As Israel hopes to recover from the Coronavirus pandemic, the Israeli privacy regulator published guidelines on the protection of privacy in businesses and schools, as these begin to reopen.
Reopening is conditioned on the business committing to certain requirements determined by the Israeli Ministry of Health. One of these is questioning employees and customers as to whether they recently experienced any symptoms such as fever or coughing, or have been recently exposed to a person diagnosed with COVID-19. The regulator clarified that businesses should refrain from collecting any unwarranted excess information or use the information collected for any other purpose.
The regulator also recommends that if the business uses technological measures to measure employees’ or visitors’ body temperature before permitting entry, such measures shall not record the data in a way that can identify the individual.
Similar principles apply to the collection of data in educational institutions. The Ministry of Health requires schools to collect certain information as a condition for permitting a child to enter the school. This information includes the pupil’s name, ID number, age, class, parents’ names, and phone numbers. They are also asked questions similar to those noted above. The regulator clarifies that the principles of data minimization and purpose limitation apply. The regulator also clarified that schools should refrain from using means that process biometric or facial recognition data of pupils.
The regulator also emphasizes the importance of protecting children’s privacy, specifically when their health information is concerned. Schools are expected to pay special attention to the protection of information of children that were denied entry for health reasons.
CLICK HERE for the Data Protection Authority’s recommendations for businesses (in Hebrew).
CLICK HERE for the Data Protection Authority’s recommendations for schools (in Hebrew).