1. For the purpose of information support, publicly available sources of personal data (including directories, address books) may be created. Publicly available sources of personal data, with the written consent of the subject of personal data, may include his last name, first name, patronymic, year and place of birth, address, subscriber number, information about the profession and other personal data reported by the subject of personal data.
2. Information about the subject of personal data must be excluded from public sources of personal data at any time at the request of the subject of personal data or by decision of a court or other authorized state bodies.
Legal advice under Art. 8 of the Personal Data Law
- Lawyer's response:
There is a possibility. FEDERAL LAW of July 27, 2006 N 152-FZ "ON PERSONAL DATA" Article 8. 1. For the purpose of information support, public sources of personal data (including directories, address books) can be created. Publicly available sources of personal data, with the written consent of the subject of personal data, may include his last name, first name, patronymic, year and place of birth, address, subscriber number, information about the profession and other personal data provided by the subject of personal data. Information about the subject of personal data may be excluded from public sources of personal data at any time at the request of the subject of personal data or by decision of the court or other authorized state bodies. Article 9. Consent of the subject of personal data to the processing of his personal data1. The subject of personal data decides to provide his personal data and agrees to their processing by his own will and in his own interest, except for the cases provided for in paragraph 2 of this article. Consent to the processing of personal data may be withdrawn by the subject of personal data.2. This Federal Law and other federal laws provide for cases where the subject of personal data must provide their personal data in order to protect the foundations of the constitutional order, morality, health, rights and legitimate interests of others, to ensure the defense of the country and the security of the state. The obligation to provide proof of obtaining the consent of the subject of personal data to the processing of his personal data, and in the case of processing publicly available personal data, the obligation to prove that the personal data being processed is publicly available, rests with the operator.4. In the cases provided for by this Federal Law, the processing of personal data is carried out only with the consent in writing of the subject of personal data. The written consent of the subject of personal data to the processing of his personal data must include: 1) last name, first name, patronymic, address of the subject of personal data, number of the main document proving his identity, information about the date of issue of the specified document and the issuing authority; 2) name (last name, first name, patronymic) and address of the operator receiving the consent of the subject of personal data; 3) the purpose of processing personal data; 4) the list of personal data for the processing of which the consent of the subject of personal data is given; 5) the list of actions with personal data, for which consent is given, a general description of the methods used by the operator for processing personal data; 6) the period during which the consent is valid, as well as the procedure for its withdrawal. 5. For the processing of personal data contained in the written consent of the subject to the processing of his personal data, no additional consent is required.6. In case of incapacity of the subject of personal data, consent to the processing of his personal data is given in writing by the legal representative of the subject of personal data.7. In the event of the death of the subject of personal data, consent to the processing of his personal data is given in writing by the heirs of the subject of personal data, if such consent was not given by the subject of personal data during his lifetime. Article 24. Persons guilty of violating the requirements of this Federal Law shall bear civil, criminal, administrative, disciplinary and other liability provided for by the legislation of the Russian Federation.
- Lawyer's response:
passport data are personal data of a person and are subject to the protection of the Federal Law "On Personal Data" Article 7. 1. Operators and third parties gaining access to personal data must ensure the confidentiality of such data, except as provided for in part 2 of this article.2. Ensuring the confidentiality of personal data is not required: 1) in case of depersonalization of personal data; 2) in relation to publicly available personal data. Code of Administrative Offenses: Article 13.11. Violation of the procedure established by law for the collection, storage, use or dissemination of information about citizens (personal data) Violation of the procedure established by law for the collection, storage, use or dissemination of information about citizens (personal data) - five minimum wages; for officials - from five to ten times the minimum wage; for legal entities - from fifty to one hundred times the minimum wage.
Contact the administration of the site where the "problem" profile with the specified problem is posted and indicate that you have already created a profile earlier and that your data is used there
- Lawyer's response:
In the database, I found out the date of birth, the house. address, telephone, dates of registration actions and their type, brand, year of manufacture and license plate number of the car ... It means so. According to the above law on Personal Data, this database contains personal data, the processing of which is permissible either with consent or on the basis of the law ( I don’t consider other grounds), let’s say there is a law that allows processing this data, however, in any case, confidentiality must be observed, i.e. publication is prohibited, with the exception of: anonymized personal data and publicly available, which, in turn, can only become such with written consent, which should not yet be revoked (articles 7,8,9 of the Law). In this case, the operator (suppose that legally processes the personal data) pumped them and leaked them (part 1 of article 17), which means: Article 17. The right to appeal against the actions or inaction of the operator 2. The subject of personal data has the right to protect his rights and legitimate interests, including compensation for losses and (or) compensation for non-pecuniary damage in court (not many laws directly provide for this). Further: Article 24. Responsibility for violation of the requirements of this Federal Law responsibility under the laws of the Russian Federation. Pay attention to the sequence!! ! About civil, I said, criminal - it's kind of like 137 of the Criminal Code (I could be wrong), administrative - this is art. 13.11 of the Code of Administrative Offenses - violation of the procedure established by law for the collection, storage, use or dissemination of information about citizens (personal data) - entails a warning or the imposition of an administrative fine on citizens in the amount of three hundred to five hundred rubles; on officials - from five hundred to one thousand roubles; for legal entities - from five thousand to ten thousand rubles. (nonsense in general) discipline is not interesting at all. EVERYTHING! Z. Y. I was touched by the word "other"))) moral responsibility or what are they going to provide for in the law?
