- an individual who is provided by him about himself.

There is free access to public data with the written permission of the subject. This may also include such information about the subject, which is not provided for by law.

The subject is a natural person, information about which is collected, stored, processed and used for any purpose by the operator (legal or natural person, municipal or state body).

What types of information are they?

The list of publicly available personal information includes:

Peculiarities

Publicly available personal information is presented in sources such as a passport or other identification card, a driver's license, a military ID, a work book, a diploma of education.

Not in all cases there is a need for written permission to use them, sometimes a signature or a “tick” in the required box is enough (for example, when filling out applications via the Internet).

Information of a general nature can be placed in sources with free access. They store information about the subjects, they include a variety of directories with telephone numbers or addresses.

FSTEC - the Federal Service for Technical and Export Control issues licenses to organizations that provide services to others in creating personal data protection systems. The data protection system is created for your needs, a license is not required for it.

An individual has the right to obtain information about the operator, as well as to find out the specific purpose pursued by the operator during processing.

The subject has the full right to submit an application, the approval of which allows you to clarify, block or destroy personal information if it is outdated, invalid, incomplete, or its presence is not required for processing.

Among other things, an individual has the right to request from the operator access to his personal information, as well as to familiarize himself with the means of processing information. Operators are specialists involved in the processing of information about a person..

Bodies for the processing of personal data are all organizations that collect, process, accumulate and store information about employees, customers, suppliers.

Read more about the cases in which a contract for the processing of personal data is required.

In what case are they included in open sources?

The inclusion of information in publicly available sources occurs in various situations, for example:

• during employment and the conclusion of an employment contract;
• during the census process;
• establishing trade relations, etc.

The personal data of the subject are classified according to the amount of personal information about the person and the degree of importance. Any operations with them are carried out strictly within the framework of legislative acts and are subject to protection.

Operators are obliged to organize the safety of the work process. They must ensure complete personal information of the subjects from access to it by unauthorized persons.

During the collection process, the operator is obliged to obtain written permission for further processing. The processing includes information about the subject and the operator (full name, address), the purpose of processing and the list of necessary information, as well as a description of the operations that will be performed with them.

The personal data of the subject are classified according to the amount of personal information about the person and the degree of importance. Any operations with them are carried out strictly within the framework of legislative acts and are subject to protection. However, there is a category of publicly available personal data that carries only superficial and impersonal information to a person.

From this article you will learn:

• what is publicly available personal data;
• list of publicly available personal data;
• features of working with publicly available personal data.

When creating any database, including a list of all employees of the enterprise, at the initial stage it is necessary to categorize personal data. All personal data of employees is divided into two groups - public and confidential.

The concept and classification of personal data

Personal data (PD) are various types of information, from full name, date of birth, marital and social status, to registration numbers of documents issued by government agencies and commercial authorities. The operator of personal data is a state, federal, commercial structure, a legal entity or an individual who has the right to perform various activities using personal data.

In labor relations, the owner / subject of personal data is the employee, and the operator is the employer, the personnel and accounting department that deals with the registration of the employee for work and all issues related to personal affairs and legal relationships, payroll, benefits, compensation, etc. The PD of the subject is necessary for the employer to connect them with labor relations / agreements (Articles 85, 86 of the Labor Code of the Russian Federation).

The processing of personal data refers to various operations provided for by the legislation of the Russian Federation. The types of PD processing include collection, systematization, accumulation, storage, updating, use, depersonalization, destruction, which are carried out in accordance with the procedures established by regulatory enactments. Operations with PD can be carried out by state, federal, municipal bodies and organizations that have such a right by status.

All PDs are divided into the following sections:

• Special personal data;
• Biometric personal data.

