Which sites hold your information?
This tool will help you find out./MINE
This week (Sunday) a first conference of its kind was held on the subject of privacy protection and information security of the Privacy Protection Authority and the Directors' Union.
Attorney Gilad Samma, head of the Authority for the Protection of Privacy
warned at the conference about the collapse of businesses that do not comply with regulation and do not secure themselves against cyber attacks. He further added that the field of information security supervision should be raised to the level of the board of directors, who should show vigilance and awareness of information security regulations in the company. This follows an expected new directive from the Authority regarding the role of the board of directors in fulfilling corporate obligations in connection with information security regulations, a directive that is causing echoes and concerns among many directors in the Israeli economy.
In the draft directive, the Authority states that the board of directors is the appropriate body to ensure the existence of processes of supervision, control, compliance, and reporting on Carrying out the requirements of the regulations, and determining policy decisions regarding the use of personal information in the company and its management in material matters; among other things, through the direct involvement of the board of directors in carrying out some of the actions required according to the regulations, which are of a supervisory nature.
What do the directors say?
Directors and boards of directors who took part in the event, raised the concern that the new directive may impose executive duties on the board of directors, and therefore may not be applicable, while at the same time there is exposure to regulatory sanctions.
An incumbent director who asked to remain anonymous explains the problem: "The new directive obscures the responsibilities also defined in the Companies Law between the company's organs. On the one hand, it imposes responsibility on the board of directors, which is not defined in its responsibilities in the law, and on the other hand, it removes responsibility from the company's management."
According to her, "A request to the board of directors to approve a document that does not have a significant understanding of it, is ineffective, and dangerous for both the company and the approvers, compared to a request for approval of financial statements by the board of directors.
A structured procedure that requires directors with financial expertise, a pre-approval balance sheet committee, and especially the approval of an auditor that the reports are presented in accordance with the rules, and of course checked/reviewed by him.
Without a similar mechanism, it is not clear how a board of directors can approve a document that does not have a professional understanding of its details."
Yifat Godiner, Vice President of Information Systems at OPC Energy
, and Director of Klalit Health Services adds: "The fine line between the board's responsibility for protecting privacy in the organization and its ability to approve and monitor technical documents such as information security procedures, risk surveys, and penetration tests, creates a reality for the board There are currently no professional tools to do this.
It is not only a matter of strategic understanding but also of technological knowledge and expertise.
I thank the Authority for the Protection of Privacy for listening to the directors regarding the adaptation of the law to the digital age, this is a crucial step for the success of the process.
In order to ensure that a board of directors will act efficiently and responsibly, it is essential in my view to promote the appointment of board members who are experts in the technological, digital and cyber worlds, who will bring the technological point of view required for making informed decisions."
More in Walla!
The breakthroughs, the treatments and what does the future hold?
Everything you need to know about diabetes
In collaboration with Sanofi
Yuval Segev/Oded Karni
The Chairman of the Cyber Forum at the Union of Directors, Yuval Segev,
emphasized the importance of "knowing how to ask the hard questions", and not accepting the words of the directive as a mere duty of obedience. The two significant information leak events that took place last February in Israel are privacy attacks, which could have been easily avoided if they had been The right questions are being asked. Yuval also pointed out that if the regulation is indeed passed, the association of directors will organize as soon as possible and make available to the members professional training that will provide them with practical tools to implement the new requirements.
Hadar Tsofeif HaCohen./Roytal Pinyan
The Director General of the Union of Directors, Ms. Hadar Tzupiof HaCohen,
expressed concerns about the interpretation of the Companies Law proposed in the document and the possible damage to corporate governance as long as the draft is approved without the relevant changes. of directors and board of directors both when formulating legislation or new guidelines and in streamlining proposals from the field to promote a transparent, reliable and safe market.
More on the same topic:
privacy
Board of Directors
Data Security