Do I Need to Appoint a Privacy Protection Officer?

Under the Protection of Privacy Law, 5741-1981, certain entities need to appoint a privacy protection officer. Such as:

  • Database controllers whose primary function is to collect personal data for the purpose of transferring it to another party in the course of their professional activities or for consideration, including direct mailing services (i.e., data brokers), and the database contains personal data about more than 10,000 individuals;
  • Database controllers or database holders whose main activities include data processing operations or involve such operations, which, given their nature, scope, or purpose, require continuous and systematic monitoring of individuals, need to appoint a privacy protection officer.
  • Database controller or a database holder whose main occupation includes processing data of special sensitivity on a significant scale, such as:
    •  A banking corporation as defined in the Banking Law (Service to Customer),5741-1981.
    • An insurer as defined in the Supervision of Financial Services Law (Insurance), 5741-1981.
    • A general hospital as defined in the Public Health Ordinance, 1940.
    • A health service provider (Kupat Holim) as defined in the National Health Insurance Law, 5754-1994.

The privacy protection officer is responsible for privacy compliance within the organization (see: “What are the Roles of the Privacy Protection Officer?”)

Please note: The information provided in this content is for informational purposes only and does not constitute legal advice. It is not intended to create an attorney-client relationship. If you have any questions, please contact us at: [email protected]