How much should I invest in protecting my clients’ or users’ data?
Should a fashion store that collects and creates a customer database for remarketing, invest as much as a startup company that handles and works with big data? And what about lawyers and national defense-related companies?
By: Idan Ben-Yacov, Adv.
The hackers that broke into the Israeli insurance company, “Shirbit”, will soon be forgotten, but Shirbit will likely be facing two-pronged litigation: criminal charges by the State authorities, and civil charges by customers whose privacy was infringed.
This year alone, more than 200 digital ransom events were reported in Israel, and this is probably just the tip of the iceberg. The more digitized the world becomes, the bigger this number will grow. But with limited resources, how much should businesses and corporations invest in data security? Should a fashion store that collects and creates a customer database for remarketing, invest as much as a startup company that handles and works with big data? And what about lawyers and national defense-related companies?
Israel’s Privacy Protection Law (Data Security) provides answers to some of these questions, and defines three levels of security, according to the sensitivity of information in our charge. For example, privileged information (such as the information disclosed to doctors or lawyers) is not classified the same as data collected by an online bookstore. The law grants companies certain defenses if they indeed comply with all the requirements. It is therefore important to comply and not just “hope for the best”.
Privacy requirements are often overlooked. As the Director of Enforcement at the Privacy Protection Authority, Ely Claderon, said, perhaps this is related to the relatively limited enforcement powers that this Authority currently has. But bear in mind, in case of companies that do business internationally, there are additional elements that must be factored in.
GDPR Fines
Europe, for example, takes the privacy protection of both its residents and its citizens very seriously. Various companies, including multinationals that are not even based on Europe, have already been heavily fined for violation of General Data Protection Regulation (GDPR) of the European Union.
Since 2018, more than 220,000,000 Euros in penalties have been imposed for violation of the GDPR. Some will say that even that is not enough. According to a report issued by DLA Piper law firm, more than 160,000 GDPR violations have been reported across the European Union since the GDPR entered into effect in May 2018.
A comparison between the Euro amount of penalties and their breakdown on the one hand, with the number of violations, indicates that this does not reflect the actual scope of violations (more than 160,000 GDPR reported violations) . Spain has the highest number of violations in the EU, with only 144 violations. It is followed by Romania (41), Hungary (32), Italy (31) and Germany (27).
Indeed, Europe takes this matter seriously, and so do private companies that operate within the EU. According to recent public reports, WhatsApp Ireland has set aside 91.8 million USD for possible GDPR fines arising from regulatory compliance matters presently under investigation. Bear in mind, not only large multinational companies that have a base of operation in the EU needs to take precautionary measures, but also Israeli companies that merely operate within the EU or with EU residents and/or citizens. Close legal escort is a MUST for any start-up that holds / handles such data / information about these individuals or with this EU borders.
And if you maintain information about US citizens / residents , things get even more complex and complicated.
The conclusion is clear: These days, good legal service must also include extensive knowledge, expertise and experience in Data and information security, and must factor it in when doing (almost) any action. Neglecting or compromising in privacy / data protection matters could result in dire consequences, take Shirbit for example…
Adv. Idan Ben-Yacov, of “Ben-Yacov Law Firm”, specializes in real estate, local and foreign investments, privacy protection, private wealth management, ongoing corporate advice,- including startup & mature companies and more.