On March 17, 2024, the Privacy Protection Authority (PPA) published the report of findings of a broad inspection conducted on the smart transportation sector. In particular, the PPA stated that the broad inspection includes an examination of the implementation of the Protection of Privacy Law, 5741-198 (PPL) and its regulations. 

What was covered in the broad inspection?

More specifically, the PPA noted that the use of smart transportation applications and systems is based on the collection, processing, and analysis of information allowing transportation entities to make decisions based on big data to improve and optimize the transportation system, which involves privacy risks. The PPA further stated that it contacted 13 entities in the smart transportation sector to fill out an audit questionnaire, out of which 12 responded. The audit questionnaire examined the following:

• organizational control;
• database management; and
• information security. 

What were the findings of the PPA?

The PPA found that:

• overall about 35% of the entities presented only a partial level of compliance in all the tested areas, of which 10% had a low level of compliance;
• in weighing the scores given, the average score of the sector was 85%;
• the findings of the cross-examination procedure showed sufficient proficiency in the requirements of information security regulations in most of the organizations examined. However, in 8% of the entities, the level of compliance with information security requirements is low with 20% at a medium level of compliance;
• in the field of database management, a third of the entities are at a medium compliance level; and
• in the field of organizational control, most entities are in full compliance with the requirements of the law.

You can read the press release here and the report here, both only available in Hebrew.