- Lawyer's response:
Grigory Pashovkin
What kind of new base do doctors have? They slipped a piece of paper for consent to make (not consent to the operation)
Most likely, this is the addition of your personal data to the database (maybe, in particular, biometric data), this was an internal form of havevedenie to resolve the issue with the storage and use of your personal data.
- Lawyer's response:
Yuri Kasumov
what is "public personal data"?
- Lawyer's response:
See the law itself: N 152-FZ of July 27, 2006 (as amended on July 25, 2011) "On Personal Data" Article 3. Basic concepts used in this Federal Law For the purposes of this Federal Law, the following basic concepts are used: 1) personal data - any information relating directly or indirectly to a specific or identifiable natural person (subject of personal data); ... Article 6. Conditions for the processing of personal data 1. The processing of personal data must be carried out in compliance with the principles and rules provided for by this Federal Law. The processing of personal data is allowed in the following cases: ... 10) processing of personal data is carried out, access to which is provided to an unlimited number of persons by the subject of personal data or at his request (hereinafter referred to as personal data made public by the subject of personal data); ... Article 8. 1. For the purpose of information support, publicly available sources of personal data (including directories, address books) may be created. Publicly available sources of personal data, with the written consent of the subject of personal data, may include his last name, first name, patronymic, year and place of birth, address, subscriber number, information about the profession and other personal data reported by the subject of personal data. (As amended by the Federal Law of 25.07.2011 N 261-FZ) ... Article 22. Notification of the processing of personal data ... 2. The operator has the right to process personal data without notifying the authorized body for the protection of the rights of subjects of personal data: .. 4) made public by the subject of personal data; (Clause 4 as amended by the Federal Law of July 25, 2011 N 261-FZ) 5) including only the last names, first names and patronymics of personal data subjects; ... And that's all I found. If I state here on the net that I am in my 60s, then this is information that I have made publicly available, since anyone can look here. But it is impossible to call it well-known, since everyone is not obliged to know it. And the fact that Alexander Sergeevich Pushkin is the author of "Eugene Onegin" is both publicly available and well-known for the Russian-speaking, and is the personal data of a very specific person. According to the law "ON INFORMATION, INFORMATION TECHNOLOGIES AND ON THE PROTECTION OF INFORMATION" dated July 27, 2006 N 149-FZ (personal data is a special case of information!) Article 7. Publicly available information 1. Publicly available information includes well-known information and other information, access to which is not limited. 2. Publicly available information may be used by any persons at their discretion, subject to the restrictions established by federal laws regarding the dissemination of such information. 3. The owner of information that has become publicly available by his decision has the right to demand that persons distributing such information indicate themselves as the source of such information. Article 8. The right to access information ... 4. Access to: ... 3) information on the activities of state bodies and local self-government bodies, as well as on the use of budgetary funds (with the exception of information constituting state or official secret) ; !!! And this paragraph also refers to the full name of officials of state bodies and local governments, that is, all officials. I think so.
- Lawyer's response:
- Lawyer's response:
Actions are illegal, regulates breaks for rest and meals. Part 1 During the working day (shift), the employee must be given a break for rest and meals lasting no more than two hours and no less than 30 minutes, which is not included in working time. Part 2 The time of the break and its specific duration are established by the internal labor regulations or by agreement between the employee and the employer. Only part 3 determines that in jobs where, due to the conditions of production (work), it is impossible to provide a break for rest and food, the employer is obliged to provide the employee with the opportunity to rest and eat during working hours. The list of such works, as well as places for rest and eating, are established by the internal labor regulations. Production conditions such as conveyor or blast furnace and other continuous production
-
http://minfin.com.ua/blogs/IgorZabuta/19619/
- Lawyer's response:
The Law of Ukraine "On the Protection of Personal Data" () itself does not oblige you to consent to the collection and processing of your data.
