Article written by Haim Ravia and Dotan Hammer
The Israeli Privacy Protection Authority (PPA) published its biennial activity report for the years 2019-2020. The report explains that 2020 was a record-breaking year in terms of the scope of PPA’s activity, mainly due to the increase in the number of enforcement proceedings it initiated and the number of guidelines, recommendations, and policy documents it published.
The report indicates that the main reasons for initiating enforcement proceedings were information security incidents and the use of information for purposes exceeding the original purpose of processing. Over half of the companies against which enforcement steps were taken were ordered to correct deficiencies, and some were also declared to have violated the Protection of Privacy Law. The report states that most of the severe security incidents in the past two years have occurred in technology and internet and communication companies.
The PPA published selected examples of administrative and criminal enforcement proceedings it conducted. Among others, the PPA mentioned the Shirbit data breach incident in late 2020. Shirbit is an Israeli insurance company that sustained an attack by a hacker group that penetrated Shirbit’s computer network and stole hundreds of megabytes of personal information. The PPA launched an investigation to examine the possible harm to Shirbit’s consumers’ personal information and Shirbit’s actions following the discovery of the incident. In addition, the PPA ordered Shirbit to individually inform all of its consumers whose information may have been breached in the incident.
Click HERE to read the Privacy Protection Authority’s 2019-2020 Activity Report (in Hebrew).