One Year Following the Information Security Regulation

רקע בטחון מידע

While large international law firms maintain in-house LegalTech departments and accelerators for internal use, and invest significant amounts in developing advanced technologies – in this (and more) the Israeli market remains light-years away.

However, first signs are starting to show in the Israeli market, and several weeks ago we were informed of the launch of a new LegalTech tool – FBC Online – coming from one of Israel’s leading law firms Fischer Behar Chen Well Orion & Co.

Background and Market Needs

A little over a year ago, the new Information Security Regulations entered into force and shifted the way in which the Israeli market treats the security of personal information. If beforehand, any business in Israel decided, on its own, which security measures to apply to its processing of personal information, the regulator now clarified what is the acceptable standard of information security to be applied.

            Following the publication of the new Regulations (a year prior entry into force), many businesses in Israel prepared, hired professional advisors, updated their information security policies and processes and adopted new information security measures. In recent months, the Israeli Privacy Protection Authority even began inspections to review the readiness status of more than one hundred companies. The Authority initiates some of these inspections and others result from new notification duties of security breaches.

            From a talk with Adv. Amit Dat and Adv. Omri Rachum-Twaig of FBC & Co. Cyber and Information Technology group, it appears that following the preliminary readiness preparation period, the market calls for automated tools to comply with the new Regulations:

A company that went through a readiness program now needs to self-assess and review its compliance once every two years. There is no logic in investing the same amount of resources in such periodic reviews as in the preliminary readiness program. In addition, large businesses that transfer personal information to vendors and service providers must periodically oversee and review such third parties’ compliance with the Regulation. When a business maintains dozens and even hundreds of such vendors, a structured internal mechanism is required for such purpose. Finally, some small and medium enterprises, cannot afford the full fees of professional advisors. All these created a demand for dedicated tools that could be independently operated and provide a reliable assessment of a company’s compliance status and the gaps it has to bridge”.

We brought to the development process of this tool experience from dozens of compliance processes that we accompanied manually. Moreover, we learned the structure of the Authorities compliance inspections. All this knowledge was translated to online questionnaires with clear logic, built together with IDRRA, specializing in the development of automated information security surveys. We first map the types of information processed by a company and determine the security level applicable to it. Then, according to the determined security level, the client receives a designated questionnaire that addresses all aspects in the Regulation. The result is a full and automated gap analysis, produced without human intervention, allowing a company to know exactly what it has to do to comply with the Regulations”.

FBC Online joins a line of online services launched lately by Israeli law firms. Previous online services mainly provided entrepreneurs with legal information and produced basic preliminary legal documents. This new tool provides a service tailor made to specific regulation which is intended both to provide legal knowledge and as a tool that could be used by a company on an ongoing basis. This trend is expected to continue.

Scroll to top