On July 6, 2019, the presidential circular numbered 2019/12 on the information and communication security measures (the “Circular”) was published in the official gazette. The Circular envisages certain measures in order to (a) maintain the security of sensitive data that may threat the national security or disrupt the public order in case its confidentiality, integrity or accessibility is affected and (b) reduce and eliminate the security threats that may arise. The Circular mainly stipulates the following measures;
- storing the sensitive data (such as the residential, health and contact information) in a secure network;
- protecting the (i) sensitive data stored in the database of the public institutions and organizations and (ii) information related to the public institutions and organizations, by storing the relevant data in a secure network or in the private database of such institutions and organizations;
- preventing the classified data sharing and communication through social media;
- restricting the (i) presence of mobile devices and devices with data transfer capabilities in the workplace environments where sensitive data and documents are available and / or meetings are being conducted, (ii) storage of classified corporate data and documents in the devices that have not been authorized by the relevant institution and (iii) connection of the portable devices, having an unidentified source, into the relevant institution’s database;
- implication of the necessary precautions by the institutions and organizations regarding cyber threat notification; and
- implication of certain limitations on the public databases such as (i) providing the secured settings for public e-mail systems, (ii) preventing the corporate communication between non-corporate e-mail addresses, and (iii) preventing the utilisation of corporate e-mail addresses for personal purposes.
Furthermore, in line with the above-mentioned objectives and within the framework of national and international standards and information security criteria, a Guideline for Information and Communication Security (the “Guideline”), envisaging different security levels to be applied by the public institutions and organizations and by the enterprises providing critical infrastructure services, will be prepared by the Digital Transformation Office of the Presidency of the Republic and will be published at www.cbddo.gov.tr. The procedures and principles in the Guideline shall be applied and adapted in the information systems of all public institutions and organizations and enterprises providing critical infrastructure services. Institutions and organizations shall establish a supervision mechanism for the implementation of the Guideline (excluding the duties and activities that are performed to maintain the national security and to protect the data privacy) and shall supervise the implementation at least once a year.
This information is provided for your convenience and does not constitute legal advice. It is prepared for the general information of our clients and other interested persons. This should not be acted upon in any specific situation without appropriate legal advice. This information is protected by copyright and may not be reproduced or translated without the prior written permission of Ergün Avukatlık Bürosu.