P. p. 5, 6 Art. 6 of the Law obliges the owner of the personal data base to process data in the scope and for the purposes specified in the agreement with you and only with your consent.
Also, according to paragraph 2 of paragraph 2 of Art. 8 of the Law, you have the right to demand information about the conditions of access to data, as well as information about third parties who have access to the database.
In addition, according to paragraph 1 of paragraph 1 of Art. 11 of the Law, with your agreement, you can make a request to restrict the right to process your data. For example, according to paragraph 1 of Art. 16 of the Law, you have the right to determine the procedure for third parties to access your data. And, according to paragraph 1 of Art. 21 of the Law, the owner of the database is obliged to notify you of the transfer of your information to third parties, if required by the terms of the agreement.
Remember, according to Art. Art. 6, 627 of the Civil Code of Ukraine ([link blocked by the decision of the project administration]), contractual relations in Ukraine are free. - Lawyer's response:
Of course, according to paragraphs 5, 6 of Art. 6 of the Law of Ukraine "On the protection of personal data" dated June 1, 2010 No. 2297-VI ([link blocked by decision of the project administration]).
Moreover, according to paragraph 2 of paragraph 2 of Art. 8 of the Law, the employee has the right to demand information about the conditions of access to data, as well as information about third parties who have access to the database. - Lawyer's response:
No, there is a specific question: "Does the employer have the right to find out from the police ...", and not where you can find out. At the same time, it is not necessary that there would be enforcement proceedings or debts in the administrative area. Specific answer: Federal Law "On the Police" dated February 7, 2011 N 3-FZ: Article 17. Formation and maintenance of data banks about citizens entering the received information into data banks about citizens (hereinafter referred to as data banks). Information shall be entered into data banks: .... 8) on persons who have committed an administrative offense; .... Here: 7. The processing of personal data is carried out in accordance with the requirements established by the legislation of the Russian Federation in the field of personal data. That is, we look at the Federal Law of July 27, 2006 N 152-FZ "On Personal Data" Article 3 states that 1) personal data - any information relating to a directly or indirectly identified or identifiable natural person (subject of personal data) ; ... 3) processing of personal data - any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data; Article 6 of the same law contains the conditions for the processing of personal data, which indicate that the processing of personal data is carried out with the consent of the subject of personal data to the processing of his personal data. The rest of the conditions don't seem to fit. From here a conclusion: 1. The question is set incorrectly. An employer (legal entity, individual) is not prohibited by any law from submitting written applications to the state. bodies and other bodies, jur. individuals, individuals persons. Another question is whether the police have the right to release such information? Answer: If you gave the employer consent to the processing of your personal data, then formally he has the right to receive (or demand, as you wish) such information about you from the police. Otherwise, it doesn't. In the absence of such consent, the bodies of the Ministry of Internal Affairs should not issue such information by virtue of the above Art. 17 "On the police". This condition is applicable if you are in an employment relationship with an employer, and not just get a job, if you did not confuse these concepts when asking a question.
-
Article 7. Confidentiality of personal data 1. Operators and third parties gaining access to personal data must ensure the confidentiality of such data, except as provided for in part 2 of this...
- Lawyer's response:
Better write a complaint to Roskomnadzor. Federal Law of July 27, 2006 N 152-FZ "On Personal Data" Article 7. Confidentiality of personal data Operators and other persons who have gained access to personal data are obliged not to disclose to third parties and not to distribute personal data without the consent of the subject of personal data, unless otherwise provided by federal law. Article 8. 1. For the purpose of information support, publicly available sources of personal data (including directories, address books) may be created. Publicly available sources of personal data, with the written consent of the subject of personal data, may include his last name, first name, patronymic, year and place of birth, address, subscriber number, information about the profession and other personal data reported by the subject of personal data. 2. Information about the subject of personal data must be excluded from public sources of personal data at any time at the request of the subject of personal data or by decision of a court or other authorized state bodies. Article 21. Obligations of the operator to eliminate violations of the law committed during the processing of personal data, to clarify, block and destroy personal data or an authorized body for the protection of the rights of subjects of personal data, the operator is obliged to block illegally processed personal data relating to this subject of personal data, or ensure their blocking (if the processing of personal data is carried out by another person acting on behalf of the operator) from the moment of such request or receipt of the specified request for the review period. In the event that inaccurate personal data is detected when the subject of personal data or his representative contacts, or at their request or at the request of the authorized body for the protection of the rights of subjects of personal data, the operator is obliged to block personal data relating to this subject of personal data, or ensure their blocking (if processing personal data is carried out by another person acting on behalf of the operator) from the moment of such application or receipt of the specified request for the period of verification, if the blocking of personal data does not violate the rights and legitimate interests of the subject of personal data or third parties. Article 17
Roman Mavrov
A question for practicing lawyers in civil litigation. Some very common telephone directory printed false information. Having managed to give my mobile number (a direct number with an area code) as the number of an industrial enterprise. Now they constantly call me and try to send faxes around the clock. The information in the new editions has been corrected, but the old reference books and CDs with information programs continue to be used. I say right away that my tariff is unlimited and I can’t show financial claims, only moral ones ... Is it possible to sue something from the publishing company?