When forming personal data information systems (PDIS), it is recommended to be guided by the Order of the FSTEC, the FSB and the Ministry of Information Technologies and Communications of the Russian Federation No. 55/86/20 dated February 13, 2008 “On Approval of the Procedure for Classifying Personal Data Information Systems”. According to this regulatory act, PD are divided into categories:

1. Category 1 - special data that defines race and nationality, religious and political beliefs, personal facts and health conditions.
2. Category 2 - data that makes it possible to identify the subject and obtain additional information about him, with the exception of factors related to category 1. This section includes full name, home address, passport data, serial numbers of documents (medical policy, pension certificate, SNILS, TIN), information from the labor and medical records.
3. Category 3 - data allowing to identify the subject (name, surname, date of birth).
4. Category 4 - depersonalized or publicly available personal data by which it is impossible to identify the subject.

Publicly available personal data: list

The list of publicly available personal data includes such factors that do not carry information that allows identifying a person's identity in the database. Anonymous data includes:

• First name, first name and patronymic;
• Nickname/login of the subject on the Internet;
• Email address (without reference to full name);
• Position, place of work (without information about personal data).

Public data includes information about the subject, which can be obtained from public sources of information, such as a telephone directory or address book. Such public databases are entered with the written consent of the subject.

Public personal data: features

The peculiarity of publicly available personal data is that they can be placed in open sources of information. That is, if an organization's contact directory contains the contact details of officials, for example, those involved in training and hiring personnel, then such data is considered publicly available. When the names and surnames of members of the editorial board are indicated in the printed publication, this information also refers to the public.

The peculiarity of publicly available data, which allows them to be correctly classified, can be attributed to such a factor - the first three categories are to some extent necessary for entering the subject into the ISPD, and the fourth category remains outside the requirements of information systems. If only the name and place of work are known about a person from all the data, then such information is publicly available.

When systematizing data, more accurate information will be required, which can only be obtained with the subject's written consent to the processing of personal data. In this case, the operator assumes the obligation to protect and comply with the legally established rules for the processing and storage of personal data.

"Person" - data that relate to a person, personality, biological organism.

What is, how to collect, where to store, how to protect?

Is a fingerprint card personal data or not?

It contains no personal information.

personal data - any information relating to an individual identified or determined on the basis of such information (subject of personal data), including his last name, first name, patronymic, year, month, date and place of birth, address, family, social, property status , education, profession, income, other information;

The address is the registration at the place of residence or place of stay.

Conditional classification of personal data.

1) according to the degree of openness:

publicly available personal data - personal data, access to which is granted to an unlimited number of persons with the consent of the subject of personal data or which, in accordance with federal laws, is not subject to the requirement of confidentiality.

Publicly available personal data is data to which voluntary consent is given and placed in the public domain.

Often, some site owners request registration information that they do not want to provide.

Confidential Information - information is provided strictly for specific purposes. Sometimes it can be collected without the knowledge of the person.

The Ministry of Internal Affairs stores information in information centers

2) by accessory

- personal - belong from birth

- official - in the course of work, service - class rank, etc.

3) by way of provision

- voluntarily provided information

- provided in the general manner in accordance with the law (forced)

- collected without the consent of the citizen in accordance with the law

4) by nature data

- biometric (fingerprint information)

Basic concepts used when working with personal data.

– processing of personal data— actions (operations) with personal data, including collection, systematization, accumulation, storage, clarification (updating, changing), use, distribution (including transfer), depersonalization, blocking, destruction of personal data;

— dissemination of personal data- actions aimed at the transfer of personal data to a certain circle of persons (transfer of personal data) or to familiarization with personal data of an unlimited number of persons, including the disclosure of personal data in the media, placement in information and telecommunication networks or providing access to personal data to any - in any other way;

— use of personal data — actions (operations) with personal data performed by the operator in order to make decisions or perform other actions that give rise to legal consequences in relation to the subject of personal data or other persons or otherwise affect the rights and freedoms of the subject of personal data or other persons;

— blocking of personal data- temporary suspension of the collection, systematization, accumulation, use, distribution of personal data, including their transfer;

Information posted on the Internet often cannot be blocked.

