OUTSOURCING LAW

Insights on Effective Outsourcing from Bierce & Kenerson, P.C.

Home About Us Selecting Your Attorney Sponsors Careers Register Survey Contact Us Store Contribute an Article
 

Subscribe to Our
Newsletter:
Please Enter your
E-mail:  

Text  HTML
AOL

Search Site:  



EVENTS
 Seminars & Conferences

OUTSOURCED MANAGED
SERVICES
 Call Centers
Service Level Management
Human Resources
Engineering
Debt/Tax Collection
Information Technology (IT)

WHITE PAPERS
Business Process Transformation:
Legal and Business Issues in Business Renewal and Sourcing Strategy

 COMMUNITIES
Customer's Environment
Service Provider's Environment
Consultant's Role
Lawyer's Role

BUSINESS TOPICS
 What is Outsourcing?
Why Should We Outsource?
When Not to Outsource
Definitions / Glossary
F.A.Q.S.
 Economics
Basic Principles
Getting Started (New Service Providers)
Getting Started (Enterprise Customers)
Types of Outsourced Processes
Decision-making Process
Life Cycles / Phases
Deal Structures
Pricing
Best Practices
Failed Deals
Advanced Strategies
Trends
Venture Capitalists and Outsourcing
Business and Legal Factors
 Unique Circumstances; Deal Timing
Viability

 LEGAL TOPICS
Risk Management
Battle of Forms
Intellectual Property
Privacy Law
Human Resources
Taxation
 Legislation
Compliance
Disputes
Litigation
Bankruptcy
International
Corporate Governance and Sarbanes-Oxley Act

 RESOURCES
 Humor in Outsourcing
Articles
Experts
Links
Newsletter
Case Studies
Press Room
SITE TOOLS
 Search
Translate
Contact Us

SITE RULES
 Privacy Policy
Terms of Access and Use
Client's Bill of Rights
Client's Confidential
Communications


Impact of Privacy Law in Israel

by Naomi Assia © 2004. All Rights Reserved.

Israel's privacy law requires foreign enterprise customers to adapt to the local law. Like the European Union data protection law, Israeli law protects privacy data regardless of the nationality of the data subject. In outsourcing, this is the essential element for conducting business offshore. For an Israeli service provider, protecting an enterprise's proprietary and volunteered data is the sine qua non for doing global business. Special rules apply to direct mail and telemarketing.

Privacy protection acts:
The right to privacy in Israel gained a constitutional status with the adoption of the Basic Law: Human Dignity and Freedom, (the “Basic Law”). Section 7(a) of the Basic Law provides that every person is entitled to privacy. 

The law that provides the principles and details regarding the protection of privacy in Israel is the Protection of Privacy Law – 1981 (the “Law”), which was enacted prior to the adoption of the Basic Law. The Law does not protect the privacy of corporations but only the privacy of individuals.

Section 1 of the Law prohibits any violation of the privacy of others without consent. Section 2 of the Law defines:

 “2(9): using, or passing on to another, information on a person’s private affairs, otherwise than for the purpose for which it was given”.

2(10): publishing or passing on anything that was obtained by the way of violation of privacy …”

as a "violation of privacy" if made without consent.

Databases:
In addition to the general right for privacy, Amendment no. 4 (Databases), enacted in 1996, adjusted chapter B of the Law to the new reality of the information market.

The amendment defines “database” in Section 7 of the Law as follows: "a collection of information that is held by magnetic or optical means and that is intended to be processed by a computer", excluding:

  • Collection for personal use, which is not for business purposes.

  • Collection which includes only names, addresses and connection possibilities, which, by itself, does not create a characterization which may violate the privacy of the individuals whose names are mentioned, and under the condition that the owner of the collection does not control any additional collection.

In addition, the Law defines "sensitive data" as: "(1) data regarding the personality of a person, privacy, health, financial situation, ideas and beliefs; data which was ordered to be regarded as sensitive data by an order of the Minister of Justice".

  The use of the data regarding individuals is limited to the same cause it was given for by the individual, unless an explicit consent for a different use was given. 