Inna Antonova
whether it carries responsibility and what, a person who publishes passport data on the Internet in any community, for example, such as LJ ru_avto,
Sergei Redrikov
How can I protect myself legally?. I have a big problem. I found a profile on icq.com that mirrored my profile. My data is completely copied in it, my photo is used. On my behalf, information is sent that discloses my personal data (mobile phone, address) against my will on the web pages of other people. What should I do and how can I protect myself legally? How can I find out who specifically created the page and can I sue him in court? Thanks in advance for any advice.
Vladimir Khomishin
On-line base of traffic police: what rules of law are violated?. http://www.nomer.org/mosgibdd/ Have any rules of law been violated when placing the database on this site, and if so, which ones?
Inna Romanova
Help organize a charity fund for children!. I really want to know the step-by-step procedure and pitfalls when organizing a charitable foundation for orphans
Zinaida Efimova
Do all legal entities have to fill out a personal data processing notice? for what? and what are the consequences?. and if an enterprise has four licenses for different types of activities, then four notifications must be submitted or what?
Diana Putina
Labor law question. SW. comrades gentlemen lawyers specialists (without sarcasm) please clarify the following question. Today at work, the following incident occurred: Before the lunch break, I approached the supervisor (the immediate supervisor has a day off and I never had such excesses with him) and said that today I need to go to lunch (I rarely go, I prefer to work during the break) Next such a dialogue follows with the participation of those persons (I, the Manager and the Logistician, who always interferes in her own business.) R: For lunch? Me: Yes, but what R., L.: Why don’t you carry it with you? Ya: Why, it’s a 5-minute walk to my house L.: So what, we (whom we don’t understand) too, but we carry with us (what do I care about you, even if you don’t go to work, I need you POHER) L .: WE ARE FORBIDDEN TO GO HOME FOR LUNCH R: YES REALLY Me: What do you mean it's forbidden in my tr. the contract says LUNCH FROM 12-30 TO 13-30, this is my personal time and it’s up to me to decide how to dispose of it, and according to the law .... IN GENERAL, THE ESSENCE OF THE QUESTION IS THIS: WHAT IS THE FUCK, THE PROHIBITION TO GO FOR THE LUNCH BREAK. we don’t have any plant for the production of nuclear warheads and not even a cutting shop at a jewelry factory, BUT A CONVENTIONAL BASE FOR TRADING IN BUILDING MATERIALS. Please explain, if possible with the articles of the Labor Code of the Russian Federation Thank you in advance!
Konstantin Savostin
consent to the collection and processing of personal data at school.Ukraine. I don't want to sign. What to do and how to motivate your refusal. I feel that they will put pressure on what laws to refer to. Help
Natalia Belova
personnel officers of Ukraine: is it necessary to take a statement of consent to the use of personal data when applying for a job?
Artur Efirov
Does the employer have the right to find out from the police about your administrative violations. Please write an article
Margarita Sergeeva
If my address and full name are online, what can I do? Take to court? So the debt document. in front of Zheu HZ in what a shaggy year. And I don't know how to remove it from there. My personal data is online! Tin! If you file a lawsuit, will the data be removed?
Commentary on the Federal Law of July 27, 2006 No. N 152-FZ "On personal data" Petrov Mikhail Igorevich
Article 8. Publicly available sources of personal data
Public sources of personal data
Commentary on Article 8
1. Within the meaning of the commented Law, sources of personal data are recognized as publicly available, access to which is not limited and does not require the prior consent of personal data subjects. Publicly available sources of personal data can be used by any person at their discretion, subject to the restrictions established by federal laws regarding the dissemination of such information.
The creation of publicly available sources of personal data is due to the need for information support. An analysis of the current legislation allows us to note that currently public sources of personal data include: directories, address books, encyclopedias, documents accumulated in open funds of libraries and archives, information systems of public authorities, local governments, public associations, organizations, representing the public interest or necessary for the realization of the rights, freedoms and duties of citizens. At the same time, modern science and practice have not yet been able to develop effective criteria by which it would be possible to clearly distinguish between public and confidential segments of information.