Most personal data:

- stored on the computer

- posted online

Difficult to control placement

— destruction of personal data- actions as a result of which it is impossible to restore the content of personal data in the personal data information system or as a result of which material carriers of personal data are destroyed; - situations when archives burned

depersonalization of personal data

— depersonalization of personal data- actions, as a result of which it is impossible to determine the ownership of personal data by a specific subject of personal data;

— personal data information system- an information system, which is a combination of personal data contained in the database, as well as information technologies and technical means that allow the processing of such personal data using automation tools or without using such tools;

— privacy of personal data— a mandatory requirement for an operator or other person who has gained access to personal data to prevent their distribution without the consent of the subject of personal data or other legal grounds;

— cross-border transfer of personal data- transfer of personal data by the operator across the State Border of the Russian Federation to the authorities of a foreign state, an individual or legal entity of a foreign state;

- publicly available personal data- personal data, access of an unlimited number of persons to which is granted with the consent of the subject of personal data or which, in accordance with federal laws, is not subject to the requirement of confidentiality.

Processing of personal data.

1) lawfulness of the purposes and methods of processing personal data and good faith;

2) compliance of the purposes of processing personal data with the purposes predetermined and declared during the collection of personal data, as well as the authority of the operator;

3) compliance of the volume and nature of the processed personal data, methods of processing personal data with the purposes of processing personal data;

4) the reliability of personal data, their sufficiency for the purposes of processing, the inadmissibility of processing personal data that is excessive in relation to the purposes stated when collecting personal data;

5) the inadmissibility of combining databases of personal data information systems created for mutually incompatible purposes.

If once someone filled out a fingerprint card, then it is in the information center in their databases. We cannot, for example, merge databases of ordinary citizens and perpetrators of a crime.

1) with the consent of the owner of personal data

2) without the consent of the owner of personal data.

This applies to persons occupying a certain position and position: military personnel, corpses

Confidentiality of personal data:

When not required:

1) in case of depersonalization of personal data;

2) in relation to publicly available personal data.

— the operator who collects and processes personal data.

— restrict access within your own organization

The operator is personally responsible for the dissemination of personal data

– setting access restrictions both indoors and on the network (access system, card identification system)

For local networks – system login + password

You can restrict access by biometric information: fingerprint, retina.

- about race

- political views

about religious or philosophical beliefs

- about the state of health

about intimate life

Their processing is possible only with the consent of the subjects.

1) the presence of the written consent of the subject to their processing

2) if the subject of personal data has made them publicly available

3) if this information relates to information necessary to protect the life, health and other vital interests of a person

Such information may be provided for medical and preventive purposes - for example, a viral infection.

A feature of the processing of personal data in state or municipal information systems for processing personal data.

- applies only to civil servants and municipal employees.

The state body has its own status, there are independent systems for processing information about state or municipal employees.

1) it is established what information is needed within its competence

2) there is also the Federal Law “On the State Civil Service”, that is, it is regulated not only by the legislation on personal data.

Information that characterizes the physiological characteristics of a person and on the basis of which it is possible to establish his identity (biometric personal data) can be processed only with the consent in writing of the subject of personal data, except for the following cases:

1) committing a crime

The processing of biometric personal data may be carried out without the consent of the subject of personal data in connection with the administration of justice, as well as in cases provided for by the legislation of the Russian Federation on security, the legislation of the Russian Federation on operational-search activities, the legislation of the Russian Federation on public service, the penitentiary legislation of the Russian Federation, the legislation of the Russian Federation on the procedure for exit from the Russian Federation and entry into the Russian Federation.

- collecting information from a suspect is illegal

Processing of cross-border information.

It can be demanded in order to protect the citizens of the country where it is transferred, it is collected only with the written consent of the subject.

Rights of the subject of personal data.

1) The right of the subject of personal data to access their personal data

You can not call the information center of the Ministry of Internal Affairs (main information center and zonal information center)

2) The rights of personal data subjects to the processing of their personal data in order to promote goods, works, services on the market, as well as for the purposes of political campaigning

The accuracy of the information will be verified by others.

