Under the Protection of Privacy Law, 5741-1981, the term “Data” means any data relating to a natural person’s personality, personal status, intimate affairs, state of health, economic position, vocational qualifications, opinions, and beliefs.
“Sensitive Data” means any data pertaining to a natural person’s personality, intimate affairs, state of health, economic position, opinions and beliefs, and any additional information determined by the Ministry of Justice to be sensitive, leaving vocational qualifications and personal status (which constitute “Data”) out of the definition of Sensitive Data.
Section 8(a) of the Protection of Privacy Law, 5741-1981 establishes a registration obligation on owners of databases containing any volume of Sensitive Data records, while records on 10,000 individuals is the threshold for registering a database with non-sensitive Data (See: “Are there Registration Requirements?”).
Additionally, under the Protection of Privacy Regulations (Data Security) 5777-2017, databases with sensitive information, as described in the first schedule of these regulations, are subject to additional information security requirements as databases that need to meet the medium or high-security level (See: “What are Database Information Security Levels”).