The creation of public sources of personal data, which should include the last name, first name, patronymic, year and place of birth, address, subscriber number, information about the profession and other personal data provided by the subject of personal data, is carried out with the obligatory consent of the latter. In addition, the subject of personal data has the right to require persons distributing such information to indicate themselves as the source of such information.
The use of personal data from public sources implies, in turn, the exclusion of the possibility of making a profit.
In the case of processing publicly available personal data, the obligation to prove that the personal data being processed is publicly available lies with the operator.
2. In order to protect the rights and legitimate interests of the subject of personal data, the legislator provides for the possibility of revoking personal data used in public sources. Their exclusion can be carried out both at the request of the subject of personal data, and by decision of the court or a specially authorized state body.
Article 74-1. Processing of personal data in violation of the legislation on the protection of personal data
Article 85. The concept of personal data of an employee. Processing of personal data of an employee Personal data of an employee is information required by the employer in connection with labor relations and relating to a particular employee. Processing of personal data of an employee
Article 88. Transfer of personal data of an employee When transferring personal data of an employee, the employer must comply with the following requirements: not to disclose the personal data of an employee to a third party without the written consent of the employee, except in cases
Article 5. Principles of Personal Data Processing Commentary to Article 51. The commented article legislator establishes the fundamental principles for working with personal data, the collection and processing of which is carried out on legal grounds. Latest
Article 6. Conditions for the processing of personal data
Article 7. Confidentiality of personal data
Article 9. Consent of the subject of personal data to the processing of their personal data The legislator emphasizes that
Article 10. Special categories of personal data Commentary on Article 101. The commented article identifies special categories of personal data and establishes a general prohibition on their processing. A special category of personal data includes information that discloses
Article 12. Cross-border transfer of personal data Comment to Article 121. The draft law defines the principles of cross-border transfer of personal data. These principles are harmonized with the main international legal acts in the field of personal data, which
Article 15
Article 16. Rights of personal data subjects when making decisions based solely on automated processing of their personal data
Article 20
Article 21. Obligations of the operator to eliminate violations of the law committed during the processing of personal data, as well as to clarify, block and destroy personal data
Article 22. Notification on the processing of personal data
"Person" - data that relate to a person, personality, biological organism.
What is, how to collect, where to store, how to protect?
Is a fingerprint card personal data or not?
It contains no personal information.
personal data - any information relating to an individual identified or determined on the basis of such information (subject of personal data), including his last name, first name, patronymic, year, month, date and place of birth, address, family, social, property status , education, profession, income, other information;
The address is the registration at the place of residence or place of stay.
Conditional classification of personal data.
1) according to the degree of openness:
publicly available personal data - personal data, access to which is granted to an unlimited number of persons with the consent of the subject of personal data or which, in accordance with federal laws, is not subject to the requirement of confidentiality.
Publicly available personal data is data to which voluntary consent is given and placed in the public domain.
Often, some site owners request registration information that they do not want to provide.
Confidential Information - information is provided strictly for specific purposes. Sometimes it can be collected without the knowledge of the person.
The Ministry of Internal Affairs stores information in information centers
2) by accessory
- personal - belong from birth
- official - in the course of work, service - class rank, etc.
3) by way of provision
- voluntarily provided information
- provided in the general manner in accordance with the law (forced)
- collected without the consent of the citizen in accordance with the law
4) by nature data
- biometric (fingerprint information)
Basic concepts used when working with personal data.
– processing of personal data— actions (operations) with personal data, including collection, systematization, accumulation, storage, clarification (updating, changing), use, distribution (including transfer), depersonalization, blocking, destruction of personal data;
— dissemination of personal data- actions aimed at the transfer of personal data to a certain circle of persons (transfer of personal data) or to familiarization with personal data of an unlimited number of persons, including the disclosure of personal data in the media, placement in information and telecommunication networks or providing access to personal data to any - in any other way;
— use of personal data — actions (operations) with personal data performed by the operator in order to make decisions or perform other actions that give rise to legal consequences in relation to the subject of personal data or other persons or otherwise affect the rights and freedoms of the subject of personal data or other persons;
— blocking of personal data- temporary suspension of the collection, systematization, accumulation, use, distribution of personal data, including their transfer;
Information posted on the Internet often cannot be blocked.
