The Privacy Protection Law, 1981 states that a person shall not infringe on the privacy of others without their consent. Chapter II of the law deals with the protection of privacy in databases and defines a database as a collection of information data (data on a person's personality, personal status, the individual's modesty, condition his health, his financial situation, his professional training, his opinions and beliefs), which is held by magnetic or optical means and is intended for computer processing. A collection of information for personal use that is not for business purposes and a collection of information that only includes: name, address and contact methods are not considered a database since this does not harm privacy The details, whose names appear in the data collection.
It was found that even where the collection of data was extensive, the provisions of the law did not apply. Which databases, if so, require registration? The law requires the registration of databases in which one of the following is true: (1) the database holds information for more than 10,000 people together (2) the database contains sensitive information (sensitive information includes, for example, data about a person's personality, the individual's modesty, the state of his health , his financial situation, his opinions and his faith); (3) the database contains information about people who did not provide the information and did not give their consent to the inclusion of the information in the database; (4) it is a database of a public body (government offices, local authorities and other public bodies); or (5) the database is used for direct mail services (personal contact to a person, based on his belonging to a population group determined according to one or more characteristics of people whose names are included in the database).
When conditions are met in a database that, due to their existence, it is a database that requires registration, you must not own or manage a database without the registration procedure having been completed and without any verification that the details in the database change, the registration will be updated. An application for registration will include: (1) the details of the owner of the database, the holder of the database and the manager of the database; (2) the purposes of establishing the database and the purposes for which the information is intended; (3) detailing the types of information in the database; (4) details regarding the transfer of information outside the borders of the state; (5) Details regarding receiving information, in a permanent way, from a public body, the name of the public body providing the information and the nature of the information provided, with the exception of details provided with the consent of the person the information is about.
The law further requires that, in principle, it will be possible for any person to review the information on which it is held in a database and to demand the correction of the information or its deletion and places the responsibility for the security of the information on each of the owners of the database, the holder of the database or the manager of the database.
As far as direct mail is concerned, in addition to the requirements from the database itself, the law requires that every direct mail request contain a clear and prominent indication that the referral is direct mail, a notice of the right of the recipient of the referral to be deleted from the database and the information of the database. The law also requires that there be a record indicating the source from which the database received each collection of data used for the purposes of the database and the date of its receipt, as well as to whom each collection of data was given as said. Any direct mail must include the sources from which the information was obtained.
It should be emphasized that in addition to exposure to a civil lawsuit, the law states that where there is a database that requires registration and it is found that the database has not been registered, this will be considered a criminal offense punishable by imprisonment. It should be emphasized that this is a "technical" offense - any situation in which a person manages, owns or uses a database in violation of the law, does not submit details or submits incorrect details in a request to register a database, does not allow perusal of the database or does not correct details in the database that require correction, violates The limitations regarding direct mail and more, he commits a criminal offense even if he had no criminal intent in the act.
Therefore, it is very important to consult a lawyer who specializes in the field before establishing the database and as the database has already been established, an orderly registration of the database according to requirements must be done as soon as possible.