The Protection of Privacy Law, 5741-1981 states that under certain circumstances, database owners or holders should appoint a person with the appropriate qualifications to be in charge of the information security of such a database. These circumstances include, for example, an entity that owns or holds more than five databases.
The information security officer’s roles are further described under the Protection of Privacy Regulations (Data Security) 5777-2017. These roles are distinctively different than the roles of a data protection officer (See: “Do You Need to Appoint a Data Protection Officer (DPO)?”).
