Scientific research work on the protection of personal data. Scientific work: Protection of employee personal data

Personal data - any information relating to a directly or indirectly identified or identifiable individual (subject personal data). Ensuring the protection of information and personal data is one of the priorities and the most important task in ensuring the information security of any organization. It is impossible to imagine the activities of an organization without processing information about a person. They store and process data about members of management bodies and employees, partners, shareholders (JSC) and persons visiting the organization. All this is personal data (PD).

A violation of confidentiality in ensuring the safety of an organization's personal data base can become a serious information security incident, which can lead to irreparable damage and numerous risks. These are, first of all, financial risks associated with the costs of taking urgent measures to eliminate this problem (conducting an investigation, organizing measures to eliminate this problem), loss of the organization’s reputation, and sometimes a complete stoppage of activities.

It is the need to ensure the security of personal data that has now become an objective reality. This need is caused by the rapid development of modern information technologies, means of electronic commerce and electronic information exchange between business partners, free access to means of mass communications, the ability to copy and distribute information.

Organizations processing personal data took measures to protect them based on their own ideas, enshrined in their internal information security policy. Now the situation has changed. In accordance with Federal Law Russian Federation dated July 27, 2006 No. 152-FZ “On Personal Data” (as amended by No. 261-FZ dated July 25, 2011), the requirements for all private and public companies and organizations, as well as individuals who store, collect, transfer or process personal data (including last name, first name, patronymic). Such companies, organizations and individuals are classified as personal data controllers.

Decree of the Government of the Russian Federation dated November 1, 2012 No. 1119 established requirements for the protection of personal data when processed in information systems, defining the classification of information systems according to the types of data processed, the classification of threats to different types systems, as well as the necessary levels of security for each type of such systems. The security of personal data when processed in an information system is ensured by the operator of this system or the person processing personal data on behalf of the operator on the basis of an agreement concluded with this person. The choice of information security means for the system is carried out by the operator in accordance with the regulatory legal acts of the FSB of Russia and the FSTEC of Russia.

According to Federal Law No. 152 “On Personal Data”, personal data is restricted access information. The purpose of this Federal Law is to ensure the protection of the rights and freedoms of man and citizen when processing his personal data, including the protection of the rights to privacy, personal and family secrets.

Failure to comply with the provisions of Law 152-Federal Law “On Personal Data” provides for civil, criminal, administrative, as well as disciplinary and other types of liability. In certain cases provided for by law, the activities of an organization may be suspended or its license may be revoked. This is one of the reasons that protecting personal data is an integral part of the successful functioning of any enterprise.

Title page

GRADUATE WORK

TOPIC: "PROTECTION OF EMPLOYEE'S PERSONAL DATA"

INTRODUCTION 3

CHAPTER I. PERSONAL DATA OF AN EMPLOYEE: CONCEPT AND ESSENCE 6

1.1. Restriction of personal data from other information 16

1.2. Development of legislation on the protection of personal data 26

1.3. General requirements for the processing of employee personal data and guarantee of their confidentiality 33

CHAPTER II. PROCEDURE FOR WORKING WITH CONFIDENTIAL INFORMATION ABOUT AN EMPLOYEE 36

2.1. HR service work with personal data 39

2.2. Main aspects of transferring employee personal data and information protection when working with personal data on a computer 44

2.3. Security control personal information employee 59

CONCLUSION 65

REFERENCES 68

INTRODUCTION

Personal data of the parties to an employment contract, which means information about the employer and employee, is important for each of them. When concluding an employment contract, the employee receives information about the employer, his location, and the nature of his future work. Knowledge of an employee’s personal data is of great importance for the employer, who, when concluding an employment contract, receives information about the employee, his age, profession, specialization, qualifications, health, and marital status.

The regulations contained in the articles of Chapter 14 “Protection of Employee Personal Data”, which concludes Section III “Employment Contract” of the Labor Code of the Russian Federation 1, are devoted to regulating and ensuring the confidentiality of personalized information about employees.

Relevance of the work. The emergence of rules on the protection of employee personal data in Russian labor law is dictated by the need to implement in the labor sphere generally recognized norms and principles of international law, the application of which is guaranteed by the Constitution of the Russian Federation 2, which in Art. 23 and 24 establishes that everyone has the right to privacy, personal and family secrets; collection, storage, use and dissemination of information about a person’s private life without his consent is not permitted.

The subject of the study is the information field on the protection of personal data of employees of enterprises, government agencies, municipalities and other types of activities.

The object of the study is the personal data of employees and their protection from unlawful interference.

Purpose of the work: to consider the issue of protecting personal data of employees.

To achieve the goal of the work, it is necessary to complete the following tasks:

Consider the theoretical foundations of the issue: the concept and essence of personal data;

Study the features of personal data and determine their differences from other information;

Monitor the development of legislation in this area;

Identify general requirements for the processing of employee personal data;

Consider the work of the HR service with personal data;

Study the main aspects of the transfer of employee personal data, as well as their protection when working on a computer;

Consider control over the protection of personal data.

The work used methods of comparison and analysis - in the study of Russian legislation in the field of personal data protection, as well as the works and generalization of knowledge of such scientists and researchers as Alaverdov A.R., Markevich A.S., Kibanov A.Ya., Orlovsky Yu. P., Petrovsky S.A., Yankovaya V.F. and others, as well as authors of feature articles - specialists in the field of personnel management and office management.

CHAPTER I. PERSONAL DATA OF AN EMPLOYEE: CONCEPT AND ESSENCE

Personal data of the parties to an employment contract, which means information about the employer and employee, is important for each of them. When concluding an employment contract, the employee receives information about the employer, his location, and the nature of his future work. 3 Knowledge of an employee’s personal data is of great importance for the employer, who, when concluding an employment contract, receives information about the employee, his age, profession, specialization, qualifications, health, and marital status.

After concluding an employment contract, information about the employee is necessary for the employer for the proper fulfillment of his obligations arising not only from labor, but also from civil, family, administrative, and other branches of legislation (for example, to withhold taxes from wages, funds for damages, alimony) , to provide the employee with benefits and advantages, for example, when transferring to another job due to illness, pregnancy, or the presence of children.

By granting the employer the right to receive extensive information about the employee’s personal data, the law obliges him to take all measures to prevent the unauthorized release of this information from the employer’s control, so that the employee’s personal data does not become available to third parties without his knowledge and consent.

The regulations contained in the articles of Chapter 14 “Protection of Employee Personal Data”, which concludes Section III “Employment Contract” of the Labor Code of the Russian Federation, are devoted to regulating and ensuring the confidentiality of personalized information about employees.

These rules have recently appeared in domestic labor law. The Labor Code of the Russian Federation, in force until February 1, 2002, not only did not contain such norms, but also did not use terminology that would cover the concepts of personal data or other information about employees. And only with the adoption of the Labor Code of the Russian Federation, which has a special chapter 14 “Protection of employee personal data”, collection, storage, use confidential information about the employee became the subject of legal regulation.

The emergence of rules on the protection of employee personal data in Russian labor law is dictated by the need to implement in the labor sphere generally recognized norms and principles of international law, the application of which is guaranteed by the Constitution of the Russian Federation 4, which in Art. 23 and 24 establishes that everyone has the right to privacy, personal and family secrets; collection, storage, use and dissemination of information about a person’s private life without his consent is not permitted.

This constitutional establishment is based on acts of international law, which include the Universal Declaration of Human Rights, adopted on December 10, 1948 by the General Assembly of the United Nations, in Art. 12 of which it is proclaimed: “No one shall be subjected to arbitrary interference in his private or family life, to arbitrary attacks on the inviolability of his home, the privacy of his correspondence or his honor and reputation. Every person has the right to the protection of the law against such interference or attacks.”1 The same norms are contained in the International Covenant on Civil and Political Rights, adopted on December 16, 1966 by the UN General Assembly and ratified by the Decree of the Presidium of the Supreme Soviet of the USSR of September 18, 1973, which established that no one may be subjected to arbitrary or unlawful interference with his personal and family life, arbitrary or illegal attacks on the inviolability of his home or the secrecy of his correspondence, on his honor and reputation. This legal provision is duplicated in the European Convention for the Protection of Human Rights and Fundamental Freedoms, concluded in Minsk on May 26, 1995, Convention of the Commonwealth of Independent States States “On Human Rights and Fundamental Freedoms”3, which oblige the countries party to the Convention to ensure the right of every person to respect for his personal and family life, inviolability of home and correspondence, and to prevent interference in the exercise of this right by state bodies, with the exception of interference provided for by law and necessary in a democratic society in the interests of national security and public safety, the economic well-being of the country, as well as for the prevention of disorder or crime, to protect health or morals, or to protect the rights and freedoms of others.

Declaring, in accordance with generally recognized norms and principles of international law, the inadmissibility of collecting, storing, using and distributing information about the private life of a person without his consent, the Constitution of the Russian Federation at the same time grants everyone the right to freely seek, receive, transmit, produce and disseminate information by any legal means. way (part 4 of article 29) 5. Each of these rights can be limited exclusively by federal law and only to the extent necessary in order to protect the foundations of the constitutional system, morality, health, rights and legitimate interests of other persons, ensuring the defense of the country and the security of the state.

Regulating these rights, Federal Law No. 149-FZ of July 27, 2006 “On information, information technologies and information protection”1 classifies information about an employee and his personal data as confidential information, the establishment of a procedure for the use and protection of which is under the joint jurisdiction of the Russian Federation. Federation and its subjects.

Further development of legal regulations on the confidentiality of personal information in a legal democratic state was given in Chapter 14 of the Labor Code of the Russian Federation, which consists of six articles:

Article 85 “The concept of employee personal data. Processing of employee personal data”;

Article 86 " General requirements when processing employee personal data and guaranteeing their protection”;

Article 87 “Storage and use of personal data of employees”;

Article 88 “Transfer of employee personal data”;

Article 89 “Rights of employees in order to ensure the protection of personal data stored by the employer;

Article 90 “Responsibility for violation of the rules governing the processing and protection of employee personal data.”

A systematic comparative analysis of the norms contained in these articles makes it possible to identify their certain isolation in the system of labor law, which gives grounds to consider them as an independent institution of labor law, which, although closely related to the employment contract, at the same time goes beyond it framework, acquiring industry-wide significance. 6

Consideration of the protection of an employee’s personal data as an institution of labor law reveals its insufficient development, the lack of necessary connections with a number of important norms and provisions of labor law.

For example, having established in Art. 90 of the Labor Code of the Russian Federation, the legislator did not specify liability for violation of the rules governing the protection of personal data of employees in Art. 22 of the Labor Code of the Russian Federation, among the general obligations of the employer as a party to labor relations, is the obligation to protect the personal data of employees. In order to eliminate this discrepancy, it would be logical to classify the protection of personal data of employees as one of the main responsibilities of the employer by making a corresponding addition to Part 2 of Art. 22 of the Labor Code of the Russian Federation “Basic rights and obligations of the employer” 7.

A similar discrepancy is revealed when comparing Art. 89 “Rights of an employee in order to ensure the protection of personal data stored by the employer” from Art. 21 “Basic rights and obligations of employees”, which does not mention the right to protection of his personal data among the basic rights of an employee.

The general concept of an employee’s personal data is given in Article 85 of the Labor Code of the Russian Federation, according to which the personal data of an employee is the information necessary for the employer in connection with labor relations and relating to a specific employee. The same article defines the processing of an employee’s personal data, which means the receipt, storage, combination, transfer or any other use of an employee’s personal data.

Given in Art. 85 of the Labor Code of the Russian Federation, the definitions of personal data and their processing are not exhaustive. A number of additional features are contained in other regulatory legal acts intended to regulate the protection of personal data in the field of labor relations, state and municipal services.

Such an act is, for example, the Regulations on personal data of a state civil servant of the Russian Federation and the management of his personal file, approved by Decree of the President of the Russian Federation of May 30, 2005 No. 609. In Article 2, this Regulation establishes that personal data of a civil servant refers to information about the facts, events and circumstances of the life of a civil servant, allowing his identity to be identified and contained in his personal file or to be included in his personal file. Personal data entered into the personal files of civil servants becomes confidential information (with the exception of information that, in cases established by federal laws, may be published in the media), and in cases established by federal laws and other regulatory legal acts of the Russian Federation, information , constituting a state secret 8 .

The range of information related to the employee’s personal data is determined by the employer, taking into account the conditions established by labor legislation in relation to a particular type of employment contract and work activity, as well as taking into account the nature of the work performed. For example, an employer will need special information to conclude an employment contract with an employee to perform work that requires special knowledge or access to state secrets.

