Cloud Computing & Cyber Security
Cloud Computing
​
In recent years, the use of Cloud Computing technologies has increased and with it the need to protect the information transferred, stored or processed in the Cloud, in light of the existing exposure in shared computing infrastructures, use of supply chain, or the actual storage/transfer/processing of information in a manner which isn't exclusively held by the client and defined as "Cloud computing" legally or technologically.
​
Along with the technological and security examinations that the organization must perform when entering into a Cloud based system or developing a Cloud based system, a comprehensive legal examination is required regarding the law and regulation applicable to the information that will be transferred, stored or processed through the system, the manner of protection of the information and its storage, the duties applicable on the transferrer and the transferee of the information, the manner of access to the information, determination of the applicable law, and the verification of compliance with the various regulatory provisions, including the GDPR regulations as applicable, as well as the preparation of an agreement regulating these provisions (Data Processing Agreement) as required.
​
In addition, the location of the Cloud Service Provider can be located outside of Israel. When the information is transferred outside the borders of Israel - special provisions apply, both in accordance with the Israeli Privacy Protection laws and regulations, the Israeli Privacy Protection Authority regulations from time to time, and specific privacy directives applying on certain bodies (such as supervised banking entities).
​
Also, apart from the protection and regulation aspect of such information, when it comes to Cloud Computing agreements, other issues that are unique to this engagement must be legally settled, given the sensitivity level of security in Cloud agreements, such as: whether the cloud system is uniquely developed for the customer or a shelf product; The provided Cloud Service (Cloud as a Software/ Cloud as a Platform/ Cloud as Infrastructure/ all together) and its implications for the organization; How the information is transmitted and stored; Whether the customer has a backup to the information transferred; Whether the information that is transferred/ stored/ processed in the Cloud is defined as "sensitive information"; What are the consequences of use/ non-use/ malfunction in the system/ loss of information for the customer; Special emphasis on property rights and intellectual property in the system and the information transferred, confidentiality arrangements, warranty, termination of contract, service and maintenance and more.
Adv. & Notary Shiran Ilan carries special expertise in Cloud Computing, drafting Cloud agreements, legal opinions, including in connection with the fulfillment of regulatory obligations and aspects of privacy protection as a result of the engagement, data processing agreements and data processing in light of banking regulations (Including proper banking directives for cloud computing (362) and outsourcing activities (A359) and the resulting provisions), and extensive engagement with this central and sensitive issue.
Among other things, Adv. Shiran Ilan served as the Legal Advisor of the Procurement Department and the Technology and Operations Division at one of Israel's largest and central Credit Card companies (which is a supervised body), providing her with technological knowledge and understanding along with extensive and unique knowledge of the regulation and the applicable law, and conducting complex agreements and negotiations with leading entities in Israel and abroad.
​
Shiran's clients over the years enjoy a high level of professionalism, integrity, loyalty, availability and personal service to all of her clients, and she will be happy to accompany you as well.
Privacy Protection and Cyber Security
​
The right for privacy has long been statutory in the Israeli law as a constitutional right through section 7 of the Basic Law: Human Dignity and Liberty, 1992, in addition to the provisions of the Privacy Protection Law and its detailed regulations.
​
In addition, the Privacy Protection Authority is the regulatory body which supervise the fulfillment of the provisions and regulations by law, together with its guidelines which are published from time to time and form an integral part of the regulatory provisions apply according to the Israeli law.
​
The significant technological development in recent years and the share of knowledge, brought the need for tightened protection of the information objects' privacy and/or organizational, personal or business information of any body, including use of information security measures, sites/operations backup, and preventing cyber-attacks ​​and information security vulnerabilities in the organization. The issue of privacy protection and maintaining an adequate level of information security is a central interest in any work of an organization and/or business in order to prevent legal exposure, both by the information objects, by third parties harmed as a result of its disclosure and by the regulator (which may, among other things, impose heavy fines as a result of non-compliance with the provisions by law and regulation).
​
The importance of proper legal advice is reflected both in drafting agreements and conducting negotiations for the purchase/supply of information security systems, in legal advice regarding the legal obligations apply to any supplier or customer in respect with the information transmitted/may be transmitted, including compliance with privacy protection regulations (Information security), 2017, and the full provisions by law and regulations which apply on the information, as well as legal advice and reporting to the Privacy Protection Authority in the event of security breach or unauthorized use or leak of information and performing the actions required by law without any delay.
​
In addition, a comprehensive legal examination is required regarding the law and regulations applicable to the information which will be transferred, stored or processed by the organization or outside of it, the manner of protection and storage of the information, the obligations which apply to the information transferrer and the recipient, the manner of access to the information, establishing the law applicable between the parties, compliance with the various regulatory provisions, including the GDPR regulations as applicable, as well as preparation of an agreement regulating these provisions (Data Processing Agreement) to the extent necessary.
​
Furthermore, when the information is transferred outside the borders of Israel - special provisions apply, both in accordance with the Privacy Protection laws and regulations in Israel, in accordance with the Privacy Protection Authority regulations from time to time and in accordance with specific regulatory provisions applicable to certain entities (such as supervised banking entities).
​
In addition, in the matters specified by the Israeli law, a person or organization holding a collection of information must register the information as an "information database" with the Registrar of Information Databases (other than the exceptional matters specified by law), which imposes increased obligations on the information database owner or holder, in accordance with the Israeli law and the Privacy Protection Authority regulations.
Adv. & Notary Shiran Ilan carries an extensive experience in providing legal advice in the field of privacy protection and information security, drafting and managing procurement agreements for information security systems and fraud prevention systems, Non-Disclosure Agreements and Data Processing Agreements, legal opinions, including in connection with the fulfillment of regulatory obligations and aspects of the privacy protection as a result of the engagement, and ongoing legal advice in connection with issues in this key area.
Among other things, as part of her professional experience, Adv. Shiran Ilan served as an attorney responsible for providing legal advice to the Procurement Department and the Technology and Operations Division at one of Israel's largest and central Credit Card companies (which is a supervised body), including accompanying all business activities, and ongoing legal advice to the Information Security Department, providing her with technological knowledge and understanding along with extensive and unique knowledge of the regulation and the applicable law, and conducting complex agreements and negotiations with leading entities in Israel and abroad.
Shiran's clients over the years enjoy a high level of professionalism, integrity, loyalty, availability and personal service to all of her clients, and she will be happy to accompany you as well.