Most personal data:
- stored on the computer
- posted online
Difficult to control placement
— destruction of personal data- actions as a result of which it is impossible to restore the content of personal data in the personal data information system or as a result of which material carriers of personal data are destroyed; - situations when archives burned
depersonalization of personal data
— depersonalization of personal data- actions, as a result of which it is impossible to determine the ownership of personal data by a specific subject of personal data;
— personal data information system- an information system, which is a combination of personal data contained in the database, as well as information technologies and technical means that allow the processing of such personal data using automation tools or without using such tools;
— privacy of personal data— a mandatory requirement for an operator or other person who has gained access to personal data to prevent their distribution without the consent of the subject of personal data or other legal grounds;
— cross-border transfer of personal data- transfer of personal data by the operator across the State Border of the Russian Federation to the authorities of a foreign state, an individual or legal entity of a foreign state;
- publicly available personal data- personal data, access of an unlimited number of persons to which is granted with the consent of the subject of personal data or which, in accordance with federal laws, is not subject to the requirement of confidentiality.
Processing of personal data.
1) lawfulness of the purposes and methods of processing personal data and good faith;
2) compliance of the purposes of processing personal data with the purposes predetermined and declared during the collection of personal data, as well as the authority of the operator;
3) compliance of the volume and nature of the processed personal data, methods of processing personal data with the purposes of processing personal data;
4) the reliability of personal data, their sufficiency for the purposes of processing, the inadmissibility of processing personal data that is excessive in relation to the purposes stated when collecting personal data;
5) the inadmissibility of combining databases of personal data information systems created for mutually incompatible purposes.
If once someone filled out a fingerprint card, then it is in the information center in their databases. We cannot, for example, merge databases of ordinary citizens and perpetrators of a crime.
1) with the consent of the owner of personal data
2) without the consent of the owner of personal data.
This applies to persons occupying a certain position and position: military personnel, corpses
Confidentiality of personal data:
When not required:
1) in case of depersonalization of personal data;
2) in relation to publicly available personal data.
— the operator who collects and processes personal data.
— restrict access within your own organization
The operator is personally responsible for the dissemination of personal data
– setting access restrictions both indoors and on the network (access system, card identification system)
For local networks – system login + password
You can restrict access by biometric information: fingerprint, retina.
- about race
- political views
about religious or philosophical beliefs
- about the state of health
about intimate life
Their processing is possible only with the consent of the subjects.
1) the presence of the written consent of the subject to their processing
2) if the subject of personal data has made them publicly available
3) if this information relates to information necessary to protect the life, health and other vital interests of a person
Such information may be provided for medical and preventive purposes - for example, a viral infection.
A feature of the processing of personal data in state or municipal information systems for processing personal data.
- applies only to civil servants and municipal employees.
The state body has its own status, there are independent systems for processing information about state or municipal employees.
1) it is established what information is needed within its competence
2) there is also the Federal Law “On the State Civil Service”, that is, it is regulated not only by the legislation on personal data.
Information that characterizes the physiological characteristics of a person and on the basis of which it is possible to establish his identity (biometric personal data) can be processed only with the consent in writing of the subject of personal data, except for the following cases:
1) committing a crime
The processing of biometric personal data may be carried out without the consent of the subject of personal data in connection with the administration of justice, as well as in cases provided for by the legislation of the Russian Federation on security, the legislation of the Russian Federation on operational-search activities, the legislation of the Russian Federation on public service, the penitentiary legislation of the Russian Federation, the legislation of the Russian Federation on the procedure for exit from the Russian Federation and entry into the Russian Federation.
- collecting information from a suspect is illegal
Processing of cross-border information.
It can be demanded in order to protect the citizens of the country where it is transferred, it is collected only with the written consent of the subject.
Rights of the subject of personal data.
1) The right of the subject of personal data to access their personal data
You can not call the information center of the Ministry of Internal Affairs (main information center and zonal information center)
2) The rights of personal data subjects to the processing of their personal data in order to promote goods, works, services on the market, as well as for the purposes of political campaigning
The accuracy of the information will be verified by others.
3) making decisions based solely on automated processing of personal data. A person may not trust automated processing. You can demand that fingerprints be stored not only in a computer, but also on paper.
- Labor Code of the Russian Federation - there is a chapter on personal data.
FEDERAL LAW ON STATE DISTINGULAR REGISTRATION IN THE RUSSIAN FEDERATION dated July 25, 1998 N 128-FZ
Publicly available personal data is
Personal data— any information relating to a certain or determined on the basis of such information to an individual, including:
His last name, first name, patronymic,
Year, month, date and place of birth,
Address, family, social, property status, education, profession, income,
— another information (see FZ-152, art. 3).
For example: passport details, financial statements, medical records, year of birth (for women), biometrics, other personal identification information.
AT public sources of personal data (address books, lists and other information support) with written consent an individual may include his last name, first name, patronymic, year and place of birth, address, subscriber number and other personal data (see Federal Law-152, art. 8).