Section 8 of the Law sets the duty of registration of databases as well as the limits of using the stored data. Section 8(c) of the Law sets out the circumstances under which the owner of the database must register his database with the Registrar of Databases. The applicable situations are:

(1) The database includes data about more than 10,000 people; or

(2) The database includes sensitive information; or

(3) The database includes data about people that was not provided by those people or not provided with their consent to this database; or

(4) The database belongs to a public entity; or

(5) The database is intended to be used for the purposes of direct mailing

Special duties for the management and holding of a database:

Sections 17A and 17B defines the holder of a database as the one who holds a database on a regular basis and has the right to use it. A database manager is "the active manager of a body that owns or holds a database or the one that a manager of such a body has empowered to in that matter".

Special duties and regulations for direct mailing:
Direct mailing is defined as a "personal application to a person, on the basis of his belonging to a certain group of people, which was fixed by one characterization or more, and that their names are mentioned in the database".

The term application includes written application by facsimile, print, mail, e-mail and other computerized types of information transfer and "any other form of application".

Direct mailing services are defined as the direct mailing of lists or data by any means.

Of course, such duties place a heavy burden on the direct mailing companies. Moreover, the definition of a direct mailing application includes also telephone calls and as such place the same burden on the telemarketing companies.

Criminal punishments:
Section 31A of the Amendment sets a list of offences in connection with chapters B and D of the Law. All may lead to a punishment of one year imprisonment.

  • Managing, holding or using a database that acts in a way that contradicts the instructions of Section 8 of the Law.

  • A petition for the registration of a database that provides false details in the registration request in contradiction with Section 9 of the Law.

  • The delivery of false details in the statement that accompanies a request to receive data under Section 11, or not providing the required details in such a statement.

  • Not following the instructions of Sections 13 and 13A regarding the right of inspection of the data of the database or not changing such data in accordance with Section 14 of the Law.

  • Allowing access to the database in contradiction with Section 17A(a) or not delivering to the Registrar of databases documents or affidavit in accordance with the instructions of Section 17A(b).

  • Not appointing a person in charge of the security of the data.

  • Managing or holding a database that serves direct mailing services in contradiction with Sections 17D to F.

  • Delivery of data in contradiction with Sections 23B to E.

All the abovementioned offences are considered as absolute responsibility, so there is no need to prove mens rea or neglect to prove that the offense was made. Moreover, these offences are considered as torts by the Israeli Tort Act.

The transfer of data out of Israel :
The articles of the protection of privacy (the transfer of data outside of the country’s borders) – 2000 (the “Articles”) legislate what is permissible regarding the transfer of data outside of Israel . The Articles ensure that data shall not be transferred to any country that provides less protection to privacy issues than Israel . The Law of such a country has to set legal collection of data, and that the data shall be accurate and updated.

The Articles rule that one shall not transfer data from Israel to another country, unless the privacy law of that country provides the same degree of protection that the Israeli law provides. The law of such country has to provide for a legal collecting of data, and dictate that the data should be accurate and updated.

Furthermore, the Articles determine that the owner of the database can transfer the data from his database in Israel to another country under certain conditions, such as with the consent of the person to whom the data relates.

The owner of the database must ensure that the receiver of the data takes all necessary measures to protect the privacy of those to whom the data relates. The receiver of the data must also make sure that the data will not be passed to another person, in that country or in another. 


Editor's note: Impact on Outsourcing: Israeli law promotes outsourcing of R&D and high value IT-enabled business process services. The privacy rules establish a strong public policy for preserving privacy and enabling a smooth stream of confidential communications between foreign enterprise customers and Israeli service providers. The criminal sanctions create a strong incentive for compliance and, with it, should inspire confidence for third parties considering Israel as a BPO service center.

Home SEARCH TRANSLATE REGISTER PRIVACY POLICY TERMS OF ACCESS AND USE Contact Us
Copyright 2001-2007 by Outsourcing Law Global  LLC. All rights reserved.  Attorney Advertising