SecurePrivacy Logo

Israeli Protection of Privacy Law

View Law Text
Maximum Fine
ILS 3.2M
Scope
National
Regulator
PPA
Enacted
1981

Need Help with Israeli Protection of Privacy Law Compliance?

Get expert guidance on implementing Israel's privacy requirements and ensuring ongoing compliance for your organization.

Get Expert Help

Overview

The Protection of Privacy Law establishes comprehensive requirements for privacy protection and personal data processing in Israel, enforced by the Privacy Protection Authority.

Key Facts

  • Originally enacted in 1981, with significant amendments
  • Enforced by Privacy Protection Authority
  • Requires registration of databases

Key Principles

Privacy Rights Protection

Fundamental right to privacy and protection of personal information.

Requirements

  • Respect individual privacy
  • Obtain informed consent
  • Protect sensitive data
  • Enable rights exercise
  • Document compliance

Examples

  • Privacy policies
  • Consent mechanisms
  • Rights procedures
  • Documentation systems

Database Management

Requirements for managing databases containing personal information.

Requirements

  • Register databases
  • Implement security measures
  • Control access rights
  • Regular audits
  • Update procedures

Examples

  • Registration records
  • Security controls
  • Access logs
  • Audit reports

Direct Marketing Controls

Specific requirements for using personal data in direct marketing.

Requirements

  • Obtain explicit consent
  • Provide opt-out mechanism
  • Maintain marketing lists
  • Document procedures
  • Regular reviews

Examples

  • Marketing consent forms
  • Opt-out systems
  • List management
  • Procedure documentation

Compliance Requirements

Database Registration

Organizations must register databases containing personal data with ILITA.

Implementation Steps

  • Identify registrable databases
  • Complete registration forms
  • Submit to ILITA
  • Maintain registration
  • Update when changes occur

Required Documentation

  • Database inventory
  • Registration certificates
  • Processing records
  • Update history
  • Change notifications

Security Requirements

Implementation of appropriate security measures based on database classification.

Implementation Steps

  • Classify database security level
  • Implement required controls
  • Document security measures
  • Regular security audits
  • Incident response planning

Required Documentation

  • Security policies
  • Classification records
  • Audit reports
  • Incident procedures
  • Review logs

International Transfer Requirements

Requirements for transferring personal data outside Israel.

Implementation Steps

  • Assess recipient country adequacy
  • Implement transfer safeguards
  • Obtain necessary approvals
  • Document transfers
  • Monitor compliance

Required Documentation

  • Transfer assessments
  • Safeguard documentation
  • Approval records
  • Transfer logs
  • Monitoring reports

Enforcement & Penalties

Administrative Penalties

The Privacy Protection Authority (PPA) can impose administrative penalties for violations.

Penalty Categories

Severe Violations
Up to ILS 3.2M
For serious breaches of privacy requirements
Database Violations
Up to ILS 2M
For unauthorized database operations
Registration Failures
Up to ILS 500,000
For failure to register databases

Example Cases

Healthcare Provider
ILS 2.5M
2023 - Unauthorized access to medical records
Technology Company
ILS 1.8M
2022 - Failure to implement adequate security measures

Criminal Penalties

Serious violations may result in criminal prosecution.

Penalty Categories

Intentional Violations
Up to 5 years imprisonment
For deliberate privacy violations
Corporate Liability
Double penalties
Enhanced penalties for corporate violations
Individual Liability
Up to ILS 1M
Personal liability for officers

Example Cases

Database Misuse
Criminal Charges
2023 - Intentional misuse of sensitive personal data
Privacy Breach
ILS 900,000
2022 - Systematic violation of privacy rights