3) making decisions based solely on automated processing of personal data. A person may not trust automated processing. You can demand that fingerprints be stored not only in a computer, but also on paper.

- Labor Code of the Russian Federation - there is a chapter on personal data.

FEDERAL LAW ON STATE DISTINGULAR REGISTRATION IN THE RUSSIAN FEDERATION dated July 25, 1998 N 128-FZ

Publicly available personal data is

Personal data— any information relating to a certain or determined on the basis of such information to an individual, including:

His last name, first name, patronymic,

Year, month, date and place of birth,

Address, family, social, property status, education, profession, income,

— another information (see FZ-152, art. 3).

For example: passport details, financial statements, medical records, year of birth (for women), biometrics, other personal identification information.

AT public sources of personal data (address books, lists and other information support) with written consent an individual may include his last name, first name, patronymic, year and place of birth, address, subscriber number and other personal data (see Federal Law-152, art. 8).

Personal data is classified as restricted access information and should be reserved in accordance with the legislation of the Russian Federation. When forming requirements for the security of systems, personal data is divided into 4 categories.

What is the operator and subject of personal data?

Personal data operator- this is, as a rule, an organization, or rather, a state or municipal body, a legal entity or an individual organizing and (or) carrying out the processing of personal data, as well as determining the purposes and content of the processing of personal data.

Subject of personal data is an individual.

The operator is responsible for the protection of the subject's personal data in accordance with the current legislation of the Russian Federation.

How to classify the personal data information system?

In order to attribute typical personal data information system (ISPD) for a particular class, it is necessary:

II. Define volume personal data processed in the information system:

volume 3— data is processed simultaneously in the information system less than 1000 subjects personal data or personal data of personal data subjects within a particular organization;

volume 2 from 1,000 to 100,000 subjects personal data or personal data of personal data subjects working in the sector of the economy of the Russian Federation, in a public authority residing within the municipality;

volume 1— personal data is simultaneously processed in the information system more than 100,000 subjects personal data or personal data of subjects of personal data within the subject of the Russian Federation or the Russian Federation as a whole;

III. Based on the results of the analysis of the initial data typical ISPD is assigned one of the following classes(see table):

Class 4 (K4) - information systems for which the violation of a given security characteristic of personal data processed in them does not lead to negative consequences for personal data subjects;

Class 3 (K3) - information systems for which a violation of a given security characteristic of personal data processed in them can lead to minor negative consequences for personal data subjects;

Class 2 (K2) - information systems for which a violation of a given security characteristic of personal data processed in them can lead to negative consequences for personal data subjects;

Class 1 (K1) - information systems for which a violation of a given security characteristic of personal data processed in them can lead to significant negative consequences for personal data subjects.

Judgment Day delayed until January 1, 2011

Personal data information systems created before the date of entry into force of the Federal Law of the Russian Federation No. 152 "On Personal Data" must be brought into line with the requirements of this Federal Law no later than January 1, 2010 (see Federal Law-152, Article 25).

This means that personal data operators who failed to comply with the very strict requirements of Federal Law-152, from January 1, 2010, will incur the appropriate civil, administrative, disciplinary, and perhaps (God forbid) and criminal a responsibility .

All information systems that have already been put into operation after February-April 2008 (since the methodological documents of the FSTEC of Russia and the FSB of Russia were sent out), but do not comply with the requirements of Russian legislation in the field of personal data, may incur the specified responsibility earlier, for example, tomorrow morning .

Note. Changes to the Criminal Code of the Russian Federation, significantly tightening liability for violations affecting privacy, will also come into force on January 1, 2010.

But as always happens, personal data operators did not move much, and few managed to do everything that was required. On December 16, 2009, the State Duma adopted in the third reading amendments to Articles 19 and 25 of the Law "On Personal Data" (152-FZ). The deadline for bringing personal data information systems (PDIS) into line with this law was postponed for a year - until January 1, 2011. In addition, the law excludes the rule obliging the operator to use encryption (cryptographic) means to protect data when processing personal data.