Personal data is classified as restricted access information and should be reserved in accordance with the legislation of the Russian Federation. When forming requirements for the security of systems, personal data is divided into 4 categories.
What is the operator and subject of personal data?
Personal data operator- this is, as a rule, an organization, or rather, a state or municipal body, a legal entity or an individual organizing and (or) carrying out the processing of personal data, as well as determining the purposes and content of the processing of personal data.
Subject of personal data is an individual.
The operator is responsible for the protection of the subject's personal data in accordance with the current legislation of the Russian Federation.
How to classify the personal data information system?
In order to attribute typical personal data information system (ISPD) for a particular class, it is necessary:
II. Define volume personal data processed in the information system:
volume 3— data is processed simultaneously in the information system less than 1000 subjects personal data or personal data of personal data subjects within a particular organization;
volume 2 from 1,000 to 100,000 subjects personal data or personal data of personal data subjects working in the sector of the economy of the Russian Federation, in a public authority residing within the municipality;
volume 1— personal data is simultaneously processed in the information system more than 100,000 subjects personal data or personal data of subjects of personal data within the subject of the Russian Federation or the Russian Federation as a whole;
III. Based on the results of the analysis of the initial data typical ISPD is assigned one of the following classes(see table):
Class 4 (K4) - information systems for which the violation of a given security characteristic of personal data processed in them does not lead to negative consequences for personal data subjects;
Class 3 (K3) - information systems for which a violation of a given security characteristic of personal data processed in them can lead to minor negative consequences for personal data subjects;
Class 2 (K2) - information systems for which a violation of a given security characteristic of personal data processed in them can lead to negative consequences for personal data subjects;
Class 1 (K1) - information systems for which a violation of a given security characteristic of personal data processed in them can lead to significant negative consequences for personal data subjects.
Judgment Day delayed until January 1, 2011
Personal data information systems created before the date of entry into force of the Federal Law of the Russian Federation No. 152 "On Personal Data" must be brought into line with the requirements of this Federal Law no later than January 1, 2010 (see Federal Law-152, Article 25).
This means that personal data operators who failed to comply with the very strict requirements of Federal Law-152, from January 1, 2010, will incur the appropriate civil, administrative, disciplinary, and perhaps (God forbid) and criminal a responsibility .
All information systems that have already been put into operation after February-April 2008 (since the methodological documents of the FSTEC of Russia and the FSB of Russia were sent out), but do not comply with the requirements of Russian legislation in the field of personal data, may incur the specified responsibility earlier, for example, tomorrow morning .
Note. Changes to the Criminal Code of the Russian Federation, significantly tightening liability for violations affecting privacy, will also come into force on January 1, 2010.
But as always happens, personal data operators did not move much, and few managed to do everything that was required. On December 16, 2009, the State Duma adopted in the third reading amendments to Articles 19 and 25 of the Law "On Personal Data" (152-FZ). The deadline for bringing personal data information systems (PDIS) into line with this law was postponed for a year - until January 1, 2011. In addition, the law excludes the rule obliging the operator to use encryption (cryptographic) means to protect data when processing personal data.
Mandatory requirements for the protection of personal data information systems
The main mandatory requirements for the organization of an information security system, depending on the class of a typical ISPD:
For ISPD class 4:
The list of measures to protect personal data is determined by the operator (depending on the possible damage)
For ISPD class 3:
Declaration of Conformity or
Obtaining a license from the FSTEC of Russia for the technical protection of confidential information (for distributed systems ISPDn K3)
For ISPD class 2:
Mandatory certification for information security requirements
Obtaining a license from the FSTEC of Russia for the technical protection of confidential information for distributed systems
For ISPD class 1:
Mandatory certification for information security requirements
Measures to protect personal data from PEMIN should be implemented
Obtaining a license from the FSTEC of Russia for the technical protection of confidential information
The procedure for protecting the information system of personal data
The sequence of actions when fulfilling the requirements of the legislation on the processing of personal data:
1) Notification to the authorized body for the protection of the rights of personal data subjects of their intention to process personal data using automation tools;
2) Pre-project survey of the information system - collection of initial data;
3) Classification of the personal data processing system;
4) Building a private model of threats in order to determine their relevance to the information system;
5) Development of a private technical assignment for a personal data protection system;
6) Designing a personal data protection system;
Responsibility for violations of the processing of personal data
Persons guilty of violating the requirements of the Federal Law 152-FZ "On Personal Data" bear:
- criminal (see the Criminal Code of the Russian Federation, art. 137, 140, 155, 183, 272, 273, 274, 292, 293),
Administrative (see the Code of the Russian Federation on Administrative Offenses, Articles 5.27, 5.39, 13.11-13.14, 13.19, 19.4-19.7, 19.20, 20.25, 32.2),
Disciplinary (see Labor Code of the Russian Federation, Art. 81; Art. 90; Art. 195; Art. 237; Art. 391)
and other liability provided for by the legislation of the Russian Federation (see by-laws on working with personal data, which are published in the constituent entities of the Russian Federation, departments and organizations).