Information about the employee is obtained by the employer primarily from the documents presented by the employee when concluding an employment contract in accordance with Art. 65 of the Labor Code of the Russian Federation: from a passport and other identification document, from a work record book, an insurance certificate of state pension insurance, from military registration documents, on education and qualifications and from other documents, the need for presentation of which when concluding an employment contract may be provided for by the Labor Code, other federal laws, presidential decrees and decrees of the Government of the Russian Federation.

Significant information can be gleaned from a citizen’s passport, which is the main document identifying his identity on the territory of the Russian Federation, in which, in accordance with the Regulations on the passport of a citizen of the Russian Federation, approved by Decree of the Government of the Russian Federation of July 8, 1997 No. 8281 (as amended dated January 23, 2004), the following marks are made:

on registration of a citizen at his place of residence and deregistration;

on the attitude towards military service of citizens who have reached the age of 18;

on registration and divorce;

about children under 14 years of age;

about previously issued basic documents identifying the identity of a citizen of the Russian Federation on the territory of the Russian Federation;

on the issuance of basic documents identifying a citizen of the Russian Federation outside the Russian Federation.

At the request of a citizen, notes can be made in the passport about his blood type and Rh factor and about the taxpayer identification number.

The second important source of information about the employee is his work book, which is rightly called a citizen’s labor passport. It contains the full amount of information about the employee’s work activities, as well as other information about him.

So, in accordance with Art. 66 of the Labor Code of the Russian Federation “Work Book” and with the Rules for maintaining and storing work books, producing work book forms and providing them to employers, approved by Decree of the Government of the Russian Federation of April 16, 2003 No. 2251 (as amended on February 6, 2004) in the labor book when registering the book, information about the employee’s last name, first name, patronymic, his date of birth (date, month, year), information about his education, profession, specialty is entered.

Subsequently, at the place of work, information about the work performed, transfers to another permanent job, dismissal, indicating the grounds for termination of the employment contract, information about incentives and awards is entered into the work book. At the request of the employee, information about part-time work is entered into the work book at the place of main work on the basis of a document confirming part-time work.

Entries in the work book about the reasons for termination of the employment contract are made in strict accordance with the wording of the Labor Code or other federal law, with references to their articles. Thus, upon termination of an employment contract with an employee who has been sentenced by a court to punishment in the form of deprivation of the right to hold certain positions or engage in certain activities and has not served this sentence, an entry is made in the work book about on what basis, for what period and what position he deprived of the right to engage in or what activity is deprived of the right to engage in.

In the work books of persons who have served correctional labor without imprisonment, an entry is made at the place of work stating that the time worked during this period is not counted towards continuous work experience. This entry is made in the work books at the end of the actual term of serving the sentence, which is established according to certificates from the internal affairs bodies.

The work book at the place of work also contains entries about the time of military service in accordance with the Federal Law of March 28, 1998 No. 53-FZ “On Military Duty and military service", services in internal affairs bodies, tax police bodies, authorities for control of the circulation of narcotic drugs and psychotropic substances, in customs and other law enforcement agencies, about the time of training in courses and schools for advanced training, retraining and training.

As you can see, a work book can contain a significant amount of various information about its owner, including information that goes beyond the scope of his work activity.

Sources of information about the employee are other documents provided by him when applying for a job: insurance certificate of state pension insurance, military registration documents, documents on education, qualifications, availability of special knowledge, academic degrees and titles.

Information about the employee related to his personal data is concentrated in unified forms of primary accounting documentation for accounting of labor and its payment, approved by Resolution of the State Committee of the Russian Federation on Statistics dated January 5, 2004 No. 1 “On approval of unified forms of primary accounting documentation for accounting labor and its payment”, agreed with the Ministry of Finance of the Russian Federation, the Ministry of Economic Development and Trade of the Russian Federation, the Ministry of Labor and Social Development of the Russian Federation. 9

The obligation to maintain unified forms of primary accounting documentation for the accounting of labor and its payment is extended to all organizations that use the labor of employees under an employment contract on the territory of the Russian Federation, regardless of their organizational and legal forms and form of ownership. Some exceptions in terms of recording working hours and settlements with personnel for wages are provided only for budgetary institutions and employers - individuals.

In accordance with the above-mentioned resolution, all unified forms of primary accounting documentation for recording labor and its payment are divided into two groups. The first is documents on personnel accounting, the second is documents on recording working hours and settlements with personnel for wages.

Personnel registration documents include an order (instruction) on hiring an employee, a personal card of an employee or a personal card of a state (municipal) employee, an accounting card of a scientific, scientific and pedagogical worker, an order (instruction) on transferring an employee to another job, an order ( order) on granting leave to an employee, vacation schedule, order (instruction) on termination (termination) of an employment contract with an employee, order (instruction) on sending an employee on a business trip, travel certificate and official assignment for sending on a business trip, report on its implementation, order (order) to reward an employee.

Documents for recording working time and settlements with personnel for wages include: time sheets and calculation of wages, payroll or payroll, personal account, note-calculation on granting leave to the employee, note-calculation upon termination (termination) of an employment contract with the employee, an act of acceptance of work performed under a fixed-term employment contract concluded for the duration of a specific job.

Obtaining information about an employee is the right of the employer. He needs it, first of all, for the effective organization of the labor process. But information about the employee may also be required by the employer to fulfill the duties assigned to him by labor legislation. For example, to apply special rules for regulating the labor of workers under the age of 18 (Chapter 41 of the Labor Code of the Russian Federation) or persons with family responsibilities (Chapter 42 of the Labor Code of the Russian Federation), the employer will need information about the employee’s age and whether he has children.

Obtaining information about an employee can be not only the right of the employer, but also his obligation, provided for both by labor law and regulations of other industries.

For example, tax legislation, granting the employer the status of a tax agent and imposing on him the responsibilities for calculating, withholding taxes from the employee as a taxpayer and transferring them to the relevant budgets or extra-budgetary funds, obliges the employer to take into account a whole range of information about the employee.

Federal Law of April 1, 1996 No. 27-FZ imposes similar obligations on collecting information about the employee.

“On individual (personalized) accounting in the compulsory pension insurance system” (effective as amended on May 9, 2005).

As a result of all this, the employer accumulates a significant amount of various information about the employee, the totality of which forms his personal data, the protection of which is among the responsibilities of the employer as the owner of the employee’s personal data, collecting, storing, using, and transferring it to third parties. 10

Limiting personal data from other information

Since the appearance of personal data as a category in Russian legislation in 1995, in the Federal Law “On Information, Informatization and Information Protection,” personal data was immediately classified as confidential information, i.e. restricted information 11 . The subsequently adopted Decree of the President of the Russian Federation “On approval of the List of Confidential Information” 12 also contains their mention as confidential information. The current Federal Law “On Information, Information Technologies and Information Protection” 13 similarly speaks of personal data in the article on restricting access to information, but does not directly call it confidential information or restricted access information, indicating only a special procedure for access to them, provided for by a special law. The Federal Law “On Personal Data” 14, interestingly, also does not characterize personal data in general as confidential information; moreover, along with a simple definition of “personal data”, it contains a definition of “public personal data” - a term that cannot be logically correlated with restricted information.

In Art. 4 of the Law contains a definition of “confidentiality of personal data”, which consists in their non-distribution, i.e. preventing actions aimed at transferring and familiarizing personal data to third parties, publishing them, placing them in the public domain. Confidentiality is not required in the case of processing publicly available personal data and in the case of their anonymization, i.e. loss of any connection with the subject, which apparently does not allow them to be considered as personal data in the future. Consequently, it is hardly possible to consider personal data as a whole as restricted access information; rather, it would be correct to introduce the category of “confidential personal data” into circulation in this case. As a result, from the entire mass of personal data, this would make it possible to identify those that are subject to confidentiality requirements by law. An exception to the rule should be considered the cases mentioned in Part 2 of Art. 1 of the Law - personal data that constitutes a state secret, stored in archives, located in the unified register of individual entrepreneurs and legal entities, processed exclusively for domestic needs. Some of them will be subject to another access restriction regime – the state secret regime. In relation to the other two cases, completely different legal regimes will apply, within which it is completely impossible to talk about limiting access to personal data. The legislation on archival affairs provides for a general ban on access to information about the private life of a person, his personal and family secrets, which can be judged on the basis of paragraph 3 of Art. 25 of the Federal Law “On Archiving in the Russian Federation” 15, given that neither one nor the other definition exists in law. Information from the unified state registers of legal entities and individual entrepreneurs is publicly available by law, with the exception of passport data of individuals (but not in the case of individual entrepreneurs) and information about bank accounts of legal entities and individual entrepreneurs 16 . The last mentioned case of exclusion from the legal regime of confidentiality of personal data, when it comes to their processing for personal household needs, should be considered as quite controversial. Probably, in this case, it is difficult to talk about the confidentiality of such personal data in full, but we can talk about the existence of a general requirement to respect the rights and freedoms of the subject of personal data, primarily the right to respect for private life, personal and family secrets, when processing them , established by the Constitution of the Russian Federation in Art. 23 and 24 17.

Returning, in fact, to the regime of confidentiality of personal data established by the Law, it should be said that its essence, by analogy with other types of restricted information, should be the establishment of a special procedure for access to it, its use and distribution. But the Law (Article 1 9) enshrines only an extremely general requirement - to take organizational and technical measures to protect against unauthorized or accidental access to it, destruction, modification, blocking, copying, distribution of personal data, as well as from other unlawful actions. The technical measures that the operator is required to take can be considered quite specific, since similar regulations apply to the protection of other types of confidential information. Such activities to protect confidential information are carried out through licensing and certification of information protection means by the Federal Service for Technical and Export Control, on the basis of relevant provisions 18. But as far as organizational measures are concerned, there are absolutely no clear indications in this regard. By analogy with other categories of restricted access information, such as state secrets 19 , commercial secrets 20 , official secrets (including on the basis of the draft Federal Law “On Official Secrets” 21, which is currently under consideration in the State Duma of the Russian Federation), such actions Logically it would be appropriate to include:

Establishing a list of personal data.

Establishing the circle of subjects who have access to personal data.

The use of a special stamp and details that allow further identification of information as confidential - “Confidential”.

Accounting (registration) of persons who actually gained access to personal data.

Settlement of relations to protect the confidentiality of information by employees and other persons on the basis of employment and civil law contracts. 22

In all of the listed cases, such actions must be taken in a timely manner (in advance), and a confidentiality/secrecy regime will be established in relation to the information only after all of the listed measures have been taken. With regard to personal data, the legislator refused such clear regulation of the operator’s actions for unclear reasons. In particular, it seems quite possible to create a list of personal data, the processing of which is carried out by a specific operator. Law in Art. 5 indicates that personal data should not be redundant and exceed the volume necessary to achieve pre-stated goals, which means that a specific list of them can and should be generated in advance. The same applies to personal data, the processing of which is permitted by law (personal data of employees) or contained in contracts between the subject of personal data and the operator (processing of personal data of clients, consumers, subscribers, etc.). Although their processing does not require appropriate notification to the body for the protection of the rights of personal data subjects or the latter’s consent, they would also need to be included in the list under consideration. The use of a special stamp would also make it possible to clearly indicate the information that is subject to the regime of confidentiality of personal data established by the Law.

Separately, it is worth considering the problem of protecting the confidentiality of personal data within the framework of labor relations. By analogy with other types of confidential information, such provisions should be included in employment contracts with employees who have access to confidential personal data. The same applies to warning employees about possible liability for the transfer, distribution of personal data, the obligation of employees upon dismissal to transfer all media and other material objects containing personal data to the employer, the obligation of the employee to maintain the confidentiality of personal data that became known to him during the performance of his labor function, after termination of employment contracts, etc. Unfortunately, the Law does not contain any of these provisions and, moreover, in principle does not single out the employee, i.e. an individual who, directly in the performance of his job duties, operates an information system, database/bank of personal data and has direct access to them.

A similar situation has arisen in the issue of access to information systems, databases/banks of personal data of third parties on the basis of civil contracts, in particular agreements/on technical support aimed at ensuring the uninterrupted functioning of information systems, databases/banks of personal data, and other similar cases .

Taking into account these recommendations would allow us to resolve many issues related to bringing perpetrators to legal responsibility and to differentiate it to a greater extent. Since, by analogy with other types of confidential information, most often the subject of liability is a special subject, i.e. a person who has permission/access to it legally and has voluntarily assumed obligations to maintain confidentiality.