Mandatory requirements for the protection of personal data information systems

The main mandatory requirements for the organization of an information security system, depending on the class of a typical ISPD:

For ISPD class 4:

The list of measures to protect personal data is determined by the operator (depending on the possible damage)

For ISPD class 3:

Declaration of Conformity or

Obtaining a license from the FSTEC of Russia for the technical protection of confidential information (for distributed systems ISPDn K3)

For ISPD class 2:

Mandatory certification for information security requirements

Obtaining a license from the FSTEC of Russia for the technical protection of confidential information for distributed systems

For ISPD class 1:

Mandatory certification for information security requirements

Measures to protect personal data from PEMIN should be implemented

Obtaining a license from the FSTEC of Russia for the technical protection of confidential information

The procedure for protecting the information system of personal data

The sequence of actions when fulfilling the requirements of the legislation on the processing of personal data:

1) Notification to the authorized body for the protection of the rights of personal data subjects of their intention to process personal data using automation tools;

2) Pre-project survey of the information system - collection of initial data;

3) Classification of the personal data processing system;

4) Building a private model of threats in order to determine their relevance to the information system;

5) Development of a private technical assignment for a personal data protection system;

6) Designing a personal data protection system;

Responsibility for violations of the processing of personal data

Persons guilty of violating the requirements of the Federal Law 152-FZ "On Personal Data" bear:

- criminal (see the Criminal Code of the Russian Federation, art. 137, 140, 155, 183, 272, 273, 274, 292, 293),

Administrative (see the Code of the Russian Federation on Administrative Offenses, Articles 5.27, 5.39, 13.11-13.14, 13.19, 19.4-19.7, 19.20, 20.25, 32.2),

Disciplinary (see Labor Code of the Russian Federation, Art. 81; Art. 90; Art. 195; Art. 237; Art. 391)

and other liability provided for by the legislation of the Russian Federation (see by-laws on working with personal data, which are published in the constituent entities of the Russian Federation, departments and organizations).

FSTEC- Federal Service for Technical and Export Control.

PEMIN- Spurious Electromagnetic Radiations and Pickups

Protection of personal information

In December 2014, the State Duma adopted in the third reading a draft law on the storage of personal data of citizens processed on the Internet on servers in Russia. According to Roman Chuichenko, a member of the information policy committee, the main goal of the bill is to strengthen the information security of the country and its citizens. This measure was taken in connection with the complication of the international situation. This bill will come into force on September 1, 2015.

The entry into force of the new regulation on the protection of personal data involves the provision by personal data operators of:

• timely detection of unauthorized access to PD;
• prevention of impact on technical means that carry out automated processing of PD;
• the possibility of prompt response to the fact of unauthorized access and immediate restoration of PD in cases of their destruction or change;
• constant control over the level of protection of personal data.

Categories of personal data

Processing of ISPD can also be carried out according to the parameter "volume of processed personal data", which implies the number of subjects processed in the information system, and can take the following values:

• simultaneous processing of more than 100 thousand PD subjects (performed both within the subject of the Russian Federation and in the Russian Federation as a whole);
• simultaneous processing of PD from 1 to 100 thousand subjects (performed in a state authority working in the field of the Russian economy);
• simultaneous processing of PD of less than 1 thousand subjects (performed within a specific organization).

The division into categories allows not only to determine the class of ISPD, but also to establish a set of measures to ensure the security and protection of personal data on the Internet, when processed in information systems.

Employee's personal data

Every employee has the right to protect their personal data (clause 9, article 86 of the Labor Code of the Russian Federation).

