Amendment 13 is gamechanger on data security enforcement Globes
p
During a recent privacy and datasecurity conference in Israel industry leaders explored the implications of Amendment 13 to Israels Privacy Protection Law and discussed how organizations can address emerging risks associated with the deployment of advanced AI
Adv Vered Zlaikha Partner and Head of Cyber and AI Practice at Lipa Co law firm said Amendment 13 is a genuine gamechanger not just a technical update While it introduces several substantial provisions the real development lies in enforcement For the first time the Privacy Protection Authority PPA has been granted meaningful powers to impose financial sanctions and take concrete action against violators This means that every company in Israel must recognize that violations are no longer theoretical they now carry a tangible price
documentwriteadhandlergoogledivurl22932857709englobesdesktopenglobesdesktoparticle300x250incontent1sizes300250localenspotincontentarticle1 Zlaikha noted that before the amendment took effect companies were fined for scanning ID cards or failing to remove users from direct mailing lists Now she added the penalties can reach much higher sums
She further emphasized Data must be used strictly for its stated purpose If data is collected exclusively to establish contact but later used for other purposes without proper notification that may constitute a misuse Organizations must clearly define the objectives ensure transparency and obtain informed consent Amendment 13 significantly strengthens this requirement at a normative level
Zlaikha added Even organizations not required to register a database remain fully subject to the law In addition the amendment introduces a new role the Privacy Protection Officer DPO mandatory for entities processing large volumes of sensitive data This officer must have indepth expertise in privacy law and technology operate independently and avoid conflicts of interest It is a position that carries new responsibilities and is about to reshape how organizations approach data protection Accountability extends beyond CISOs and DPOs Corporate management and boards must also address these issues Under the PPA guidance boards may even bear specific legal obligations under the Data Security Regulations
Cyberoot founder and CEO Eli Levin spoke about the need for a shift in corporate mindset With a few simple steps any organization can turn information security and internal policy into real practical tools he said It doesnt have to be expensive or complicated You need to sit down talk and start moving 2025 and 2026 are going to be the years when everything happens the pace is fast the intensity is high and our mission is to turn privacy and information security from a luxury into a musthave It is no longer a choice it is an organizational culture we have to embrace
Levin continued Most organizations still lack a full mapping of their systems and data assets If you do not know what you have you cannot protect it he said A cyber incident quickly turns into a fullscale crisis when theres no advance preparation Even a minor technical glitch can spiral into a largescale security breach You cannot buy cybersecurity off the shelf it has to be tailored meticulously from risk assessment through to a detailed action plan Information security is an ongoing process that requires involvement at every level of the organization The responsibility lies with everyone who handles data
documentwriteadhandlergoogledivurl22932857709englobesdesktopenglobesdesktoparticle300x250incontent2sizes300250localenspotincontentarticle2 SLING part of KELA Group CEO Dr Uri Cohen and KELA head of research Elad Ezrahi discussed data leak risks linked to thirdparty systems Ezrahi warned Personal data stored with external providers may be exposed He presented two recent supplychain attack cases involving voice impersonation and stolen access credentials supported by findings from KELAs threatintelligence platform
A professional panel moderated by Adv Vered Zlaikha explored the integration of AI systems in enterprises the interfaces between IT and legal teams and the handling of privacy and technology risks
Lusha CISO and IT head Einat Shimoni said When introducing new technologies be it a new vendor a tool like ChatGPT or an inproduct AI feature it is a crossdepartmental effort involving development IT security and legal We hold monthly forums to discuss these issues The goal is not to block tools but to enable smart controlled use We have established clear policies increased awareness and provided ongoing training for our teams
Adv Zlaikha concluded Managing regulatory risks in AI systems raises wideranging issues that go beyond privacy and data security inter alia about system accuracy the need for human oversight as well as organizational awareness and employee training It is key to remember that organizations possess a broad toolkit to manage these risks organizational procedural technological and legal Addressing these risks effectively requires drawing on the full range of available tools
