Last month, after 10 years as the Israeli Law, Information and Technology Authority (ILITA), Israel’s data protection authority announced it would rebrand itself as the Privacy Protection Authority. Responsible for regulating and enforcing Israel’s Privacy Protection Act 1981, as well as the new Privacy Protection Regulations (Data Security), 5777-2017, which will come into force May 8, 2018, the authority’s renewed focus on privacy protection signifies the ever-greater weight of personal data and privacy protection in a world of AI, IoT, smart communities and homes, and big data research. The developments in Israel are notable: It remains one of the few countries the European Union recognized as “adequate,” even as the adequacy negotiations between the European Commission and the massive economies of Japan and Korea switch gears.
The Privacy Advisor contacted Alon Bachar, head of the Privacy Protection Authority, to find out a bit more about the name change, what it means for the authority and what weight it will carry for the future of data protection in Israel.
When asked why the change, Bachar said the new name was a response "to advance and improve our capabilities, in coping with future challenges to data protection, and in order to strengthen and enable us to fulfill our tasks, in an environment that is exposed to far-reaching and ongoing developments in the digital space ... We felt we need to re-asses ourselves and adapt to the developments."
For the authority, the new name represents more an evolution than a change in direction. “This is a product of deep strategic analysis and change the authority has undergone in the past two years,” said Bachar, who, as head of ILITA, was charged with enforcing not only Israel’s privacy law but also e-signatures and credit reporting regulations.
Now poised to take a more focused look towards the future, Bachar told The Privacy Advisor, “We have reorganized our structure, established new departments and activities and re-prioritized our goals. We will continue to conduct enforcement and publish guidelines. But we will engage with data controllers and the public in other ways that aim to enhance policy delivery and raise awareness in a meaningful and effective way." He added, “We will also keep track of innovation and develop appropriate regulation tools.”
How? While the scope of regulation and enforcement will remain broad, key updates and additions will afford the authority greater reach in both the public and private sectors.
Updates include a new audit unit to accompany the authority's investigatory powers, upgrading its forensics lab to be "top of the line" and a greater focus on producing guidelines and regulation.
“We realized that known standards and guidelines will assist organizations to increase data protection and avoid infringements and unnecessary enforcement actions.”
Of the new audit unit, Bachar said it "will enable us to reach out to a wide range of sectors and organizations, to receive information, examine practices and their compliance with the law. The findings will enable us to instruct organizations and guide them with regards to data protection, and this is a meaningful tool to engage in a dialog with organizations that will function mainly by outsourcing personnel managed by our team.”
Bachar expects the authority to reach 50 employees by 2018 and is currently recruiting several data security specialists to help in the implementation process, and especially to help with inspections after the implementation in May.
“We have received great support from the Israeli Ministry of Justice and the government, which increased our resources during this strategic change we have undergone,” he said.
Organizational changes include the development of new departments, namely the Department of Strategic Alliances and the Department for Innovation and Policy Development.
The Department for Strategic Alliances, Bachar said, will help to establish privacy protection awareness through its engagement with “players in the digital economy, to create and promote a meaningful public debate on privacy, and engage the public, in order to establish privacy protection awareness and actions.” The department also hosts a forum for privacy awareness and training in the Israeli public sector, which meets four times a year and provides monthly updates to its membership.
As for the Department of Innovation and Policy Development, Bachar said it is "tasked with the mission of identifying innovative trends in the field of technology, business and social privacy, conducting research and initiating innovative regulatory solutions to data protection in the sophisticated and dynamic digital economy."
The focus on the future of data protection and privacy is clear, making 2018 an active year as the freshly organized authority takes on implementing policy and collaborating across sectors, "In the coming year we will conduct a national Privacy conference, accompanied by a media campaign. Host round tables with the private sector and training days on the new security regulations and more."
Bachar added, "We are happy to experience a growth in awareness and expect this direction to continue and increase."
If you want to comment on this post, you need to login.