What is Data Security Regulations?
Israeli regulations defining security requirements for databases
The Privacy Protection Regulations (Data Security), 2017, define security requirements for databases in Israel.
Security levels (driven by data type and sharing, not record count alone):
• **Basic** - Residual default for databases that don't meet medium/high criteria • **Medium** - Databases containing medical, genetic, biometric, financial or criminal data, communications metadata, opinions about persons, databases shared between corporations, or databases held by public bodies • **High** - A medium-level database with more than 100,000 data subjects or more than 100 authorized users
Key requirements:
• **Database mapping** - Identify and document all databases • **Permission definition** - Role-based access management • **Encryption** - Encrypt sensitive data • **Backups** - Backup and recovery procedures • **Audits** - Periodic audits and penetration testing • **Documentation** - Log events and actions
Sanctions:
Non-compliance can lead to fines and even criminal liability.
The regulations apply to any organization managing a database requiring registration.
⚠️ This information is provided for general informational purposes only and does not constitute legal advice. For professional advice tailored to your organization, please consult a privacy protection expert.
Related Terms
Privacy Protection Law
The main Israeli law regulating personal data protection and privacy
Amendment 13 to the Privacy Protection Law
A comprehensive amendment to Israeli Privacy Protection Law, in effect since August 2025, strengthening personal data protection
Database Registration
Obligation to register databases with the Israeli Registrar of Databases
DPO - Data Protection Officer
A role responsible for overseeing data protection within an organization
Need Help Implementing?
Our experts can help you understand and implement regulatory requirements in your organization