Let us note another significant aspect related to protecting the confidentiality of personal data. Based on the Law, the main “confidant” in relation to personal data should be considered the “operator”, and in some cases third parties who have gained access to it. At the same time, the subject of personal data himself, being one of the participants in the relationship to protect their confidentiality, does not bear such an obligation by law. Moreover, he has a number of “exclusive rights” - the right to access his personal data, including the right to demand clarification, and also, most importantly, the right to lift the confidentiality regime at any time - agree to their public availability, communicate them or transfer them to third parties persons, other operators, and generally dispose of them at their own discretion. However, the operator, as a confidant, is presumably obliged to sometimes maintain the confidentiality of personal data that has actually become publicly known. For example, if they became such without the consent of the subject as a result of illegal actions, say, through publication in the media. In such cases, requiring continued confidentiality of information in most cases would simply be illogical, since this information has become publicly available. The public availability of personal data is clearly conditioned by two conditions - the consent of the subject or a direct requirement of the law (for example, the provisions of Article 7 of the Federal Law “On Combating the Legalization (Laundering) of Proceeds from Crime and the Financing of Terrorism” 23, which provides for the identification of a person when committing large transactions and transfer of this information to the relevant government agencies). Therefore, in the absence of the above two conditions in the situation under consideration, the operator would still be obliged to maintain their “confidentiality”, paradoxically. Otherwise, this would be a direct violation of the rights of the subject, who could suffer if information about his private or personal life contained in personal data became the subject of general discussion.

Some of these problems in determining the content of the legal regime for confidentiality of personal data can be explained by the peculiarities of the nature of personal data, which is closely related to the right to respect for the privacy of an individual, personal and family secrets. Some Russian authors, for example V.N. Lopatin, in this regard, directly point to personal data as an institution for protecting the right to privacy 24. This state of affairs explains the need for a special approach to personal data when processing it, regardless of the existence of a regime limiting access to it, since their use should not violate the general fundamental rights of the individual, such as the right to privacy, personal and family secrets.

Another part of the problems is explained by the fact that personal data, if there is a requirement for their confidentiality, which is reasonably presumed, including on the basis of a consistent analysis of the provisions of the Law, can be classified as “derived” secrets 25 or categories of restricted access information. This, in turn, requires their owner to take unconditional measures to protect their confidentiality, since they are protected in in this case not his rights and interests, but the rights and interests of other persons, in particular fundamental human rights and freedoms. Therefore, according to the authors, in the absence of a direct interest of the owner in protecting the confidentiality of personal data, there is a need to clearly articulate his responsibilities in this case.

The last thing worth noting when characterizing personal data as confidential information is related to their relationship in this capacity with other categories of information with limited access, which can present some difficulties. On the one hand, personal data is associated with the need to protect the private life of an individual, an area that, according to most modern authors 26, can hardly be clearly defined; on the other hand, almost all definitions, including legislative ones, characterize them as “any information which can be associated with or identified with an individual,” and therefore personal data can cover almost all areas of an individual’s life. It is quite obvious that, due to such a complex nature, they can potentially be protected under other confidentiality/secrecy regimes, in particular under the regime of state secrets, trade secrets, official secrets and many types of professional secrets (medical, notarial, adoption secrets, etc. ). A similar conclusion is prompted by an analysis of a number of provisions of the Law, within the meaning of which personal data simultaneously constitutes: state secrets (Part 2 of Article 1), personal and family secrets, secrets of private life (Articles 2, 12), medical secrets (Clause 3–4, part 2, article 10 and article 12), the secrecy of the investigation (l. 6, part 2, article 10), the secrecy of justice and operational investigative activities (art. 11). It is quite obvious that, with some exceptions, such information will be subject to both the requirements of the legislation on the protection of personal data and other special legislation.

In conclusion, we will express a general judgment about some imperfections of the Russian Law in terms of defining personal data as restricted or confidential information, which has already been noted by other authors, in particular N.I. Petrykina 27. As possible ways to improve the provisions of the legislation, the authors see it advisable to formulate the following proposals and conclusions.

Firstly, it is worth introducing into the legislative matter the concept of “confidential personal data”, i.e. personal data that, in accordance with the law on personal data, is subject to a special legal regime for restricting access to it - the regime of confidentiality of personal data.

Secondly, the law on personal data should highlight the main organizational measures to establish a regime of confidentiality of personal data. These measures include: establishing by the operator a list of confidential personal data that he processes, determining the circle of subjects who will have access to it, establishing rules for the use of relevant details on tangible media containing confidential personal data.

Thirdly, indicate in the law on personal data as subjects of relations for protecting the confidentiality of personal data, the “owner” of the information system, database/bank of personal data, and directly the “operator” of the information system, database/bank of personal data, i.e. a person who, on the basis of an employment or civil law contract, operates and maintains such an information system and has access to personal data. Determine the features of their legal status and responsibility.

Development of legislation on the protection of personal data

The Institute of Personal Data is a fairly young institution by legal standards. Its formation is closely connected with the development of constitutional rights and freedoms of man and citizen, and first of all, with the right to privacy.

The right to privacy as a legal category originated in the United States. IN English language all aspects of private life are designated by a single term “privacy”, which has no literal equivalent in Russian. One of the first attempts to formulate the essence of the concept of “privacy” was made in 1890 by famous American lawyers Samuel Warren and Louis Brandeis, who defined it as “the right to be alone” - the right to be left alone or the right to be left to oneself 28 . In their article "The Right to Privacy" in the Harvard Law Journal, they argued that privacy was being jeopardized by new inventions and business practices, and argued for the need for a special "right of privacy." With the development of scientific and technological progress, we are increasingly convinced of the validity of these provisions.

The activities of American courts played a huge role in the formation and formulation of the right to privacy. Thus, in 1965, in the case of Griswold v. Connecticut US Supreme Court Justice Douglas derived the right to privacy from the first five amendments to the US Constitution, recognizing that these amendments “protect various aspects of privacy.” The words he said summarizing the court's decision are widely known: "We are dealing with a right to privacy that is older than the Bill of Rights."

The concept of privacy, formed in the USA, had a great influence on the formation of the modern system of human rights and freedoms. On December 10, 1948, the UN General Assembly approved the Universal Declaration of Human Rights, Article 12 of which established that no one shall be subjected to arbitrary interference in his personal and family life, arbitrary attacks on the inviolability of his home, the privacy of his correspondence or his honor and reputation. ; Every person has the right to the protection of the law from such interference and such attacks 29 .

In 1950, a similar rule was enshrined in Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms in the following wording: “everyone has the right to respect for his private and family life, his home and his correspondence.” Thanks to these documents, the right to privacy has been recognized as an inalienable right of every person.

With the development of information technology, attention and interest in the issue of privacy began to increase significantly. New technologies and tools have emerged for collecting, storing and processing data relating to both the personal lives of individuals and their public activities. In law, the issue of adopting special rules for regulating the collection and processing of personal data as an increasingly popular object of economic turnover has arisen. At this time, the most active development of regulations on the protection of personal data is observed in Europe.

The principles laid down in the European Convention for the Protection of Rights and Fundamental Freedoms are further developed in the special provisions of the Council of Europe Convention 108 for the Protection of the Rights of Individuals with regard to Automatic Processing of Personal Data of 1981, which considers data protection as the protection of the fundamental rights and freedoms of individuals, in particular, their rights to privacy in relation to the processing of personal data.

Subsequently, Directive No. 95/46EC of the European Parliament and of the Council of 24 October 1995 on the protection of the rights of individuals with regard to the processing of personal data and on the free movement of such data laid the foundations for a pan-European system for the protection of personal data. In 2000, the EU Charter of Fundamental Rights established the right to the protection of personal data as a fundamental right in its own right.

These are the main stages in the formation of a regulatory mechanism for the protection of personal data on the European continent. The final stage of its formation was the adoption of national laws of EU member countries aimed at regulating issues of personal data protection.

The world's first special Personal Data Protection Law was adopted by the German state of Hesse in 1970. Before this, there were no such laws anywhere in the world. Over the past 30 years, more than 20 European countries have adopted regulations on the protection of personal data, which established real mechanisms for legal regulation of the circulation of personal data. It should be noted that the creation of regulations in this area proceeded independently along with the development of legislation on the protection of the right to privacy. thirty

In Russia, certain elements of the right to privacy were legislated and analyzed back in the pre-revolutionary period. Thus, the Postal Charter of 1857 and the Telegraph Charter of 1876. secured the secrecy of correspondence, criminal legal protection of this secret was carried out on the basis of the norms of the Code on Criminal and Correctional Punishments of 1845, the Criminal Code of 1903. Thus, in the Criminal Code of 1903. (Articles 162-170) a ban was established on the interference of officials in the personal and family life of a person during the administration of justice.

After the revolution, the approach to the problem of human rights changed significantly. Thus, the Constitution of the RSFSR of 1918, although it contained a section on human rights entitled “Declaration of the Rights of the Working and Exploited People” (the declaration was adopted earlier at the III All-Russian Congress of Soviets), but did not secure even basic rights, a minimum of personal, political, economic, cultural human rights. It included only a ban on exploitation, the right to equal land use, the liberation of the working masses from the yoke of capital, and the right of workers to manage.

In 1924, a new constitution was adopted - the Constitution of the USSR, which no longer contained the Declaration of Rights. Of the human rights, only national freedom, equality, and single union citizenship were proclaimed. Along with this, in the Constitution of the USSR, a separate chapter was devoted to the establishment of the United State Political Administration, which led repressions that violated all human rights, in order to combat political and economic counter-revolution, espionage and banditry.

For the first time, a chapter on the rights and responsibilities of citizens appeared in the Constitution of the USSR, adopted on December 5, 1936. on the eve of the mass repressions of 1937-1938. The Constitution enshrined a wide range of personal rights and freedoms, such as freedom of conscience (Article 124), personal inviolability (Article 127), inviolability of home and privacy of correspondence (Article 128). In theoretical terms, this was a serious achievement of Soviet law, but in practical terms, it was just a formality.

Thus, by order of the NKVD of the USSR dated December 29, 1939, it was ordered that all international telephone conversations without exception of employees of foreign embassies and foreign correspondents be stenographed, and by the decision of the decision-making bodies, censorship of all incoming and outgoing international correspondence was introduced.

Not only were international relations controlled by state security agencies, but within the state, “a large place in the control over individuals and society was given to the use of informants.”

Despite the obvious violation of the right to privacy by such practices, such actions are justified by states as necessary security measures.

Already in the 1940s, with the expansion of repressive and punitive policies towards dissidents, with the tightening of the totalitarian regime, the problem of human rights was actually “closed”.

The issue of human rights was raised again only during the political “thaw” of the late 1950s and early 1960s, when the first theoretical studies on political and legal doctrines appeared in the USSR.

In 1977 in connection with the ratification of the International Covenant on Civil and Political Rights of December 16, 1966. The new Constitution of the USSR was adopted. Constitution of the USSR 1977 became the first and only constitution in the entire Soviet period to include in a separate section a standard set of civil, political, economic, social and cultural rights for developed European countries. Articles 54-56 of the USSR Constitution of 1977 citizens were guaranteed the inviolability of personality, home, as well as the protection by law of personal life, the secrecy of correspondence, telephone conversations and telegraph messages. In Art. 57 of the USSR Constitution of 1977 it was stipulated that respect for the individual, protection of the rights and freedoms of citizens is the responsibility of all government bodies, public organizations and officials.

For the first time in Russia, the right to privacy as an independent right was formulated in the Declaration of Rights and Freedoms of Man and Citizen, adopted on the eve of the collapse of the union state by the Supreme Council of the RSFSR on November 22, 1991. It provides for a ban on the collection, storage, use and dissemination of information about a person’s private life without his consent. Subsequently, this norm will be enshrined in the Constitution of the Russian Federation of 1993 31.

In 1995, the Federal Law “On Information, Informatization and Information Protection” dated February 20, 1995. No. 24-FZ for the first time legislated the concept of personal data. According to Article 2 of the said Federal Law, personal data is information about the facts, events and circumstances of a citizen’s life that allows him to be identified. In addition, this law established general principles for the collection and use of information about citizens; according to this law, personal data was classified as confidential information.

It should be noted that the development of a special law on the protection of personal information began in Russia even before the adoption of Directive 95/46/EC of the European Parliament and the Council of Europe on October 24, 1995 “On the protection of the individual in relation to the processing of personal data and the free circulation of this data.” The initial draft law with the working title “On Personal Information” was developed in 1998 by the Committee on Information Policy and Communications of the State Duma of the Russian Federation with the participation of a working group of experts in the field of information legislation. However, this draft law was never considered in the State Duma of the Russian Federation. Then, after more than two years, another working group, which prepared the draft of the subsequently adopted Federal Law “On Personal Data” dated July 27, 2006. No. 152-FZ 32.

