By Dan Or-Hof, CIPP
Data breaches in government agencies
The State Comptroller and Ombudsman released an extensive report on the adequacy of privacy protection and information security in databases held and managed by the Ministry of Interior Affairs and the National Social Security Agency.
The report reveals considerable flaws in the handling of highly sensitive information stored in these databases. Among the findings: absence of information security supervisors required under Israeli law; absence of necessary procedures and logs of use; unlawful distribution of records over the public Internet; and harmful outsourcing procedures.
The National Social Security Agency's head of information security informed the State Comptroller that the agency's activities include severe breaches of privacy. However, the report did not prevent the agency from offering a new bill that would allow them to receive sensitive information from private companies, such as insurance companies and banks, as well as other governmental agencies, such as the State Tax Agency.
During an IAPP KnowledgeNet meeting in Tel Aviv, Mr. Yoram Hacohen, head of ILITA (the Israeli Law Information and Technology Agency) described the Ombudsman’s findings as an issue that should be addressed, and said that an investigation is underway.
Read more about the Tel Aviv KnowledgeNet event on page 19.
Dan Or-Hof is a senior counsel at Pearl Cohen Zedek and Latzer LLP, with specific expertise in data protection and privacy law. He may be reached at firstname.lastname@example.org.