A criminal investigation by the Authority for the Protection of Privacy has ended, which revealed a network of trading in the personal data of policyholders at the three largest insurance companies in Israel. During the last two years, the insurance agency has employed sales workers in the insurance companies who were employed on a regular basis, for a fee.
The revelation of the affair began after a large insurance company received a report from an anonymous source, according to which the suspected insurance agency employs workers in the insurance companies whose job it is to systematically collect information from the companies' insureds, for a fee. Following the anonymous report, the insurance company contacted the Authority for the Protection of Privacy, which opened a broad criminal investigation against the suspected insurance agency.
The investigative actions included questioning dozens of involved and suspects, among them the managers of the insurance agency who previously worked in insurance companies; Conducting searches in a number of locations, including the homes of the key people involved in the case and the offices of the insurance agency; Seizing bank documents, cell phones, computers, as well as copying the agency's databases.
The findings of the investigation revealed that most of the suspects, who knew each other from a prior acquaintance, were instructed to focus on transferring the details of insured men and women who paid a monthly premium higher than NIS 300. The information included the amount and types of insurance the customer purchased, the premiums he paid, date of birth, ID card, ID card issue date, full name, phone number, and profession. The transfer of information was carried out by copying the data on the insured from the insurance company's databases onto colored notes or sending them by email, WhatsApp, and other ways.
For each note or message that contained the details of a potential client, the employees of the insurance companies received a sum of 30 shekels, which accumulated to sums of hundreds of thousands of shekels paid by the managers of the suspect agency. The suspects were interrogated for suspicion of committing numerous offenses of invasion of privacy, and now at the end of the investigation, the case has been transferred to the Cyber Department of the State Attorney's Office for review and a decision regarding the filing of indictments.
The head of criminal enforcement at the Privacy Protection Authority, attorney Efrat Hashan Mandel: "The case revealed crimes that were committed in a systematic and planned manner in exchange for money without the knowledge of the insured and with a serious violation of their privacy. Financial information is personal information and action must be taken to keep it that way. We at the Authority will continue to wage a determined fight against those who seek to harm the public's privacy."
The criminal investigation carried out by the Authority, in this case, is one of the enforcement channels in which the Authority operates in the insurance company sector. In the coming weeks, the Authority will publish to the public the findings and conclusions of the extensive inspection it conducted at dozens of agencies and insurance companies. This is a significant and sector-wide enforcement channel operated by the Authority to ensure the compliance of the entities belonging to this sector with the provisions of the Privacy Protection Law and the regulations pursuant thereto.