In wake of anti-Israel hacker attacks, Justice Ministry tightens ID number guidelines
Justice Ministry forbids unnecessary collection of personal national ID numbers; personal information of hundreds of thousands of Israelis was recently posted online by anti-Israel hackers.
Israel's Justice Ministry on Sunday released guidelines forbidding unnecessary collection of personal national identification numbers. The Authority for Technology and Information Law, a subsidiary of the Justice Ministry, decided to release the stricter guidelines as a result of attacks by a Saudi hacker and other anti-Israeli hackers. The document was posted on the Justice Ministry website, in order to enable public feedback.
There have been numerous recent attacks against Israeli websites. As a result of these attacks, hackers posted credit card numbers, ID numbers and many other details belonging to Israeli citizens on the internet. In response, Israeli hackers attacked websites based in Arab countries and Iran, and exposed details of citizens of those nations. In addition, other websites were crashed by hackers, including the websites for the Tel Aviv Stock Exchange, El Al, Ynet, and Haaretz, among others.
"These incidents occurred because database owners collected personal national identification numbers, apparently without need, creating a danger of exposure and damage to consumer privacy," read the statement, released by the Justice Ministry.
The new guidelines require that database owners inform those using their services whether or not they are legally obligated to reveal their ID number. They will now be required to explain to users what exactly requires the use of an ID number. Also, it will now be necessary to inform users as to who exactly will receive their personal information, and their intentions. The Justice Ministry suggests that databases begin to use appropriate substitutes such as "customer ID numbers."
The guidelines emphasize that "a database has no right to use the information for any purpose other than the needs of the person in question, and in accordance with any agreements made." The guidelines focus on requirements for safeguarding the information held within databases. Also, according to the new procedures, any database unnecessarily holding ID numbers will be required to convert them to "customer ID numbers."
"The guidelines are meant to be a driving force for change within businesses, in terms of their methods for collecting personal information," says Yoram Hacohen, head of the Authority for Technology and Information Law. "In many cases there is no need for the collection of official identification information, and its collection causes a national data security problem. Organizations that do require such sensitive information must responsibly safeguard that information in a way that corresponds with the danger of it being stolen." Addressing consumers, he said, "do not hastily give out your ID number, and if you do, find out why it is being requested, and make sure you know how it is protected."