The fundamental rules governing relations regarding personal data are contained in the Federal Law “On Personal Data”. In accordance with paragraph 1 of Art. 3 of this Law, personal data is any information relating to an individual identified or determined on the basis of such information (subject of personal data), including his last name, first name, patronymic, year, month, date and place of birth, address, family, social , property status, education, profession, income, other information.

In accordance with Part 1 of Art. 85 of the Civil Code of the Russian Federation, personal data of an employee means information necessary for the employer in connection with labor relations and relating to a specific employee. The evaluative nature of this definition reflects only the general approach of the legislator to the category of employee personal data. An employer may collect and process not any information about a person who is his employee, but only that which is directly related to his employment relationship.

General requirements for the processing of employee personal data and guarantee of their confidentiality

The employer's concentration of personalized information (personal data) about an employee presupposes its processing. According to the definition given in Part 2 of Art. 85 of the Labor Code of the Russian Federation, processing of personal data is the receipt, storage, combination, transfer or any other use of an employee’s personal data.

From this definition it follows that the processing of an employee’s personal data covers all stages of working with information about the employee - from receipt to transfer of it to other persons.

General requirements that must be observed when processing an employee’s personal data, as well as guarantees for their protection, are established in order to ensure the rights and freedoms of man and citizen in Art. 86 of the Labor Code of the Russian Federation, which includes nine points, each of which formulates one of the requirements classified as general.

So, paragraph 1 of Art. 86 of the Labor Code of the Russian Federation requires that the processing of an employee’s personal data is carried out solely for the purpose of ensuring compliance with laws and other regulations, assisting employees in employment, training and promotion, ensuring the personal safety of employees, monitoring the quantity and quality of work performed and ensuring the safety of property. The issue of the purposes of collecting personal data in the public service system is resolved in a similar way. Thus, in the Regulations on the personal data of a state civil servant of the Russian Federation and the management of his personal file in this regard, approved by Decree of the President of the Russian Federation of May 30, 2005 No. 609, it is stated that when receiving, processing, storing and transferring personal data of a civil servant, the personnel service of the state the body is obliged to comply with the requirements, the list of which is given in Art. 5 of this Decree.

The first of these requirements states that the processing of personal data of a civil servant is carried out in order to ensure compliance with the Constitution of the Russian Federation, federal laws and other regulatory legal acts of the Russian Federation, to assist the civil servant in passing the state civil service of the Russian Federation, in training and job growth, to ensure personal safety of a civil servant and his family members, as well as in order to ensure the safety of his property and the property of a state body, accounting for the results of his execution job responsibilities. 33

Clause 2 of Art. 86 of the Labor Code of the Russian Federation establishes that when determining the volume and content of an employee’s personal data to be processed, the employer must be guided by the Constitution of the Russian Federation 34, the Labor Code of the Russian Federation and other federal laws.

This requirement should be considered as limiting the right of the employer to determine the volume and nature of information about the employee that it needs to organize effective labor relations with the employee. When collecting information about an employee, the employer must not go beyond the limits established by the Constitution of the Russian Federation, the Labor Code of the Russian Federation and other federal laws.

Thus, the employer must not violate the rights and freedoms of man and citizen guaranteed by the Constitution of the Russian Federation and demand from the employee information that violates his right to privacy, personal and family secrets (Article 23), independently determine and indicate his nationality (Article 26).

In the Labor Code of the Russian Federation, the volume and nature of personal information about the employee that the employer must receive are determined by Art. 65, which establishes a list of documents submitted by a citizen to the employer when applying for a job, and prohibits requiring from a person applying for work other documents other than those provided for by the Labor Code of the Russian Federation, other federal laws, presidential decrees and decrees of the Government of the Russian Federation.

As already noted, from these documents the employer can obtain information about the employee’s last name, first name, patronymic, his age, date and place of birth, place of residence, the presence or absence of children, family responsibilities, work experience, registration in the state pension system insurance, military registration status, education, qualifications, availability of special knowledge, etc.

CHAPTER II. PROCEDURE FOR WORKING WITH CONFIDENTIAL INFORMATION ABOUT AN EMPLOYEE

Confidential documents are those containing information known only to a certain circle of persons, not subject to public disclosure, and access to which is limited.

Confidential documents include documents that have access restrictions: “confidential”, “trade secret”, “for official use”.

The legislation of the Russian Federation provides for liability for unauthorized access, disclosure or sale of information bearing such stamps.

Employees authorized to access confidential documents must undergo training and familiarize themselves with instructions for working with confidential documents.

Organization of office work ensuring the safety and recording of confidential documents provides for:

appointment of an official responsible for their recording, storage and use;

procedure for preparing and reproducing documents;

separate registration of documents;

formation of cases;

organization of issuance and storage of documents;

checking the availability of documents;

archival storage and destruction procedures.

Printed and signed documents are submitted for registration to the official responsible for their registration. Drafts, versions of the document, files are destroyed with confirmation of the fact of destruction by an entry on a copy of the document.

Reproduction of confidential documents is carried out:

with the permission of the enterprise management;

with a limited number of copies;

in a specially designated room;

in the presence of the official responsible for the document;

with immediate destruction of defective copies.

Confidential documents must be recorded separately from other documentation in the Confidential Documents Log.

The sheets of the registration logs are numbered, stitched, sealed, and their total number is indicated (in numbers and in words) on the certification sheet.

All incoming confidential documents are accepted and opened by a specially appointed official.

Upon receipt, the following is checked: the number of sheets; number of copies; availability of attachments to the document.

Confidential documents are formed into a separate file, which must have: an access restriction stamp; a list of employees authorized to use this file; numbering of sheets; internal inventory of documents; certification sheet.

Files with confidential documents are stored in a sealed safe, in a specially designated room equipped with security equipment.

The issuance and return of confidential documents must be reflected in the “Register of Issuance of Confidential Documents”.

When issuing a document, the document number is checked against the number in the journal; the number of sheets is checked; The recipient of the document is signed and dated.

When returning a document, the document number is checked against the number in the journal; the number of sheets is checked; a return mark is placed; The signature of the recipient of the document and the date of return are affixed.

Prohibited:

removal of confidential documents from files;

moving them from one case to another without permission from management and marks in the “Logbook of the issuance of confidential documents”;

unauthorized removal of confidential documents from the office. Confidential document personnel registration index.

The availability of confidential documents is checked to ensure their safety; preventing leakage of confidential information.

When establishing the fact of loss of a confidential document:

The head of the enterprise is informed:

security Service;

measures are being taken to search for the document.

A report is drawn up regarding the lost document, and a corresponding note about the loss is entered in the “Registration Journal of Confidential Documents.”

An expert commission of the enterprise annually selects confidential documents for archival storage or destruction.

Archival storage of confidential documents is carried out in sealed boxes in premises that exclude unauthorized access.

The destruction of confidential documents is carried out with the drawing up of an act approved by the head of the enterprise; in the presence of the commission; using a special machine (shredder) or in any other way that excludes the possibility of restoring the information contained in them.

The specificity of the protection of personal data of persons carrying out their professional activities on the basis of an employment contract is manifested in the fact that the fundamental requirements for the processing of personal data are established by federal legislation, and the procedure for carrying out individual operations with an employee’s personal data (collection, storage, use, distribution) may be detailed in local legal acts. In accordance with paragraph. 7 hours 1 tbsp. 22 of the Labor Code of the Russian Federation, employers have the right to adopt local regulations, which may reflect issues of protecting confidential information. 35

One of these local regulations is the Personal Data Regulations. The Regulations define the basic requirements for the procedure for receiving, storing, combining, transferring or any other use of an employee’s personal data in connection with labor relations in the organization.

The development and use of an effective system for ensuring the security of personal data of workers is one of the important parts of the personnel safety management system, the system for protecting the life and health of workers. 36

The main document regulating the relationship between employer and employee is the employment contract, when concluding which the provisions of Federal Law No. 152-FZ of July 27, 2006 “On Personal Data” 37 should be taken into account. It came into force on January 1, 2007 and regulates relations in the field of collection, modification and transfer of information by federal government bodies of the Russian Federation and its constituent entities, as well as legal entities and individuals with and without the use of automation tools. The purpose of this law is to protect human rights and freedoms when processing his personal data, including the rights to privacy, personal and family secrets.

According to Art. 2 of the Law on Personal Data any information relating to an individual identified or determined on the basis of such information (subject of personal data), including: 38

Full Name;

year, month, date and place of birth;

family, social, property status;
education;
profession;
income and other information are recognized as personal data.

This list is not closed - it can include almost all information about the employee that the employer receives.

In addition to this Art. 10 and 11 of the Personal Data Law establishes special data that is subject to increased protection measures against unauthorized processing and distribution. This is information regarding:

race, nationality;

political views, religious or philosophical beliefs;

state of health, intimate life of an individual, as well as biometric personal data - information characterizing the physiological characteristics of a person. 39

Principles and conditions for information processing

The processing of personal data includes all actions and operations with them, including collection, systematization, accumulation, storage, clarification (updating, changing), use, distribution (transfer), depersonalization, blocking and destruction. According to the law, these are ordinary business operations of the institution, which both the manager and the accounting service often encounter.

In accordance with paragraph 1 of Art. 6 of the Law on Personal Data, data processing is possible only with the consent of the employee. Therefore, when applying for a job, it is necessary to obtain from him a written statement of consent to data processing. In such a statement, the employee must inform:

last name, first name, patronymic, address, identification document number, information about the date of issue and the authority that issued it;

name and address of the institution that received consent to use personal data;

purpose of data processing;

list of personal data to which the employee agrees to be processed;

list of actions to which consent is given, general description methods of processing information used by the institution;

the period during which the consent is valid, as well as the procedure for its withdrawal (Clause 4 of Article 9 of the Law on Personal Data).

Let's provide a sample employee application (see appendix).

During the course of their work, any employee may face close attention from intruders or competitors - both their own and those of the organization in which they work. The article is devoted to the issues of ensuring personnel safety based on the protection of personal data of employees.

The safety of its own personnel is one of those areas that must be ensured by the organization in the first place.

Personnel safety is the state of protection of workers - the most important resource of the enterprise - from external and internal threats, material, moral or physical harm as a result of accidental or deliberate actions.

Personnel safety management is a complex problem, which represents the management of a set of organizational and technical measures that reduce threats to personnel safety in enterprises. 40

Here is an approximate list of some potential threats to personnel: 41

direct poaching of leading managers and specialists by competitors;

recruitment of employees by competing and criminal structures, and in some cases by law enforcement agencies;

blackmail or direct threats against specific employees in order to induce them to violate trust on the part of the employer (i.e., commit various official violations);

attacks on employees (primarily senior managers) and members of their families.

Such threats can be implemented in any organization and in relation to any employee in whom, for one reason or another, interest has appeared on the part of attackers. The implementation of such threats is possible due to the attackers’ knowledge of personal information and personal specific data about the employee.

The work of personnel services is always associated with the accumulation, formation, processing and use of significant amounts of information about all categories of employees. This information refers to personal data, which inherently reflects the personal and family secrets of employees, their private life and is included in the range of information that is subject to protection from unauthorized access. Uncontrolled dissemination of personal data can cause significant damage to both the individual - the subject of personal data, and the organization within whose walls confidential information was leaked.

In organizing the protection of personal data at the local level, special attention should be paid to the basic requirements for correct, competent, qualified personnel work, the professional level of training and information and legal culture of personnel department employees. Failure by employees of HR departments to comply with organizational conditions aimed at protecting the personal data of employees may contribute to the formation of channels for the leakage of confidential information.

Main aspects of transferring employee personal data and information protection when working with personal data on a computer

Established in Art. 86 of the Labor Code of the Russian Federation, the general requirements for processing employee personal data are designed to ensure the safe storage and use by the employer of confidential information about employees. The main purpose of these requirements is to ensure compliance with the constitutional rights of employees to the inviolability of personalized information about them. The employer must know and take into account these general requirements, first of all, when developing rules for their receipt, processing, storage, use, and transfer to third parties. 42

By imposing on the employer the obligation to develop and implement these rules, Art. 87 of the Labor Code of the Russian Federation determined that these rules are established by the employer in compliance with the requirements of the Labor Code of the Russian Federation and other federal laws. They must ensure compliance with the law when storing employee personal data and the inaccessibility of this information to persons who do not have permission to work with documents and other sources of information about the employee’s identity.

All documents and materials containing the employee’s personal data together form his personal file. It contains the employee’s application for employment, his application form, copies of documents on education, qualifications, an order (instruction) on hiring, a copy of the employment contract, all standard unified forms of primary accounting documentation for personnel work and labor accounting provided for by regulations and its payment. 43 The file also includes the employee’s resignation letter, the materials that served as the basis for the termination of the employment contract or its termination, and the order (instruction) of the employer that terminated the employment relationship with the employee.

