Following the first anniversary of the new Israeli Protection of Privacy Regulations (Data Security), the Israeli privacy regulator – the Protection of Privacy Authority – published a report summarizing its enforcement activities relating to data breaches. According to the report, the regulator carried out 146 instances of administrative enforcement action against organizations in relation to data breaches classified as ‘severe’. However, the regulator was only notified about 103 of those breaches. The remaining 43 breaches were investigated after the regulator either received complaints about them, or proactively discovered them.
The main industry sectors in which the data breaches occurred were insurance and finance (23% of data breaches), information technology companies (10%), telecommunications and education (8% each), and the Internet sector (7%). The most common causes of data breaches were SQL Injections (15%), unauthorized use of access credentials (7%) and accidental disclosure of information (8%).
The regulator also decided that following the first anniversary of the data security regulations, the transition period during which it took a more relaxed enforcement approach should end, as it starts full scale enforcement of the regulations.
CLICK HERE to read the regulator’s statement (in Hebrew).
This article was published in the Internet, Cyber and Copyright Group’s July 2019 Newsletter.