The Right To Review Digital Database

Author:Barnea & Co
Profession:Barnea & Co

Within the scope of a new directive published recently by the database registrar at the Israeli Law, Information and Technology Authority, entities, such as service-providers, that retain recordings of telephone conversations or chat correspondence with their customers will be forced to enable their customers (the subjects of the information) to also access information of this type. This according to the right of access prescribed in the Privacy Protection Law and the regulations instituted by virtue thereof.

The purpose of the directive, called "Application of the Provisions of the Privacy Protection Law to the Right to Access Voice Recordings, Videos and Other Digital Information," is to clarify the way in which the registrar interprets the provisions of the Privacy Protection Law, as it pertains to the right to access "digital information," such as recorded telephone conversations, chat correspondence, video calls and more.

According to the new directive, the right of access prescribed in the Privacy Protection Law, as it pertains to information retained in a database, applies not only to correspondence and records, but also to any information that is digitally stored.

It is important to understand that this does not encompass all information stored through digital means. The scope of the information to which the right of access applies derives from the definitions in the Law and from the interpretations of the term "information" during court rulings. Generally, at issue is information that is essentially of a personal nature, which includes data on a person's personality, personal status, the right to privacy in relation to his personality, state of health, economic situation, professional training, opinions and beliefs.

The directive adds that the right of access applies not only to information stored and catalogued under a person's specific identity (usually a customer of a service-provider), but also when the information is not stored in a way that links it to the identity of that individual, but which, after reasonable efforts, may link him to the information. In this context, the directive clarifies that "reasonable efforts" will also include...

To continue reading