The general procedure for maintaining and storing an employee’s personal file is established by the employer, and it is usually maintained by employees of the HR departments or other services of the employer. For them, the employer establishes special obligations to ensure the safety and confidentiality of information that forms the personal data of employees. These responsibilities must be included in the employment contracts of employees whose job function is to process the employees’ personal data.

When developing and adopting rules for the storage and use of employees’ personal data, the employer must establish storage periods for various documents and materials, both those that form the employee’s personal file and those that are not included in it. 44 At the same time, the employer must take into account that the storage periods for the most important documents containing personal data of employees are determined by various regulations, among which are the List of standard management documents generated in the activities of organizations, indicating their storage periods, approved by the head of the Federal Archival Service of Russia October 6, 2000

In particular, in accordance with this List, personal files (applications, autobiographies, copies of orders and extracts from them, copies of personal documents, characteristics, personnel records sheets, questionnaires, certification sheets, etc.) of the head of the organization, members of management, executive, control organs of the organization, as well as employees with state and other titles, prizes, awards, academic degrees and titles are stored permanently.

Similar documents of other employees are kept for 75 years.

Also, employment contracts, characteristics, personal cards, and other materials (including temporary workers) that are not included in personal files are stored for 75 years.

Work books and duplicates of work books that were not received by employees upon dismissal or in the event of the death of an employee not received by his immediate relatives are stored for two years in the employer's personnel service separately from other work books. After the specified period, unclaimed work books are stored in the organization’s archives for 50 years, after which they are subject to destruction in the prescribed manner.

Documents of persons not hired (application forms, autobiographies, personnel records, applications, letters of recommendation, resumes, etc.) are stored by the employer for one year. 45

During the validity of the employment contract with the employee, as well as during the storage period of documents containing personal data about the employee, this data is used by the employer, including transferred to other persons, as a result of which information about the employee may become widely disseminated.

According to the general rule enshrined in Art. 88 of the Labor Code of the Russian Federation, the transfer by the employer of the employee’s personal data to other persons is allowed only if there is a voluntary expression of the will of the employee, confirmed by his written statement. Exceptions to this rule may be provided for by the Labor Code of the Russian Federation and other federal laws, for example, to ensure the safety of workers.

In general, Art. 88 of the Labor Code of the Russian Federation “Transfer of personal data of an employee” establishes seven requirements that an employer must comply with when transferring information about an employee to other persons. 46

The first of these requirements prohibits the employer from disclosing the employee’s personal data to a third party without the employee’s written consent, except in cases where this is necessary to prevent a threat to the life and health of the employee, as well as in other cases provided for by the Labor Code of the Russian Federation or other federal laws.

It follows that the employer can disclose the employee’s personal data to a third party only with the written consent of the employee. Without such consent, the employer may disclose the employee’s personal data to a third party only in two cases: a) when this is necessary in order to prevent a threat to the life and health of the employee, for example, transferring information about the blood type of a person in serious condition; b) in other cases provided for by federal legislation. 47

Thus, federal laws provide for the mandatory sending by employers of relevant information about their employees to the Social Insurance Fund, the Pension Fund, tax authorities, state supervision and control bodies for compliance with labor legislation, executive authorities and trade unions participating in the investigation of accidents. cases in production, to the court, to the prosecutor, to the preliminary investigation and inquiry authorities.

In accordance with Art. 357 of the Labor Code of the Russian Federation, state labor inspectors, when carrying out supervisory and control activities, have the right to request from employers and receive from them free of charge documents and information necessary to perform supervisory and control functions, including personal data of employees.

According to the instructions contained in Part 2 of Art. 228 of the Labor Code of the Russian Federation, in the event of an industrial accident that causes harm to the health of two or more people or causes death, the employer (his representative) is obliged to send the necessary information about this within 24 hours: to the relevant state labor inspectorate; to the prosecutor's office at the scene of the accident; to the federal executive body according to departmental affiliation and to the executive body of the constituent entity of the Russian Federation; to the organization that sent the employee with whom the accident occurred; to territorial associations of trade union organizations; to the insurer on issues of compulsory social insurance against accidents at work and occupational diseases.

In the event of an accident, this information is sent to the same authorities by any employer - both an organization and an individual. 48

The second requirement contained in Art. 88 of the Labor Code of the Russian Federation, prohibits an employer from disclosing an employee’s personal data for commercial purposes without his written consent.

The importance of an employee’s personal data, like that of any citizen, from the point of view of its commercial and other significance cannot be overestimated. They have always been in demand in the activities of the state, which collected information about its citizens in various information banks, and by creditors and employers, who requested or demanded from citizens a variety of information about them - name, date and place of birth, address of residence, availability family, education, etc.

With the advent of the era of computers and telecommunications technologies, confidential information that forms the personal data of a citizen becomes practically publicly available. Reducing the time and financial resources required to obtain it has made such information an object of business, a profitable type of entrepreneurial activity (not always legal). This is evidenced by the presence in computer markets of a large number of different databases containing personal information about citizens as subscribers of telephone networks, car owners Vehicle, real estate owners, taxpayers. They provide fairly complete information about the person, date and place of birth, place of residence, information about diseases, habits, hobbies, passions, etc. 49

Information about an employee for commercial purposes may be provided by the employer to business partners as their representatives in order to ensure trust in them from the counterparty. The employee must be aware of the volume and nature of such information, since the analyzed norm requires obtaining the written consent of the employee in order to use personal information for commercial purposes.

The third requirement obliges the employer to warn the persons receiving the employee’s personal data from him that this data can only be used for the purposes for which it was communicated, and require these persons to confirm that this rule has been complied with.

Persons receiving the employee’s personal data are required to observe the secrecy (confidentiality) regime for the processing and use of the received information. This provision does not apply to the exchange of personal data of employees in the manner established by the Labor Code of the Russian Federation and other federal laws.

Fourthly, the employer is obliged to ensure the transfer of the employee’s personal data within one organization, from one individual entrepreneur, in accordance with a local regulatory act, with which the employee must be familiarized with his signature.

Such local regulations can be developed as an independent document (regulations, instructions) or as an annex to a collective agreement. They must take into account current legislation, instructions and regulations regarding the access of citizens to information related to state and other types of secrets.

The fifth requirement provided for in Art. 88 of the Labor Code of the Russian Federation, establishes that the employer must allow access to personal data of employees only to specially authorized persons. In this case, these persons should have the right to receive only those personal data of the employee that are necessary to perform specific functions.

Without additional permission, only persons presenting such documents, their executors, employees who endorsed, signed or approved the document, as well as persons indicated or named in the text of the document are allowed to access documents containing personal data of an employee.

The sixth requirement states that the employer does not have the right to request information about the employee’s health status, with the exception of that information about his health that is necessary to consider the issue and make a decision on the possibility of the employee performing a specific job function stipulated by the employment contract.

Information about a citizen’s health status is a medical secret. Transferring it to anyone is permitted only with the consent of the employee or his legal representative. The exception is cases when information about the employee’s health status is transferred to the employer when there is a threat of the spread of infectious diseases, mass poisonings and injuries, or if there are grounds to believe that harm to the citizen’s health was caused as a result of illegal actions. Information about the state of a citizen’s mental health can be transferred to the employer only in cases established by federal laws, for example, the law “On psychiatric care and guarantees of citizens’ rights during its provision.”

The employer is provided with information about the employee’s health status necessary to decide whether he can perform a specific job function in the form of a medical report with a conclusion about the employee’s compliance or non-compliance with the health status of a specific position or type of work.

Finally, the seventh requirement provided for in Art. 88 of the Labor Code of the Russian Federation, states that the employer is obliged to transfer the employee’s personal data to employee representatives in the manner established by the Labor Code and other federal laws, and limit this information only to those employee personal data that are necessary for the said representatives to perform their functions.

Employee representatives, for example, an elected trade union body, are a third party when it comes to obtaining employee personal data. Therefore, the transfer of this information by the employer to them is carried out in accordance with the restrictions and rules established by Art. 88 Labor Code of the Russian Federation. Employee representatives are required to observe the confidentiality regime of the employee’s personal data received by them. 50

The range of information about the employee transmitted to employee representatives is determined by the functions and powers of the representatives. The general function of any employee representative in the field of labor relations is participation in collective negotiations to conclude a collective agreement, in resolving collective labor disputes, and in defending an employee in the process of an individual labor dispute. Therefore, personal information about employees can serve to develop the terms of a collective agreement, resolve a collective conflict, make a decision on an individual labor dispute, ensure the interests of a given employee, and improve working conditions for all or certain categories of employees. 51

An important role in protecting personalized information about an employee is assigned to the employee himself as a party to the employment contract. In order to ensure the protection of personal data stored by the employer, Art. 89 of the Labor Code of the Russian Federation gives employees the right: 52

to full information about their personal data and the processing of this data;

free free access to your personal data, including the right to receive copies of any record containing the employee’s personal data, except in cases provided for by federal law;

identifying your representatives to protect your personal data;

access to medical data relating to them through a medical professional of their choice;

requirement to exclude or correct incorrect or incomplete personal data, as well as data processed in violation of the requirements of this Code or other federal law. If the employer refuses to exclude or correct the employee’s personal data, he has the right to declare in writing to the employer his disagreement with the appropriate justification for such disagreement. The employee has the right to supplement personal data of an evaluative nature with a statement expressing his own point of view;

the requirement that the employer notify all persons who were previously informed of incorrect or incomplete personal data of the employee about all exceptions, corrections or additions made to them;

appealing to the court any unlawful actions or non-actions of the employer in the processing and protection of his personal data.

Providing for the rights and obligations of the parties to an employment contract aimed at protecting the employee’s personal data, Art. 90 of the Labor Code of the Russian Federation “Responsibility for violating the rules governing the processing and protection of an employee’s personal data” The Code establishes that persons guilty of violating the rules regulating the receipt, processing and protection of an employee’s personal data are subject to disciplinary and financial liability in the manner established by the Labor Code and other federal laws, and are also subject to civil, administrative and criminal liability in the manner prescribed by federal laws. 53

As you can see, this norm is of a reference-blanket nature, since it refers to the norms of labor law providing for disciplinary liability, as well as to the norms of other branches of law that establish the rules for obtaining, processing and protecting personal data of an employee, for violation of which administrative, civil penalties are established. -legal or criminal liability.

According to the authors of the Commentary to the Labor Code of the Russian Federation 54, the list of types of legal liability specified in Art. 90 of the Labor Code of the Russian Federation is not exhaustive, since persons guilty of violating the rules for working with an employee’s personal data can also be held financially liable. Moreover, both the employer and the employees who directly process the employees’ personal data may be held liable for financial violation of the rules governing the procedure for obtaining, processing and protecting an employee’s personal data.

Administrative liability in the form of a fine in the amount of 5 to 10 minimum wages for officials, and for legal entities - from 50 to 100 or more minimum wages may occur for the commission of such offenses provided for by the Code of the Russian Federation on Administrative Offenses, such as :

refusal to provide a citizen with information, documents collected in the prescribed manner, materials directly affecting his rights and freedoms, or untimely provision of such documents and materials, failure to provide other information in cases provided for by law, or provision of incomplete or deliberately false information to a citizen (Article 5.39 );

violation of the procedure established by law for the collection, storage, use or dissemination of information about citizens (personal data) (Article 13.11);

violation of information protection rules, with the exception of information constituting a state secret (Article 13.12);

illegal activities in the field of information protection (Article 13.13);

disclosure of information, access to which is limited by federal law (except for cases where disclosure of such information entails criminal liability), by a person who has gained access to such information in connection with the performance of official or professional duties (Article 13.14 of the Code of Administrative Offenses of the Russian Federation).

Subjects of administrative liability for violation of the legally established procedure for collecting, storing, using or distributing information about citizens and for violating information protection rules can be both employers - individuals and employers - legal entities (organizations), their managers and specific employees performing labor duties. functions related to the collection, storage, and use of personal data of employees. 55

Civil liability for violation of the rules governing the receipt, processing and protection of an employee’s personal data occurs if such violation causes damage to inalienable human rights and freedoms and other intangible benefits, which include honor and good name, business reputation, inviolability privacy, personal and family secrets (Article 2, 150 of the Civil Code of the Russian Federation).

Civil liability may be expressed in the imposition of an obligation to compensate for property damage or compensation for moral damage. For example, moral damage to an employee may be caused as a result of the culpable dissemination of the employee’s personal data, in the case of providing third parties with false information about the employee containing information discrediting his honor, dignity, or business reputation.

Compensation for moral damage and protection of honor, dignity and business reputation of an employee is carried out on the grounds established by Art. 151, 152 of the Civil Code of the Russian Federation, in civil proceedings.