Published by Globes Israel business news englobescoil on November 12 2025
Copyright of Globes Publisher Itonut 1983 Ltd 2025
pp
ppDuring a recent privacy and datasecurity conference in Israel industry leaders explored the implications of Amendment 13 to Israels Privacy Protection Law and discussed how organizations can address emerging risks associated with the deployment of advanced AIppAdv Vered Zlaikha Partner and Head of Cyber and AI Practice at Lipa Co law firm said Amendment 13 is a genuine gamechanger not just a technical update While it introduces several substantial provisions the real development lies in enforcement For the first time the Privacy Protection Authority PPA has been granted meaningful powers to impose financial sanctions and take concrete action against violators This means that every company in Israel must recognize that violations are no longer theoretical they now carry a tangible priceppZlaikha noted that before the amendment took effect companies were fined for scanning ID cards or failing to remove users from direct mailing lists Now she added the penalties can reach much higher sumsppShe further emphasized Data must be used strictly for its stated purpose If data is collected exclusively to establish contact but later used for other purposes without proper notification that may constitute a misuse Organizations must clearly define the objectives ensure transparency and obtain informed consent Amendment 13 significantly strengthens this requirement at a normative levelppZlaikha added Even organizations not required to register a database remain fully subject to the law In addition the amendment introduces a new role the Privacy Protection Officer DPO mandatory for entities processing large volumes of sensitive data This officer must have indepth expertise in privacy law and technology operate independently and avoid conflicts of interest It is a position that carries new responsibilities and is about to reshape how organizations approach data protection Accountability extends beyond CISOs and DPOs Corporate management and boards must also address these issues Under the PPA guidance boards may even bear specific legal obligations under the Data Security RegulationsppCyberoot founder and CEO Eli Levin spoke about the need for a shift in corporate mindset With a few simple steps any organization can turn information security and internal policy into real practical tools he said It doesnt have to be expensive or complicated You need to sit down talk and start moving 2025 and 2026 are going to be the years when everything happens the pace is fast the intensity is high and our mission is to turn privacy and information security from a luxury into a musthave It is no longer a choice it is an organizational culture we have to embraceppLevin continued Most organizations still lack a full mapping of their systems and data assets If you do not know what you have you cannot protect it he said A cyber incident quickly turns into a fullscale crisis when theres no advance preparation Even a minor technical glitch can spiral into a largescale security breach You cannot buy cybersecurity off the shelf it has to be tailored meticulously from risk assessment through to a detailed action plan Information security is an ongoing process that requires involvement at every level of the organization The responsibility lies with everyone who handles datappSLING part of KELA Group CEO Dr Uri Cohen and KELA head of research Elad Ezrahi discussed data leak risks linked to thirdparty systems Ezrahi warned Personal data stored with external providers may be exposed He presented two recent supplychain attack cases involving voice impersonation and stolen access credentials supported by findings from KELAs threatintelligence platformppA professional panel moderated by Adv Vered Zlaikha explored the integration of AI systems in enterprises the interfaces between IT and legal teams and the handling of privacy and technology risksppLusha CISO and IT head Einat Shimoni said When introducing new technologies be it a new vendor a tool like ChatGPT or an inproduct AI feature it is a crossdepartmental effort involving development IT security and legal We hold monthly forums to discuss these issues The goal is not to block tools but to enable smart controlled use We have established clear policies increased awareness and provided ongoing training for our teamsppAdv Zlaikha concluded Managing regulatory risks in AI systems raises wideranging issues that go beyond privacy and data security inter alia about system accuracy the need for human oversight as well as organizational awareness and employee training It is key to remember that organizations possess a broad toolkit to manage these risks organizational procedural technological and legal Addressing these risks effectively requires drawing on the full range of available toolsppPublished by Globes Israel business news englobescoil on November 12 2025pp Copyright of Globes Publisher Itonut 1983 Ltd 2025p
