspect of preparedness includes comprehensive training of employees on how to comply with security protocols. While telecommuting, we advise taking organization-wide steps, such as refreshing protocols for all employees on remote access, emphasizing rules like the prohibition on saving potentially sensitive data to personal and unsecure computers, sending warnings about email messages that may include malicious software, performing active shutdown of remote access upon the completion of work, insisting on the use of complex passwords and changing them often, using a preferred connection to known and secure Wi-Fi networks, etc.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Barnea Jaffa Lande & Co. | Attorney Advertising

Written by:

Barnea Jaffa Lande & Co.
Contact
more
less

Barnea Jaffa Lande & Co. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.