In accordance with Art. 89 of the Labor Code of the Russian Federation, each employee can exercise his right to the protection and protection of PD through the following actions:

• free free access to their personal data, including obtaining a copy of any record that contains the employee's personal data;
• identification of a personal representative to protect their personal data;
• obtaining full information about PD and their processing;
• issuing requirements for the exclusion or correction of personal data containing incorrect information or if they were processed in violation of the requirements of the law;
• appeal in court against unlawful actions of the employer, as well as his inaction in the processing and protection of personal data.

The composition of the employee's personal data

Based on clause 2 of Article 86 of the Labor Code of the Russian Federation, the scope and content of the employee's personal data are determined by the employer in accordance with the Constitution of the Russian Federation, the Labor Code and other federal laws. As a rule, the activity of any organization involves the use by the employer in the workflow of two main types of documents:

1. Documents that are provided by the employee when concluding an employment contract (Article 65 of the Labor Code of the Russian Federation). This category includes documents containing a photograph of the employee, full name, information about the place and date of birth, citizenship, marital status, place of registration, education, specialty (passport, insurance certificate of state pension insurance, military ID, etc.).
2. Documents that are formed by the employer independently (primary accounting documentation for accounting for labor and its payment). This category includes orders or orders to hire an employee, terminate an employment contract, reward an employee, a personal card, documents on remuneration.

Protection of personal data, liability for violation of the law

It should be noted that some sanctions for violation of certain elements of offenses apply both to individuals and officials, and to legal entities.

In accordance with Article 150 of the Civil Code of the Russian Federation, privacy, personal and family secrets are among the inalienable intangible rights protected by existing laws.

It should be noted that the rights and obligations of an employee that are directly related to the PD of other employees are determined by the terms of the employment contract and the composition of local regulatory legal acts that establish the labor functions of the employee and the list of his job duties.

Administrative responsibility for violation of the procedure for collecting, storing and distributing personal data entails a warning or a fine in the amount of: from 300 to 500 rubles - for individuals; from 500 to 1000 rubles - for officials, from 5 to 10 thousand rubles - for legal entities (Article 13.11 of the Code of Administrative Offenses of the Russian Federation). Administrative responsibility for the dissemination of information protected by law in the performance of official and professional duties entails a fine in the amount of: from 500 to 1000 rubles - for individuals, from 4 to 5 thousand rubles - for officials (Article 13.14 of the Code of Administrative Offenses of the Russian Federation) .

Violation of privacy, in particular personal data, by a person when using his official position provides for punishment in the form of:

• a fine in the amount of 100 to 300 thousand rubles, wages or other income of the offender within 1-2 years;
• deprivation of the right to hold certain positions for a period of 2 to 5 years;
• arrest for a period of 4 to 6 months.

publicly available personal data - Personal data access to which is granted to an unlimited circle of persons with the consent of the subject of personal data or which, in accordance with federal laws, is not subject to the requirement of confidentiality. ... ... Technical Translator's Handbook

Public personal data - personal data, access to which is granted to an unlimited number of persons with the consent of the subject of personal data or to which, in accordance with federal laws, the confidentiality requirement does not apply ... Big legal dictionary

PUBLIC PERSONAL DATA - in accordance with the Federal Law "On Personal Data" dated July 27, 2006 No. 152 FZ, - personal data, access to which is granted to an unlimited number of persons with the consent of the subject of personal data or to which in accordance with federal ... ... Office work and archiving in terms and definitions

Public personal data - Publicly available personal data is personal data, access to which is granted to an unlimited number of persons with the consent of the subject of personal data or to which, in accordance with federal laws, the requirement to comply with ... Official terminology

PUBLIC SOURCES OF PERSONAL DATA - according to the Federal Law "On Personal Data" dated July 27, 2006 No. 152 FZ, - directories, address books, etc. Publicly available sources of personal data, with the written consent of the subject of personal data, may include his last name, first name ... Office work and archiving in terms and definitions

О - Credit security (Security for credit, loan security, collateral) Security of production with stocks (number of days ', weeks' stock) Impairment of assets (impairment of assets) ... Economic and mathematical dictionary

Website - The main page of the Wikipedia.org website Website (from English website ... Wikipedia

>What is publicly available personal data and what types of information does it include?

