![Default Article Featured Image_laptop-newspaper-global-article-090623[95].jpg](https://images.contentstack.io/v3/assets/bltd4dd5b2d705252bc/blt61f52659e86e1227/64ff207a8606a815d1c86182/laptop-newspaper-global-article-090623[95].jpg?width=3840&quality=75&format=pjpg&auto=webp)
The Israeli Law Information and Technology Authority (ILITA) has published a consultation draft guide on protecting personal information in workplace environments.
The purpose of the proposed guide is to reflect ILITA's view of the principles applicable to the right of privacy in personal information that employers store and process and recommend adequate practices to implement these principles.
The guide is not obligatory. However, it reflects ILITA's interpretation of the law. Once formally released, the guide will serve as a basis for ILITA's enforcement activities in workplace environments.
Six main practices are particularly recommended under the proposed guide: review the data collected by the employer throughout the employment term and the purposes of data collection; identify and map the stored data, the data's use and manage access to the data; maintain adequate information security rules, procedures and mechanisms; provide appropriate guidance to relevant personnel; maintain close supervision on outsourcing services, and set an explicit and clear policy that covers the permitted use of the computer systems by employees and the employer's ability to monitor such use.
The guide is comprised of three chapters. The first introduces the general principles for collecting and processing personal information. Among these rules are the need to receive the employee's informative and freely given consent to the processing of the employee's information, to process the data for merited purposes and to the extent no greater than required, to provide adequate transparency of the employer's privacy practices, to avoid processing data otherwise than for the purpose for which the data was collected, to maintain confidentiality and security of the data, to allow employees access and the right to amend their personal information and to monitor outsourcing services through adequate contractual requirements and audits.
The second chapter provides a deeper look into the practices of data management and divides the data lifecycle to three phases. It begins with the proper procedures for managing the personal information of job applicants, including job interviews, information that the employer cannot request—such as genetic data, military profile, religion, sexual orientation, etc., and the employer's relations with job placement services.
The next phase is the management of the employee's file. This section covers ongoing data collection about the employees, the principles for maintaining an employee database, information security practices and the required data-mapping process.
The last data cycle phase discusses proper data retention practices.
The third chapter of the guide provides ILITA's insights about the regulation of monitoring technology. ILITA relies, in that regard, on an opinion delivered last year by the National Labor Court that laid down a comprehensive set of rules on employers' rights to monitor their employees. According to the opinion, every employer must form an adequate policy that covers the boundaries of permitted use of the employer's computer systems—including e-mail, applications and telephone usage, provide a clear understanding about the employer's monitoring practices and receive the employees' consent to the policy.
ILITA requests the public to comment on the proposed guide until June 17. Israeli employers and international corporations that operate in Israel should review the proposed guide and assess the impacts of its provisions on their privacy practices. While some of the provisions are already implemented by many employers, others will need to allocate additional attention and resources to meet the guide's requirements.
A
, in Hebrew, is available on ILITA's website
.
