The Protection of Privacy Law, 5741-1981 provides that in certain situations, an information security officer should be appointed. For example, database controllers or holders must designate an individual with the appropriate qualifications to oversee the information security of the database. Such situations include, for instance, when a controller or holder manages five databases that are subject to notification or registration requirements under section 8A of the Protection of Privacy Law, 5741-1981 law.
The information security officer’s roles are further described under the Protection of Privacy Regulations (Data Security) 5777-2017. These roles are distinctively different from the roles of a data protection officer (See: “Do You Need to Appoint a Privacy Protection Officer?”).
Please note: The information provided in this content is for informational purposes only and does not constitute legal advice. It is not intended to create an attorney-client relationship. If you have any questions, please contact us at: [email protected]