During a recent privacy and datasecurity conference in Israel industry leaders explored the implications of Amendment 13 to Israels Privacy Protection Law and discussed how organizations can address emerging risks associated with the deployment of advanced AI
Adv Vered Zlaikha Partner and Head of Cyber and AI Practice at Lipa Co law firm said Amendment 13 is a genuine gamechanger not just a technical update While it introduces several substantial provisions the real development lies in enforcement For the first time the Privacy Protection Authority PPA has been granted meaningful powers to impose financial sanctions and take concrete action against violators This means that every company in Israel must recognize that violations are no longer theoretical they now carry a tangible price
documentwriteadhandlergoogledivurl22932857709englobesdesktopenglobesdesktoparticle300x250incontent1sizes300250localenspotincontentarticle1 Zlaikha noted that before the amendment took effect companies were fined for scanning ID cards or failing to remove users from direct mailing lists Now she added the penalties can reach much higher sums
She further emphasized Data must be used strictly for its stated purpose If data is collected exclusively to establish contact but later used for other purposes without proper notification that may constitute a misuse Organizations must clearly define the objectives ensure transparency and obtain informed consent Amendment 13 significantly strengthens this requirement at a normative level
Zlaikha added Even organizations not required to register a database remain fully subject to the law In addition the amendment introduces a new role the Privacy Protection Officer DPO mandatory for entities processing large volumes of sensitive data This officer must have indepth expertise in privacy law and technology operate independently and avoid conflicts of interest It is a position that carries new responsibilities and is about to reshape how organizations approach data protection Accountability extends beyond CISOs and DPOs Corporate management and boards must also address these issues Under the PPA guidance boards may even bear specific legal obligations under the Data Security Regulations
Cyberoot founder and CEO Eli Levin spoke about the need for a shift in corporate mindset With a few simple steps any organization can turn information security and internal policy into real practical tools he said It doesnt have to be expensive or complicated You need to sit down talk and start moving 2025 and 2026 are going to be the years when everything happens the pace is fast the intensity is high and our mission is to turn privacy and information security from a luxury into a musthave It is no longer a choice it is an organizational culture we have to embrace
Levin continued Most organizations still lack a full mapping of their systems and data assets If you do not know what you have you cannot protect it he said A cyber incident quickly turns into a fullscale crisis when theres no advance preparation Even a minor technical glitch can spiral into a largescale security breach You cannot buy cybersecurity off the shelf it has to be tailored meticulously from risk assessment through to a detailed action plan Information security is an ongoing process that requires involvement at every level of the organization The responsibility lies with everyone who handles data
documentwriteadhandlergoogledivurl22932857709englobesdesktopenglobesdesktoparticle300x250incontent2sizes300250localenspotincontentarticle2 SLING part of KELA Group CEO Dr Uri Cohen and KELA head of research Elad Ezrahi discussed data leak risks linked to thirdparty systems Ezrahi warned Personal data stored with external providers may be exposed He presented two recent supplychain attack cases involving voice impersonation and stolen access credentials supported by findings from KELAs threatintelligence platform
A professional panel moderated by Adv Vered Zlaikha explored the integration of AI systems in enterprises the interfaces between IT and legal teams and the handling of privacy and technology risks
Lusha CISO and IT head Einat Shimoni said When introducing new technologies be it a new vendor a tool like ChatGPT or an inproduct AI feature it is a crossdepartmental effort involving development IT security and legal We hold monthly forums to discuss these issues The goal is not to block tools but to enable smart controlled use We have established clear policies increased awareness and provided ongoing training for our teams
Adv Zlaikha concluded Managing regulatory risks in AI systems raises wideranging issues that go beyond privacy and data security inter alia about system accuracy the need for human oversight as well as organizational awareness and employee training It is key to remember that organizations possess a broad toolkit to manage these risks organizational procedural technological and legal Addressing these risks effectively requires drawing on the full range of available tools
