Privacy and Data Security in the Era of Amendment 13

How Not to Become a Headline

A focused guide to implementing Amendment 13: security, privacy, and trust – in a way that serves operations.
13.08.2025
Compliance & Security
5 min read

What do a bank, a healthcare provider, and a fleet management system have in common? They all handle sensitive data that can expose individuals to real risks. With the enactment of Amendment 13 to the Privacy Protection Law (August 14, 2025), the regulations have become stricter - and now you can receive a fine of up to 10,000 ₪ even without proving that actual damage was caused. The question is not whether to prepare, but how to do it right.

What is Amendment 13 and why is it important now?

Amendment 13 takes effect on August 14, 2025, and brings three significant innovations:

  • Mandatory DPO appointment - Many companies must appoint a Data Protection Officer
  • Shared Controller/Processor liability - Even those who process data at a technical level bear responsibility
  • Mandatory security contract - Every data transfer between parties requires a detailed DPA agreement

Let's take a simple example: an employer who wants to check a driver's GPS after working hours to verify that the vehicle was returned to the right place. According to the new amendment, this would be considered unjustified tracking unless strict conditions are met - for example, a substantiated theft suspicion or explicit approval from the driver.

Why data security is not just a "checkbox"

Many CEOs still see data security as "another regulation to pass." The reality is completely different. According to the Verizon DBIR report, 68% of breaches involve a "human element" - basic human errors or falling for social engineering traps, not dramatic hacker attacks by genius hackers.

The costs of a data breach are much more than a fine:

  • Reputation damage - One word on Facebook and all your customer database knows
  • Operational downtime - Average of 23 days for full recovery
  • Civil lawsuits - Drivers can sue for personal damages

This is not paranoia, it's simple mathematics: the cost of protection is much lower than the cost of recovery.

What we do at Tracer

At Tracer Technologies, data security is not an add-on - it's the foundation. We implement a multi-layered protection system:

  • ISO 27001 certification - Audited every year by an external body
  • Tier-3 Data Center - Secure infrastructure at the highest level
  • 400 days of encrypted history - All data encrypted in real-time and storage
  • Zero-Trust Architecture - No "general" access, every action is verified
  • 48-hour reporting - If something happens, you know immediately

Special point: Our system automatically blocks GPS access outside working hours according to the employer's declaration when joining the service. This is a perfect balance between the company's safety needs and the driver's personal privacy.

Read our full policies: Privacy Policy · Information Security.

Why investing in security pays off

Proper data security is not an expense - it's operational efficiency. Companies that manage data professionally save significant time and resources:

  • Less administrative work - No need to fill incident reports, investigate data issues, or dispute with authorities
  • Operational stability - When systems are properly secured, fewer work interruptions due to technical problems
  • Better cooperation - Drivers who trust the system report more and cooperate more naturally

The most interesting statistic: In most companies that have moved to properly protected systems, time spent on security and privacy issues has decreased by 60% - leaving more time for what really matters.

What to do tomorrow morning

If you wake up tomorrow and want to start complying with the new amendment, here's a 4-point checklist:

  1. Appoint a DPO
    Check if you are required to appoint a Data Protection Officer (depending on the scope of activity). If so - preferably someone with official certification.
  2. Risk assessment
    Make a list of all sensitive information you have: driver GPS, tire details, accident reports, internal communications.
  3. Employee training
    It's not enough that only the CEO understands the law. Everyone who touches data needs to know the basic rules.
  4. DPA agreement
    If you work with an external service provider (like a fleet management system), make sure you have a valid Data Processing Agreement.

Don't wait until the first fine comes

In the end, Amendment 13 is not another bureaucratic obstacle - it's an opportunity to build real trust with your drivers and your customers. Companies that handle data professionally and transparently receive more cooperation, less employee turnover, and more stable business relationships.

Your information - and your customers' information - is the most valuable asset you have. Investing in proper security is not an expense, it's insurance.