FSTEC- Federal Service for Technical and Export Control.
PEMIN- Spurious Electromagnetic Radiations and Pickups
Protection of personal information
In December 2014, the State Duma adopted in the third reading a draft law on the storage of personal data of citizens processed on the Internet on servers in Russia. According to Roman Chuichenko, a member of the information policy committee, the main goal of the bill is to strengthen the information security of the country and its citizens. This measure was taken in connection with the complication of the international situation. This bill will come into force on September 1, 2015.
The entry into force of the new regulation on the protection of personal data involves the provision by personal data operators of:
- timely detection of unauthorized access to PD;
- prevention of impact on technical means that carry out automated processing of PD;
- the possibility of prompt response to the fact of unauthorized access and immediate restoration of PD in cases of their destruction or change;
- constant control over the level of protection of personal data.
Categories of personal data
Processing of ISPD can also be carried out according to the parameter "volume of processed personal data", which implies the number of subjects processed in the information system, and can take the following values:
- simultaneous processing of more than 100 thousand PD subjects (performed both within the subject of the Russian Federation and in the Russian Federation as a whole);
- simultaneous processing of PD from 1 to 100 thousand subjects (performed in a state authority working in the field of the Russian economy);
- simultaneous processing of PD of less than 1 thousand subjects (performed within a specific organization).
The division into categories allows not only to determine the class of ISPD, but also to establish a set of measures to ensure the security and protection of personal data on the Internet, when processed in information systems.
Employee's personal data
Every employee has the right to protect their personal data (clause 9, article 86 of the Labor Code of the Russian Federation).
In accordance with Art. 89 of the Labor Code of the Russian Federation, each employee can exercise his right to the protection and protection of PD through the following actions:
- free free access to their personal data, including obtaining a copy of any record that contains the employee's personal data;
- identification of a personal representative to protect their personal data;
- obtaining full information about PD and their processing;
- issuing requirements for the exclusion or correction of personal data containing incorrect information or if they were processed in violation of the requirements of the law;
- appeal in court against unlawful actions of the employer, as well as his inaction in the processing and protection of personal data.
The composition of the employee's personal data
Based on clause 2 of Article 86 of the Labor Code of the Russian Federation, the scope and content of the employee's personal data are determined by the employer in accordance with the Constitution of the Russian Federation, the Labor Code and other federal laws. As a rule, the activity of any organization involves the use by the employer in the workflow of two main types of documents:
- Documents that are provided by the employee when concluding an employment contract (Article 65 of the Labor Code of the Russian Federation). This category includes documents containing a photograph of the employee, full name, information about the place and date of birth, citizenship, marital status, place of registration, education, specialty (passport, insurance certificate of state pension insurance, military ID, etc.).
- Documents that are formed by the employer independently (primary accounting documentation for accounting for labor and its payment). This category includes orders or orders to hire an employee, terminate an employment contract, reward an employee, a personal card, documents on remuneration.
Protection of personal data, liability for violation of the law
It should be noted that some sanctions for violation of certain elements of offenses apply both to individuals and officials, and to legal entities.
In accordance with Article 150 of the Civil Code of the Russian Federation, privacy, personal and family secrets are among the inalienable intangible rights protected by existing laws.
It should be noted that the rights and obligations of an employee that are directly related to the PD of other employees are determined by the terms of the employment contract and the composition of local regulatory legal acts that establish the labor functions of the employee and the list of his job duties.
Administrative responsibility for violation of the procedure for collecting, storing and distributing personal data entails a warning or a fine in the amount of: from 300 to 500 rubles - for individuals; from 500 to 1000 rubles - for officials, from 5 to 10 thousand rubles - for legal entities (Article 13.11 of the Code of Administrative Offenses of the Russian Federation). Administrative responsibility for the dissemination of information protected by law in the performance of official and professional duties entails a fine in the amount of: from 500 to 1000 rubles - for individuals, from 4 to 5 thousand rubles - for officials (Article 13.14 of the Code of Administrative Offenses of the Russian Federation) .
Violation of privacy, in particular personal data, by a person when using his official position provides for punishment in the form of:
- a fine in the amount of 100 to 300 thousand rubles, wages or other income of the offender within 1-2 years;
- deprivation of the right to hold certain positions for a period of 2 to 5 years;
- arrest for a period of 4 to 6 months.