Criminal liability for violation of the rules for working with an employee’s personal data may occur provided that this violation contains elements of a crime against the constitutional rights and freedoms of a person.

Among them may be a violation of privacy (Article 137 of the Criminal Code of the Russian Federation), expressed in the illegal collection or dissemination of information about the private life of a person, constituting his personal or family secret, without his consent, or in the dissemination of this information in a public speech, publicly displayed work or the media, if these acts were committed out of selfish or other personal interest and caused harm to the rights and legitimate interests of citizens. This crime is punishable by a fine of up to 200,000 rubles. (Part 1) or a fine of up to 300,000 rubles. (Part 2), if it was committed with the use of official position, or other penalties alternatively provided for in the sanctions of Parts 1 and 2 of Art. 137 of the Criminal Code of the Russian Federation.

Another crime in this area is refusal to provide information to a citizen. In accordance with Art. 140 of the Criminal Code of the Russian Federation, this crime is expressed in the unlawful refusal of an official to provide documents and materials collected in the prescribed manner that directly affect the rights and freedoms of a citizen, or the provision of incomplete or knowingly false information to a citizen if these actions caused harm to the rights and legitimate interests of citizens.

This crime is punishable by a fine of up to 200,000 rubles. or in the amount of wages or other income of the convicted person for a period of up to 18 months, or by deprivation of the right to hold certain positions or engage in certain activities for a period of two to five years.

As noted by A.M. Lushnikov, persons guilty of violating the legislation on the processing of personal data of an employee may also be prosecuted under Art. 129 of the Criminal Code of the Russian Federation for libel, if the employer’s representatives allow, when processing the employee’s personal data, the dissemination of knowingly false information about him, discrediting his honor and dignity or business reputation, as well as under Art. 130 of the Criminal Code of the Russian Federation, if during the processing of an employee’s personal data, his honor and dignity will be humiliated in an indecent form, for example, using obscene language. 56

Unlawful access to computer information protected by law, in an electronic computer, computer system or their network, if this act entailed the destruction, blocking, modification or copying of information, disruption of the operation of the computer, computer system or their network - is punishable by a fine or corrective labor for a term of six months to one year, or imprisonment for a term of up to two years. 57

As is known, the implementation of Federal Law No. 152-FZ has been repeatedly postponed. The fact is that achieving compliance with the Federal Law requires the introduction of new IT products, the adoption of organizational measures and the modernization of the company’s business processes. But the greatest difficulties for Russian specialists are caused by the requirements of the law themselves, or rather, by their vagueness. Fulfilling some requirements has become an almost impossible task, since this requires considerable financial, technical and organizational resources. Thus, according to the calculations made, the protection of personal data in accordance with the law requires an increase in financial resources by 3-5 times.

Technical measures to protect information include: 58

means of protecting information from unauthorized access (NSD) (systems for restricting access to information; anti-virus protection; firewalls; means of blocking information input/output devices, cryptographic means and so on.);

means of protecting information from leakage through technical channels (use of shielded cables; installation of high-frequency filters on communication lines; installation of active noise systems, etc.).

All information security software must undergo a compliance assessment in accordance with the established procedure.

Consequently, in order to ensure compliance with the requirements of Federal Law No. 152 - FZ, it will be necessary to significantly change the work with information and documentation containing personal data.

Actions to implement the requirements of Federal Law No. 152-FZ include:

1. Conducting an inventory of all systems processing personal data.

2. Availability of consents of subjects to the processing of their personal data.

3. Formation of a list of personal data, assessment of the legality of PD processing.

5. Formation of documents regulating work with personal data.

6. Formation of a threat model containing current threats to the information security of personal data during their processing.

7. Determination of the ISPD class and development of solutions to reduce the class of the information system. The procedure for classifying information systems was approved by the joint Order of the FSTEC of the Russian Federation, the FSB of the Russian Federation and the Ministry of Information Technologies and Communications of the Russian Federation dated February 13, 2008 No. 55/86/20. The purpose of the classification is to establish methods and means of protecting information necessary to ensure the security of personal data.

8. Approval of the classification act.

10. ISPD control.

When performing these actions, the personal data information system will comply with the requirements of the law. 59

Monitoring the protection of employee personal information

Control over compliance with the requirements of the law is entrusted to the Federal Security Service (FSB of Russia), the Federal Service for Technical and Export Control (FSTEC) and the Federal Service for Supervision of Communications, Information Technologies and Mass Communications (Roskomnadzor).

Each of these departments performs its own task. Thus, the FSB of Russia oversees the security of personal data during its processing in information systems, including the protection of information using encryption tools (cryptography).

The competencies of the FSTEC of Russia are the protection of information using technical means, including confirmation of the absence of undeclared capabilities in the means of protection. Technical means of protecting personal data must be certified.

Roskomnadzor is the main regulator in the field of protecting the rights of individuals whose personal data is processed. Employees of this department have the right:

check the information in the notification submitted by the operator;

take measures to suspend or terminate the processing of personal data carried out in violation of the requirements of the law;

file claims in court to protect the rights of subjects and represent their interests in court. And also send applications to the authority licensing the operator’s activities to consider taking measures to suspend his license;

send materials to law enforcement agencies to resolve the issue of initiating a criminal case in connection with a violation of the rights of personal data subjects;

bring to administrative responsibility persons guilty of violating the law.

Violation of the procedure established by law for the collection, storage, use or dissemination of information entails the imposition of an administrative fine on citizens from five hundred to one thousand rubles with confiscation of uncertified information security means, on officials - from one to two thousand rubles, and on legal entities - from ten to twenty thousand rubles with confiscation of uncertified funds.

Disclosure of information to which access is limited by federal law (except for cases where disclosure of such information entails criminal liability) by a person who had access to it for official or professional duties shall entail the imposition on officials of an administrative fine - from four thousand to five thousand rubles . 60

All this indicates the need to further improve the regulatory framework governing relations regarding the processing of personal data.

In accordance with the current legislation, several types of liability are provided for violation of standards in the field of personal data protection (civil, material, disciplinary, administrative and criminal). For certain offenses, sanctions are established against not only individuals and officials, but also legal entities. Thus, holding certain types of liability is possible for both employees and employers.

Article 150 of the Civil Code of the Russian Federation includes personal integrity, privacy, personal and family secrets among the inalienable and inalienable intangible rights subject to legal protection. Civil liability for violation of privacy is directly related to the category of moral damage. If a citizen has suffered moral harm (physical or moral suffering) by actions that violate his personal non-property rights or encroach on other intangible benefits belonging to the citizen, as well as in other cases provided for by law, the court may impose on the violator the obligation of monetary compensation for the specified harm.

When determining the amount of compensation for moral damage, the court takes into account the degree of guilt of the offender and other circumstances worthy of attention. The court must also take into account the degree of physical and moral suffering associated with the individual characteristics of the person who suffered harm (Article 151 of the Civil Code of the Russian Federation) 63. In addition, a citizen has the right to demand in court a refutation of information discrediting his honor, dignity or business reputation, unless the person who disseminated such information proves that it is true. Disclosure and further use of a citizen’s image (including his photograph, as well as video recordings or works of fine art in which he is depicted) are permitted only with the consent of this citizen (Articles 152 and 153 of the Civil Code of the Russian Federation). Explanations of issues related to the infliction of moral harm are contained in the Resolution of the Plenum of the Supreme Court of the Russian Federation dated December 20, 1994 No. 10 “Some issues of application of legislation on compensation for moral harm.” Compensation for moral damage is carried out in monetary form. The nature of physical and moral suffering is assessed by the court, taking into account the actual circumstances in which moral harm was caused and the individual characteristics of the victim (Article 1101 of the Civil Code of the Russian Federation).

The employee's financial responsibility for the disclosure of information related to the personal data of other employees is assigned to him in the full amount of damage caused (clause 7 of Article 243 of the Labor Code of the Russian Federation). Cases of full financial liability are exceptions to the general rule, which confirms the special importance of the institution of protecting personal data of employees in domestic labor law.

Disciplinary liability in the form of dismissal occurs for an employee who discloses a secret protected by law (including personal data of another employee). However, it is necessary that this information becomes known to the employee in connection with the performance of his job duties (go, “in” clause 6 of Article 81 of the Labor Code of the Russian Federation). In accordance with Art. 192 of the Labor Code of the Russian Federation, the involvement of an employee who has committed a disciplinary offense is a right, not an obligation of the employer. When imposing a disciplinary sanction, the employer must take into account the severity of the offense committed and the circumstances under which it was committed. Therefore, instead of dismissal, the employer has the right to impose a penalty on the guilty person in the form of a reprimand or reprimand. The rights and obligations of an employee with respect to access to the personal data of other employees are determined by his job function, other terms of the employment contract, as well as the content of local regulatory legal acts that determine the list of his job responsibilities.

Administrative liability for violation of the procedure established by law for collecting, storing, using or distributing information about citizens (personal data) entails a warning or the imposition of an administrative fine on citizens in the amount of 0.3 thousand to 0.5 thousand rubles; for officials - from 0.5 thousand to 1 thousand rubles; for legal entities - from 5 thousand to 10 thousand rubles. (Article 13.11 of the Code of the Russian Federation on Administrative Offenses (hereinafter referred to as the Code of Administrative Offenses of the Russian Federation)). Disclosure of restricted access information by a person who has gained access to such information in connection with the performance of official or professional duties shall entail the imposition of an administrative fine on citizens in the amount of 0.5 thousand to 1 thousand rubles; for officials - from 4 thousand to 5 thousand rubles. (Article 13.14 of the Code of Administrative Offenses of the Russian Federation).

Criminal liability for violation of privacy is provided for in Art. 137 of the Criminal Code of the Russian Federation 64. Illegal collection or dissemination of information about the private life of a person, constituting his personal or family secret, without his consent, or dissemination of this information in a public speech, publicly displayed work or the media is punishable by a fine of up to 200 thousand rubles. or in the amount of wages or other income of the convicted person for a period of up to 18 months, or compulsory work for a period of 120 to 180 hours, or correctional labor for a period of up to one year, or arrest for a period of up to four months. The same acts committed by a person using his official position are punishable by a fine in the amount of 100 thousand to 300 thousand rubles. or in the amount of wages or other income of the convicted person for a period of one to two years, or by deprivation of the right to hold certain positions or engage in certain activities for a period of two to five years, or by arrest for a period of four to six months.

CONCLUSION

The protection of an employee’s personal data can be considered in several aspects. Firstly, these are the guarantees enshrined in labor law, which is a set of rules governing relations regarding the personal data of an employee. Secondly, it is a system of organizational and legal measures aimed at implementing legislative provisions and expressing the employer’s policy in this area. Thirdly, it is ensuring the subjective right of the employee to protect his personal data.

Information relations arise both between the employee and the employer, and between each of them and third parties. The relationship between employee and employer is the basic information relationship. Therefore, their regulation in labor legislation will be given priority. The employee is not only obliged to provide information about himself, but also has the right to receive reliable information about working conditions and labor protection requirements in the workplace (Article 21 of the Labor Code of the Russian Federation). Each employee has the right to receive reliable information from the employer about labor conditions and safety in the workplace, about the existing risk of damage to health, as well as about measures to protect against exposure to harmful and (or) dangerous production factors (Part 3 of Article 219 of the Labor Code of the Russian Federation ). Article 210 of this Code contains the term “unified labor protection information system”. Receiving information from the employer on issues directly affecting the interests of employees is one of the main forms of employee participation in the management of the organization (Article 53 of the Labor Code of the Russian Federation). The employer is obliged to provide employee representatives with complete and reliable information necessary for concluding a collective agreement, agreement and monitoring their implementation (Article 22 of the Labor Code of the Russian Federation).

Certain norms of the domestic codified labor law regulate relations regarding confidential information. According to Part 3 of Art. 57 of the Labor Code of the Russian Federation, an employment contract may provide for conditions on non-disclosure of secrets protected by law (state, official, commercial and other). The employer has the right to terminate the employment contract in cases of disclosure by the employee of a legally protected secret that has become known to him in connection with the performance of his job duties, termination of access to state secrets, if the work performed requires access to state secrets (subclause “c” of paragraph 6 of Art. 81 Labor Code of the Russian Federation). The employee is held financially liable in the full amount of damage caused in the event of disclosure of information that constitutes a secret protected by law. In accordance with Part 8 of Art. 37 of the Labor Code of the Russian Federation, participants in collective negotiations and other persons associated with the conduct of collective negotiations must not disclose the information received if this information relates to a secret protected by law. Persons who disclosed this information are subject to disciplinary, administrative, civil, and criminal liability in the manner prescribed by law. In accordance with current regulations, personal data of a citizen is classified as confidential information1. Therefore, the provisions of the Labor Code of the Russian Federation regarding secrets protected by law also apply to personal

In market business conditions, the efficiency and effectiveness of the employer's activities are directly related to its timely provision of information resources. The employer’s activities in relation to the employee’s personal data are regulated by imperative norms, which is due to the public component of the field of labor law in general and the institution of protecting the employee’s personal data in particular. The right to protection of personal data is absolute. It is provided to each employee regardless of the size of his contribution to the achievement of the organization's goals. Therefore, according to paragraph 9 of Art. 86 of the Labor Code of the Russian Federation, employees must not waive their rights to preserve and protect secrets.