Peculiarities

Publicly available personal information is presented in sources such as a passport or other identification card, a driver's license, a military ID, a work book, a diploma of education.

Not in all cases there is a need for written permission to use them, sometimes a signature or a “tick” in the required box is enough (for example, when filling out applications via the Internet).

Information of a general nature can be placed in sources with free access. They store information about the subjects, they include a variety of directories with telephone numbers or addresses.

According to the "List of confidential information", those that are subject to distribution in the media are not confidential.

Processing is carried out by special units or bodies that collect, systematize, store, use, and also destroy information. Control over the legality of the use of personal data is carried out by Roskomnadzor, the FSB and the FSTEC.

FSTEC - the Federal Service for Technical and Export Control issues licenses to organizations that provide services to others in creating personal data protection systems. The data protection system is created for your own needs, a license is not required for it.

An individual has the right to obtain information about the operator, as well as to find out the specific purpose pursued by the operator during processing.

The subject has the full right to submit an application, the approval of which allows you to clarify, block or destroy personal information if it is outdated, invalid, incomplete, or its presence is not required for processing.

Among other things, an individual has the right to request from the operator access to his personal information, as well as to familiarize himself with the means of processing information. Operators are specialists who process information about a person.

Bodies for the processing of personal data are all organizations that collect, process, accumulate and store information about employees, customers, suppliers.

In what case are they included in open sources?

The inclusion of information in publicly available sources occurs in various situations, for example:

• during employment and the conclusion of an employment contract;
• during the census process;
• establishing trade relations, etc.

The personal data of the subject are classified according to the amount of personal information about the person and the degree of importance. Any operations with them are carried out strictly within the framework of legislative acts and are subject to protection.

Operators are obliged to organize the safety of the work process. They must ensure the full protection of the personal information of the subjects from access to it by unauthorized persons.

During the collection process, the operator is obliged to obtain written permission for further processing. The written consent to the processing includes information about the subject and the operator (full name, address), the purpose of processing and the list of necessary information, as well as a description of the operations that will be performed with them.

A citizen, as the owner of personal information about himself, may revoke a previously signed permission to process it. If the subject is incapacitated or in the event of his death, consent is sought from the legal representatives or heirs. The operator's actions are based on the Federal Law "On Personal Data".

Violation of the law is stopped by criminal, civil, administrative or other types of liability.

Any information about an individual - the subject of personal data may be excluded from public sources based on the request of the subject, Roskomnadzor, a court decision or other state bodies.

If you find an error, please select a piece of text and press Ctrl+Enter.

Confirmation of permission to process personal data is now being asked when concluding contracts, filling out questionnaires, registering on websites. Most citizens agree automatically, although personal information about a person in the hands of unscrupulous individuals is a powerful and dangerous weapon. The article talks about what you need to know about personal data, opening access to them to 3rd parties.

Personal data: what is it, the regulatory framework

The state regulates the sphere of personal data through a number of regulations. The basis is the Constitution of the Russian Federation, the basis is Federal Law No. 152 of January 27, 2006. The law explains what personal data is and what applies to them. This term means information that directly or indirectly characterizes the subject of PD - an individual. In simple terms, they can accurately determine that we are talking about a particular person.

There is an indirect mention of personal data in the Russian Constitution. Articles 23-24 of the Basic Law give citizens the right to privacy, inviolability and protection. Everything that is included in the concept of personal data belongs only to their carrier and cannot be controlled by the government or 3rd parties. Citizens themselves are free to dispose of this information, prevent its dissemination or, conversely, pass it on to others. The state, for its part, guarantees and protects this opportunity.

Federal Law No. 152 determines who has the right to use personal data other than their carrier, under what conditions, according to what rules. Only operators with his permission can receive and process personal information about the subject. A citizen signs a consent to the verification of PD when applying for a loan, filling out questionnaires or applying for a job.