Published by Globes Israel business news englobescoil on November 12 2025
Copyright of Globes Publisher Itonut 1983 Ltd 2025
pp
ppDuring a recent privacy and datasecurity conference in Israel industry leaders explored the implications of Amendment 13 to Israels Privacy Protection Law and discussed how organizations can address emerging risks associated with the deployment of advanced AIppAdv Vered Zlaikha Partner and Head of Cyber and AI Practice at Lipa Co law firm said Amendment 13 is a genuine gamechanger not just a technical update While it introduces several substantial provisions the real development lies in enforcement For the first time the Privacy Protection Authority PPA has been granted meaningful powers to impose financial sanctions and take concrete action against violators This means that every company in Israel must recognize that violations are no longer theoretical they now carry a tangible priceppZlaikha noted that before the amendment took effect companies were fined for scanning ID cards or failing to remove users from direct mailing lists Now she added the penalties can reach much higher sumsppShe further emphasized Data must be used strictly for its stated purpose If data is collected exclusively to establish contact but later used for other purposes without proper notification that may constitute a misuse Organizations must clearly define the objectives ensure transparency and obtain informed consent Amendment 13 significantly strengthens this requirement at a normative levelppZlaikha added Even organizations not required to register a database remain fully subject to the law In addition the amendment introduces a new role the Privacy Protection Officer DPO mandatory for entities processing large volumes of sensitive data This officer must have indepth expertise in privacy law and technology operate independently and avoid conflicts of interest It is a position that carries new responsibilities and is about to reshape how organizations approach data protection Accountability extends beyond CISOs and DPOs Corporate management and boards must also address these issues Under the PPA guidance boards may even bear specific legal obligations under the Data Security RegulationsppCyberoot founder and CEO Eli Levin spoke about the need for a shift in corporate mindset With a few simple steps any organization can turn information security and internal policy into real practical tools he said It doesnt have to be expensive or complicated You need to sit down talk and start moving 2025 and 2026 are going to be the years when everything happens the pace is fast the intensity is high and our mission is to turn privacy and information security from a luxury into a musthave It is no longer a choice it is an organizational culture we have to embraceppLevin continued Most organizations still lack a full mapping of their systems and data assets If you do not know what you have you cannot protect it he said A cyber incident quickly turns into a fullscale crisis when theres no advance preparation Even a minor technical glitch can spiral into a largescale security breach You cannot buy cybersecurity off the shelf it has to be tailored meticulously from risk assessment through to a detailed action plan Information security is an ongoing process that requires involvement at every level of the organization The responsibility lies with everyone who handles datappSLING part of KELA Group CEO Dr Uri Cohen and KELA head of research Elad Ezrahi discussed data leak risks linked to thirdparty systems Ezrahi warned Personal data stored with external providers may be exposed He presented two recent supplychain attack cases involving voice impersonation and stolen access credentials supported by findings from KELAs threatintelligence platformppA professional panel moderated by Adv Vered Zlaikha explored the integration of AI systems in enterprises the interfaces between IT and legal teams and the handling of privacy and technology risksppLusha CISO and IT head Einat Shimoni said When introducing new technologies be it a new vendor a tool like ChatGPT or an inproduct AI feature it is a crossdepartmental effort involving development IT security and legal We hold monthly forums to discuss these issues The goal is not to block tools but to enable smart controlled use We have established clear policies increased awareness and provided ongoing training for our teamsppAdv Zlaikha concluded Managing regulatory risks in AI systems raises wideranging issues that go beyond privacy and data security inter alia about system accuracy the need for human oversight as well as organizational awareness and employee training It is key to remember that organizations possess a broad toolkit to manage these risks organizational procedural technological and legal Addressing these risks effectively requires drawing on the full range of available toolsppPublished by Globes Israel business news englobescoil on November 12 2025pp Copyright of Globes Publisher Itonut 1983 Ltd 2025p
