The Israeli Privacy Protection Authority published for public comments a draft position paper on the advisable appointment of Chief Privacy Officers (CPOs, sometimes referred to as Data Protection Officers – DPOs) in Israeli organizations. The paper explains that although Israeli law does not mandate the appointment of CPO/DPO (other than in one isolated instance related to the Bank of Israel), the authority views the voluntary appointment as a recommended best practice for organizations whose operations involve processing personal data.
The paper goes on to explain that while the position may be performed by an in-house member or by an outside professional, it is highly recommended to appoint a senior, in-house executive in organizations whose core activities involve processing personal data or where processing is performed in a large scale.
According to the position paper, the CPO/DPO should be trained or educated in law, regulation, IT, or accounting, have knowledge of technology and information security, and be acquainted with business operations and professional ethics.
The authority draws a sharp distinction between a CPO/DPO and an organizational information security officer. The former focuses on the permissible and prohibited uses of personal data, while the latter focuses on measures to prevent unauthorized use of data. The position paper also recommends that the CPO/DPO be a member of the organization’s senior executive forum.
CLICK HERE to read the Israeli Privacy Protection Authority’s draft position paper (in Hebrew).