Operators get access to the amount of data that is required to solve their tasks. They do not have the right to keep and use them after the goal is achieved. For example, the employer must destroy the records, questionnaires - everything that relates to the personal data of the employee, after his dismissal. Otherwise, you will be liable for

The norms of Federal Law No. 152 must be followed by all legal entities and individuals. Special rules apply when the PD:

1. receive for personal or family needs, if this does not infringe the rights of 3 persons;
2. contained in archival documents;
3. constitute a state secret;
4. collected by court order.

Other legislative acts clarify the provisions on PD in relation to different situations, introduce a system and classification of means of protection. For example, Chapter 14 of the Labor Code of the Russian Federation reveals the concept of an employee's personal data. This is information that allows you to characterize him as an employee of a particular organization (salary, length of service, qualifications, information from the Federal Tax Service and the Pension Fund of the Russian Federation, etc.), his business qualities. They should be used and kept to assist the employee in the performance of his/her work duties, to increase experience and knowledge, to advance in the service, to protect the personnel and property of the company.

Classification of personal data

Federal Law No. 152 identifies several types of personal data. You can arrange them according to the degree of "secrecy", the difficulty in collecting and using by 3 persons:

• impersonal;
• general;
• biometric;
• special.

General personal data

General personal data is basic information about a person. These include:

Processing of personal data in an organization

The purpose of processing PD in an organization is to formalize an employment relationship with an employee. Without a signed consent to the processing of PD, the employer does not have the right to conclude an employment contract. Read more in this

• place of registration and residence;
• passport data;
• education;
• Contact details;
• job information;
• income, etc.

Not all of them individually can be attributed to PD. For example, the law does not precisely define Is a phone number private?. Roskomnadzor, in response to citizens' appeals, explained that it is impossible to accurately identify a person by number alone. By itself, it is not personal, but in conjunction with the name of the owner and the city of residence, it refers to PD. Therefore, non-personalized sending of SMS messages is not considered a violation of Federal Law No. 152.

General PD is contained in a passport, military ID, diploma, personal card of an employee, work book, etc. Written permission is not necessary to obtain this data, indirect enough, for example, a checkmark in front of the corresponding item on the online questionnaire. The relative ease of access often brings problems to PD subjects - ordinary citizens: from intrusive advertising to blackmail and fake loan applications.

The personal life of a citizen, which also includes various types of secrets (medical, tax, adoption, and others), is protected from disclosure by article 137 of the Criminal Code of the Russian Federation. You can read more in this one.

Biometric PD

Biometric data is the physiological and biological characteristics of the subject: fingerprint images, blood type, height, eye color, weight, DNA analysis, etc. This also includes information that can be obtained from a photo or video recording with a person. Biometric PD is often necessary for treatment or employment in government agencies, obtaining foreign passports and visas.

Special PD

Race and nationality, religion, philosophical beliefs, health status, criminal record, intimate life, sexual preferences are special data. They are contained in medical certificates, personal files, etc.

Special ID is required to participate in political activities, join the armed forces. 3rd parties can access this data only with the permission of the subject.

Why do we need a law on personal data? See the video for the answer:

Anonymized PD

Anonymized PD is available to any interested person. Sources of information can be:

• address books;
• reference books;
• registers;

Publicly available information that is considered personal data is, for example, the income of politicians, representatives of federal or municipal authorities, officials in senior positions.

In November 2016, the first meeting of the working group of the Administration of the President of the Russian Federation on the problem of using the provisions of Federal Law No. 152 to the so-called big data. This is data that enters the network from the user: IP address, authorization forms, browser history, information that gadgets and smart home appliances accumulate about the owner.

Big Data, on the one hand, directly or indirectly point to a person, that is, they fall under the definition of PD. At the same time, legislators do not consider Internet data as the property of an individual, since he cannot control them.

All questions of interest can be asked in the comments to the article.