|OVERVIEW||On January 5, 2010, the European Union’s Article 29 Working Party published an opinion dated December 1, 2009, finding that Israeli data protection law largely provides an "adequate level of data protection" under the European Union Data Protection Directive 95/46. A copy of the opinion is available here.|
|GENERAL PRIVACY LAWS||Section 7 of the Basic Law: Human Dignity and Liberty guarantees privacy rights.|
|PERSONAL DATA PROTECTION LAWS AND REGULATIONS||
Section 17 of the Law specifies that the owner, possessor and manager of a database are "each individually responsible for the protection of the information in the data base". Section 17A mandates that the possessor of data bases of different owners must ensure that only persons "explicitly authorized therefore in a written agreement between him and the owner of the data base be allowed to access each data base".
Section 17B of the Law mandates that certain owners must "appoint suitable trained persons to be in charge of information security (hereinafter: security officer)". Those required to appoint a security officer include a person who holds five data bases that require registration; a public body; and banks, insurance companies and companies engaged in ranking or evaluating credit ratings. Section 17B(b) specifies that the security officer "shall be responsible for the security of information in data bases".
All holders of data banks containing more than 10,000 names or various confidential information must register with the Registrar of Databases and report their purpose, use, means of data collection, and data security measures implemented.
The Protection of Privacy Law prohibits the possession or use of a database unless it is properly registered. Additionally, no person may use a database for any purpose other than that purpose for which it was set up. Not all databases must be registered. According to the Protection of Privacy Law, the owner of a database must register if one of the following applies
|TYPE OF DATA PROTECTED||"Information" which is defined to include data on the personality, personal status, intimate affairs, state of health, economic position, vocational qualifications, opinions and beliefs of a person.|
|WORKPLACE PRIVACY LAWS||
An Israeli worker’s right to privacy in his or her email is not absolute. A Ruling by the Israeli Labor Tribunal held that such a right exists only where the employee had an “expectation of privacy.” The Tribunal said that courts should look at a number of factors to answer this question:
See the Tribunal’s ruling for additional factors that should be considered.
Privacy Protection (Transfer of Databases Abroad) Regulation of 17 June 2001
Data cannot be transferred to a third country that does not provide adequate protection for privacy of data.
|FINES AND SANCTIONS||
The Protection of Privacy Law provides for civil and criminal penalties for infringements of privacy.
A violation of privacy is a civil wrong pursuant to § 4 of the Privacy Protection Act.
Section 31A of the Protection of Privacy Act sets a list of offenses that can lead to a punishment of one year in prison. Section 31A provides that if a person does any of the following, he may be liable for imprisonment:
|OTHER PRIVACY LAWS AND REGULATIONS||
A bank’s obligation of secrecy extends not only to the details of the client’s account but also to all transactions related to the account and survives the death of the account holder.
Israel’s anti-spam law - Amendment 40 to the Communications Law (Telecommunications and Broadcasting) 5742-1982 – went into effect on December 1, 2008, banning advertising by email, fax, or telephone text messaging without the prior written consent of the recipient. Courts will have the right to order spammers to pay compensation of NIS 1,000, regardless of any damage caused, for each piece of spam sent, until they stop.
Consent must be in writing.