Employees can exercise their right to protection of personal data by freely accessing their personal data, including the right to receive copies of any record containing the employee’s personal data; by identifying their representatives to protect their personal data; by receiving complete information about personal data and their processing; by presenting to the employer a requirement to exclude or correct incorrect or incomplete personal data, as well as data processed in violation of legal requirements; by appealing to the court any unlawful actions or inaction of the employer when processing and protecting the employee’s personal data, etc. (Article 89 of the Labor Code of the Russian Federation).

Thus, all the tasks set in the introduction were completed during the writing of the work, and therefore, the goal of the work was achieved.

BIBLIOGRAPHY

Normative legal acts

The United Nations Universal Declaration of Human Rights of December 10, 1948 was adopted by the UN General Assembly on December 10, 1948. // International public law: collection of documents.-M.: BEK, 1996.-T. 1.-S. 460-464.

Law of the Russian Federation of December 27, 1991 No. 2124-1 “On the Mass Media” Electronic resource: [text as ed. dated July 27, 2012] // Consultant Plus - legal reference system. Version 3000.02.12. M.: CJSC “Consultant Plus”, 1992-2006.

Family Code of the Russian Federation dated December 29, 1995 No. 223-F3 Electronic resource: [adopted by the State Duma of the Federal Assembly of the Russian Federation on December 8, 1995: text as amended. dated 06/03/2012] // Consultant Plus legal reference system. Version 3000.02.12.-M.: CJSC “Consultant Plus”, 1992-2006.

Labor Code of the Russian Federation dated December 30, 2001 No. 197-FZ Electronic resource: [adopted by the State Duma of the Federal Assembly of the Russian Federation on December 21, 2001: text as amended. dated June 30, 2012] // Consultant Plus legal reference system. Version 3000.02.12. -M.: CJSC “Consultant Plus”, 1992-2006.

Criminal Code of the Russian Federation dated June 13, 1996 No. 63-F3 Electronic resource: [adopted by the State Duma of the Federal Assembly of the Russian Federation on May 24, 1996: text as amended. dated July 27, 2012] // Consultant Plus legal reference system. Version 3000.02.12. - M.: CJSC “Consultant Plus”, 1992-2006.

Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” Electronic resource: [adopted by the State Duma of the Federal Assembly of the Russian Federation on July 8, 2006] // Consultant Plus reference legal system. Version 3000.02.12. - M.: CJSC “Consultant Plus”, 1992-2012.

Scientific literature

Alaverdov A. R. Organization and security management in credit and financial organizations: Textbook. M.: Moskovsky State University statistics and computer science, 2004.

Balashkina I.V. Features of constitutional regulation of the right to privacy in the Russian Federation // Law and Politics. 2007. No. 7. pp. 92-105.

Bachilo I.L., Sergienko L.A., Kristalny B.V., Areshev A.G. Personal data in the structure of information resources. Fundamentals of legal regulation. Minsk. 2006. p.473.

Blotsky V.N. Constitutional provision of the human right to privacy in the Russian Federation: Author's abstract. dis. Ph.D. legal Sci. M., 2007. p. 31.

Borisova S. A. General requirements for processing employee personal data and guarantees of their protection // Labor Law. - 2005. - N 11. - P. 30-36.

Glushkova S.I. Human rights in Russia: theory, history, practice: textbook. Benefit. Ekaterinburg. 2008. p.748.

Ishcheynov V. Ya. Personal data in legislative and regulatory documents of the Russian Federation and information systems // Office work. - 2008. - N 3. - P. 87-90.

Kibanov A. Ya. Personnel management of an organization: Textbook. 4th ed., add. and processed M.: Infra-M, 2010. 695 p.

Kuzhukeeva G. The right to private life and the right to freedom of expression: problems of correlation. [Electronic resource]. URL: http://medialaw.asia

Lushnikov A.M. Protection of employee personal data: comparative legal commentary on Chapter 14 of the Labor Code of the Russian Federation // Labor Law. 2009. No. 9. P. 93-101.

Markevich A. S. Organizational legal protection personal data in official and labor relations: Author's abstract. dis. for the job application uch. Art. Ph.D. legal Sci. Voronezh, 2006.

Novichkova Yu. V. Personal data - without the right of transfer, or Features of termination of an employment contract for disclosure of personal data // Personnel Directory. - 2007. - N 1. - P. 14-23.

Orlovsky Yu. P., Kuznetsov D. L., Belitskaya I. Ya., Koryakina Yu. S. Personnel records management (legal basis): Practical guide / Ed. Yu. P. Orlovsky. M.: Contract, 2009. 239 p.

Preobrazhensky, E. Insider: the option of sealing the USB port will not help / Personnel management. - 2009. - N 7 (209). - P. 8-15.

Savintseva M. Legal protection of personal information of citizens in Russia // Legislation and practice of mass media. - 2006. - No. 9. [Electronic resource]. URL: http://www.medialaw.ru/publications

Sokolova O. S. Problems of implementing the Federal Law “On Personal Data” // Modern law. - 2006. - N 9. - P. 37-41.

Fedosova, M. A. Protection of employee personal data // Financial and accounting consultations. - 2007. - N 11. - P. 71-74.

Khachaturyan Yu. A. The employee’s right to the protection of personal data // Modern law. - 2006. - N 1. - P. 43-51.

Channov, S. E. Legal regime of personal data in state and municipal service // Russian justice. - 2008. - N 1. - P. 21-23.

Chirkin V.E. Constitutional law of foreign countries: Textbook. 4th ed., revised. and additional - M.: Yurist, 2005. p. 391.

Yankovaya V. F. Regulations on the protection of personal data of employees. M.: LLC "Professional Publishing House" // Secretary-referent. 2008. N 2.

Application

Director of musical theater

located at:
Moscow, st. Unknown, 6,
Ivanov Ivan Ivanovich
from Sidorov Peter Mikhailovich
(passport N 33 00 612745, issued
Leninsky Department of Internal Affairs of Moscow 02/25/2001)

Statement.

I, Sidorov Petr Mikhailovich, give my consent to the collection, systematization, accumulation, storage, clarification (updating, changing), use, distribution (transfer), depersonalization, blocking and destruction of my personal data:

Full Name;

Year, month, date and place of birth;

Family, social, status;

Education;

Profession;

The income received by me in this institution, for transfer to the tax office in form 2-NDFL and the Pension Fund of the Russian Federation, individual information on accrued insurance contributions for compulsory pension insurance and data on work experience.

8 Labor Code of the Russian Federation dated December 30, 2001 No. 197-FZ

9 Bachilo I..L., Sergienko L.A., Kristalny B.V., Areshev A.G. Personal data in the structure of information resources. Fundamentals of legal regulation. Minsk. 2006. p.473.

10 Borisova S. A. General requirements for the processing of employee personal data and guarantees of their protection // Labor Law. - 2005. - N 11. - P. 30-36.

11 On information, informatization and information protection: Federal Law of February 20, 1995 No. 24-FZ, Part 1 of Art. 11 // Russian newspaper. 2003

12 On approval of the List of confidential information: Decree of the President of the Russian Federation of March 6, 1997 No. 188 // Reference legal system “Garant” as of September 1, 2008 URL: http://www.garant.ru

13 On information, information technologies and information protection: federal law of July 27, 2006 No. 149-FZ // Russian newspaper. 2006

14 Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” Electronic resource: [adopted by the State Duma of the Federal Assembly of the Russian Federation on July 8, 2006] // Consultant Plus reference legal system. Version 3000.02.12. - M.: CJSC “Consultant Plus”, 1992-2012.

15 On archival matters: Federal Law No. 125-FZ of October 22, 2004 (as amended by Federal Law No. 202-FZ of December 4, 2006) // Reference legal system “Garant” as of September 1, 2008. URL: http://www.garant.ru

16 On state registration of legal entities and individual entrepreneurs: Federal Law of August 8, 2001 No. 129-FZ, Art. 6 (as amended by Federal Law No. 202-FZ of December 4, 2006) // Legal system “Garant” as of May 1, 2008 URL: http://www.garant.ru

17 Constitution of the Russian Federation. Adopted by popular vote on December 12, 1993. // Russian newspaper. 12/25/1993.

18 Regulations on certification of information security means. Approved by Decree of the Government of the Russian Federation of June 26, 1995 No. 608 (as amended and supplemented by April 23, 1996 No. 509; dated March 29, 1999 No. 342; dated December 17, 2004 No. 808); Regulations on certification of information security tools according to information security requirements. Approved by Order of the Chairman of the State Technical Commission under the President of the Russian Federation dated October 27, 1995 No. 199; Regulations on licensing activities for the technical protection of confidential information. Approved by Decree of the Government of the Russian Federation of August 15, 2006 No. 504

19 On state secrets: Law of the Russian Federation of July 21, 1993 No. 5485-1, section 3 “Classification of information as state secrets and their classification”

20 On trade secrets: Federal Law of July 29, 2004 No. 98-FZ, Art. 10 in ed. Federal Law of February 2, 2006 No. 19-FZ, of December 18, 2006 No. 231-FZ)

21 On official secrets: draft federal law, bill No. 124871-4, Chapter 2 “Classifying information as official secrets and removing restrictions on their dissemination.”

22 Bachilo I..L., Sergienko L.A., Kristalny B.V., Areshev A.G. Personal data in the structure of information resources. Fundamentals of legal regulation. Minsk. 2006. p.473.

23 On combating the legalization (laundering) of proceeds from crime and the financing of terrorism: Federal Law of August 7, 2001 No. 115-FZ // Rossiyskaya Gazeta. 2001

24 Bachilo I.L., Lopatin V.N., Fedotov MA Information law. SPb.: ed. "Legal Center Press", 2005. P. 243.

25 On the classification of confidential information into “primary” and “derived” secrets, see: Volchinskaya E.K. Trade secret in the confidential information system

26 Bachilo I.L., Lopatin V.N., Fedotov M.A. Decree. op. P. 220; Golovkin R.B. Legal and moral regulation of private life in modern Russia: dis. ... Doctor of Law. Sciences: 12.00.01. N. Novgorod / 2005. P. 117; Baranov V.M. Category “private life” // Citizens’ right to information and protection of privacy. N. Novgorod, 1999. pp. 34-37.

27 Petrykina N.I. On the issue of confidentiality of personal data // Legal system “Garant” as of May 1, 2008.

28 Borisova S. A. General requirements for the processing of employee personal data and guarantees of their protection // Labor Law. - 2005. - N 11. - P. 30-36.

29 Borisova S. A. General requirements for the processing of employee personal data and guarantees of their protection // Labor Law. - 2005. - N 11. - P. 30-36.

36 Bachilo I..L., Sergienko L.A., Kristalny B.V., Areshev A.G. Personal data in the structure of information resources. Fundamentals of legal regulation. Minsk. 2006. p.473.

37 Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” Electronic resource: [adopted by the State Duma of the Federal Assembly of the Russian Federation on July 8, 2006] // Consultant Plus reference legal system. Version 3000.02.12. - M.: CJSC “Consultant Plus”, 1992-2012.

38 Kibanov A. Ya. Personnel management of an organization: Textbook. 4th ed., add. and processed M.: Infra-M, 2010. 695 p.

39 Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” Electronic resource: [adopted by the State Duma of the Federal Assembly of the Russian Federation on July 8, 2006] // Consultant Plus legal reference system. Version 3000.02.12. - M.: CJSC “Consultant Plus”, 1992-2012.

40 Bachilo I..L., Sergienko L.A., Kristalny B.V., Areshev A.G. Personal data in the structure of information resources. Fundamentals of legal regulation. Minsk. 2006. p.473.

49 Preobrazhensky, E. Insider: the option of sealing the USB port will not help / Personnel management. - 2009. - N 7 (209). - P. 8-15.

50 Khachaturyan Yu. A. The employee’s right to the protection of personal data // Modern law. - 2006

51 Bachilo I..L., Sergienko L.A., Kristalny B.V., Areshev A.G. Personal data in the structure of information resources. Fundamentals of legal regulation. Minsk. 2006. p.473.

52 Lushnikov A.M. Protection of employee personal data: comparative legal commentary on Chapter 14 of the Labor Code of the Russian Federation // Labor Law. 2009

53 Khachaturyan Yu. A. The employee’s right to the protection of personal data // Modern law. - 2006

54 Lushnikov A.M. Protection of employee personal data: comparative legal commentary on Chapter 14 of the Labor Code of the Russian Federation // Labor Law. 2009

55 Lushnikov A.M. Protection of employee personal data: comparative legal commentary on Chapter 14 of the Labor Code of the Russian Federation // Labor Law. 2009

56 Lushnikov A.M. Protection of employee personal data: comparative legal commentary on Chapter 14 of the Labor Code of the Russian Federation // Labor Law. 2009

57 Preobrazhensky, E. Insider: the option of sealing the USB port will not help / Personnel management. - 2009. - N 7 (209). - P. 8-15.

58 Preobrazhensky, E. Insider: the option of sealing the USB port will not help / Personnel management. - 2009. - N 7 (209).

59 Preobrazhensky, E. Insider: the option of sealing the USB port will not help / Personnel management. - 2009. - N 7 (209).

60 Bachilo I..L., Sergienko L.A., Kristalny B.V., Areshev A.G. Personal data in the structure of information resources. Fundamentals of legal regulation. Minsk. 2006. p.473.

61 Preobrazhensky, E. Insider: the option of sealing the USB port will not help / Personnel management. - 2009. - N 7 (209). - P. 8-15.

62 Borisova S. A. General requirements for processing employee personal data and guarantees of their protection // Labor Law. - 2005. - N 11. - P. 30-36.

63 Lushnikov A.M. Protection of employee personal data: comparative legal commentary on Chapter 14 of the Labor Code of the Russian Federation // Labor Law. 2009

64 Criminal Code of the Russian Federation dated June 13, 1996 No. 63-F3 Electronic resource. [Adopted by the State Duma of the Federal Assembly of the Russian Federation on May 24, 1996: text as amended. dated July 27, 2012] // Consultant Plus legal reference system. Version 3000.02.12. - M.: CJSC “Consultant Plus”, 1992-2006.

Federal Agency for Education
Altai State University
History department
Department of Archival Science and Historical Informatics

Legal protection of personal data in the Russian Federation
(Course work)

Completed by a student
1st year 194 groups
Nikiforova K.A.

________________________

(signature)

Scientific director
Ph.D., Art. Rev. Sarafanov D.E.
________________________

(signature)

Job protected
"____"___________2010

Grade _________________

Barnaul 2010

Introduction………………………………………………………………………………...2

Chapter 1 The concept of “personal data” in domestic legislation and scientific literature………………………………………………………………………………...…………..6

1.1 Definition of the concept of “personal data” in legislation………………6

1.2 Definition of the concept of “personal data” in the scientific literature………….13

Chapter 2 Protection of personal data and liability for violation of work with them.................................................. ........................................................ ............................................17

1.1 Legal measures to protect personal data………………………………17

1.2 Responsibility for violation of work with personal data……….…….24

Conclusion………………………………………………………………………………………....28

List of sources and literature………………………………………………………..30

Introduction

Over time, humanity has more and more new objects that need protection by enshrining appropriate norms in law. The main object today is information. Nowadays, society is entirely dependent on the data received, processed and transmitted. For this reason, data itself becomes highly valuable. And the higher the price useful information, the higher its safety.

In view of the above, legislative acts, both in Russia and foreign countries, provide for a considerable number of norms aimed at regulating the creation, use, transfer and protection of information in all its forms.

Of particular value is information that contains data about a person’s personal, individual or family life. Article 2 of the Constitution of the Russian Federation enshrines the basic principle of a modern democratic society: “Man, his rights and freedoms are the highest value.” Accordingly, information that directly affects a person’s private interests must be respected and protected by the state.

The purpose of the work is to study the legal protection of personal data in the Russian Federation. To achieve the goal, it is necessary to solve the following tasks:

1. based on an analysis of scientific works and legislation, study the content of the concept of “personal data”;

2. study various aspects of personal data protection

Historiography.“Personal data” is considered as information (recorded on a tangible medium) about a specific person that is identified or can be identified with him. Personal data includes biographical and identification data, personal characteristics, information about family, social status, education, profession, professional and financial status, health status, and others. IN modern world There are increasing demands on the protection of this information, and they take the provision of guarantees for their safety and non-disclosure very seriously.

A.G. Saidov devoted his work to issues of information security, legal regulation and components of the state information security system. The subject of his research is the content and significance of constitutional and legal norms that ensure the creation of an information security system for individuals, Russian society and the state. Abdulmutalib Gasanovich made a significant contribution to the study of the legal protection of personal data and information security in general. According to A.G. Saidov, the main thing that Russian legislation lacks (and what can be learned from foreign experience) is a positive (non-punitive) orientation. Personal data protection is a new area of activity; here it is important to teach, explain, help, and not prohibit and punish.

The author considers it necessary to adopt the Federal Law “On Privacy”, which would establish an exhaustive list of cases of restriction of rights in accordance with constitutional grounds and decisions of the European Court of Human Rights. According to Saidov, the state must create conditions to ensure the protection of personal data of every citizen of the Russian Federation.

In the work of V.Ya. Yarochkina “Information Security”, personal data refers to the type of information that requires legal protection. He considers the need for legal protection of personal data of a person and a citizen, and proves the importance of the safety of personal information. The author lists the types of legal acts focused on the legal protection of information and other means aimed at concealing personal data. In his work one can see threats to confidential information, as well as types of such threats that lead to the unlawful acquisition of protected information. In conclusion, Vladimir Ivanovich listed recommendations for ensuring information security.

In general, we can say that the work of V.I. Yarochkin is aimed at characterizing and fully describing the security of personal data and other types of confidential information.

In the study by V.V. Polyakov and V.A. Mazurov “Problems of legal and technical protection information" we are talking about the creation and application of effective methods and means to ensure information security. A separate important task explored in this collection is the training of information security specialists. The authors note that there is a shortage of qualified information security specialists. This is largely due to the great demands placed on them.

The “Big HR Directory”, authored by N.A. Alimova, discusses the problems of protecting employee personal data (in my opinion, they relate to types of personal data in general). ON THE. Alimova, explains what an employee’s personal data is, why they are needed, how they are protected, what requirements the employer must fulfill when processing employee data when hiring. This work states that the procedure for storing and using personal data of employees is established by the employer in compliance with the requirements of the Labor Code of the Russian Federation and other federal laws. ON THE. Alimova examined in her work the very rules for transferring employee personal data and the requirements necessary for this. An important aspect of the study of this topic in the work is the procedure for bringing to disciplinary liability for failure to fulfill the duties and requirements for storing and ensuring the security of an employee’s personal data, as well as the forms of such liability.

V.A. Mazurov in his work “Criminal Legal Aspects of Information Security” examines the concept and principles of information security, the main directions of development of information legislation, as well as the legal concept and classification of information protected by law. He highlighted various measures to ensure the protection of confidential data, and also revealed the definition and classification of possible security threats. A special part of his work is the study and description of the criminal legal protection of restricted information. V.A. Mazurov studies and characterizes the object and subject of crimes that infringe on the privacy of private life. Reveals the objective side of crimes that infringe on privacy, explains in what case an offense occurs in the field of information protection, and lists the forms of liability for violating the secret of personal data, in accordance with the articles of the Criminal Code of the Russian Federation.

In general, we can say that the topic of personal data and its protection has been studied quite well and thoroughly. A large number of works contain information about the classification of information protected by law, about the types of legal acts aimed at maintaining the security of personal data, about methods and means of protection, about types of threats, about types of liability for violation of work with personal data. The abundance of such information helps to increase the degree and quality of personal data protection.

Chapter 1

The concept of “personal data” in domestic legislation and scientific literature.

1.1. Definition of the concept of “personal data” in legislation.

In the modern world, the protection of personal data is taken very seriously. Regulatory acts regulating their safety are provided not only by national legislation, but also by international acts.

The Universal Declaration of Human Rights is one of the most important documents in human history. On December 10, 1948, the United Nations General Assembly adopted the Declaration.

Article 12 of the 1948 Universal Declaration of Human Rights states: “No one shall be subjected to arbitrary interference with his privacy or family life, his home, his correspondence or his honor or reputation. Everyone has the right to the protection of the law against such interference or such encroachments."

The right to respect for private and family life is also contained in the Convention for the Protection of Human Rights and Fundamental Freedoms, which also states that “There shall be no interference by public authorities with the exercise of this right, except in cases where such the interference is prescribed by law and is necessary in a democratic society in the interests of national security or public order, the economic welfare of the country, for the prevention of disorder or crime, for the protection of health or morals or for the protection of the rights and freedoms of others.” The Convention was adopted by the Council of Europe on November 4, 1950 in Rome. The Russian Federation ratified it by adopting Federal Law No. 54-FZ of March 30, 1998.

After some time of consolidation of political human rights, the right to privacy was confirmed by the International Covenant on Civil and Political Rights.

International Covenant on Civil and Political Rights Adopted by resolution 2200 A (XXI) of the General Assembly on December 16, 1966 in New York. The USSR signed the pact on March 18, 1968. Ratified by the Presidium of the Supreme Soviet of the USSR on September 18, 1973 with a statement. The USSR instrument of ratification was deposited with the UN Secretary General on October 16, 1973. Came into force for the USSR on January 3, 1976.

These international legal acts laid the foundation for the creation of national legal systems. In the Russian Federation, along with international legal acts, the safety of personal data is ensured by domestic regulations.

Firstly, this is the Constitution of the Russian Federation. Its provisions recognize not only the right to privacy, personal and family secrets (Part 1 of Article 23), but also additional guarantees that ensure this right. In accordance with Art. 2 of the Constitution, “man, his rights and freedoms are the highest value. Recognition, observance and protection of human and civil rights and freedoms is the duty of the state.” Thus, the Russian Federation not only establishes the right, but also undertakes to protect it; puts the interests of the individual and citizen at a level higher than the interests of the state, society, or public or commercial organizations. Part 1 art. 24 prohibits the collection, storage, use and dissemination of information about a person’s private life without his consent. And finally, according to Art. 46 everyone is guaranteed judicial protection of their rights, including in interstate bodies.

The Constitution of the Russian Federation has the highest legal force, its direct effect is applied throughout the country, any laws applied in the country must not contradict the Constitution. Generally recognized principles and norms of international law and international treaties of the Russian Federation are the main part of its legal system. If an international treaty of the Russian Federation establishes rules other than those provided for by law, then the rules of the international treaty apply.

On July 8, 2006, the State Duma adopted Federal Law of the Russian Federation No. 152-FZ “On Personal Data”. The purpose of this Federal Law is to ensure the protection of the rights and freedoms of man and citizen when processing his personal data, including the protection of the rights to privacy, personal and family secrets. This law defines the concept of “personal data”, as well as other basic concepts used in the Federal Law. Also, the law discusses its scope, principles and conditions for the processing of personal data, the rights of the subject of personal data, the obligations of the operator, control and supervision of the processing of personal data, liability for violation of requirements for violation of this Federal Law.

Following Article 3 of the Federal Law, personal data is any information relating to an individual identified or determined on the basis of such information (subject of personal data), including his last name, first name, patronymic, year, month, date and place of birth, address, family, social, property status, education, profession, income, other information.

On February 20, 1995, Federal Law No. 24-FZ “On Information, Informatization and Protection of Information” was approved, in which, in Part 1 of Art. 11 it was determined that personal data is confidential information, and part 3 of the same article warns of the liability of legal entities and individuals for violating the protection, processing and procedure for using this information. Also in this law, the concept of “personal data” was given; it was defined as “information about the facts, events and circumstances of a citizen’s life, allowing his personality to be identified.” Currently, this law is not in force; it was replaced by the Federal Law “On Information, Information Technologies and Information Protection” dated July 27, 2006 N149-FZ.

Article 2 of the new law on information discusses the basic concepts used in this law, and art. 3 talks about the legal regulation of relations arising in the field of information, information technology and information protection. This article states that restrictions on access to information can only be established by federal law. There is no specific concept of personal data in this law, obviously, because the Federal Law “On Personal Data” was approved.

Article 5 of the Federal Law “On Information, Information Technologies and Information Protection” states: “information, depending on the category of access to it, is divided into publicly available information, as well as information to which access is limited by federal laws (restricted information).”

Public information is information that cannot be hidden from society. An example is information about the state of the environment, about the activities of state authorities and local governments, documents accumulated in open collections of libraries and archives. Also included in this category are normative legal acts affecting the rights, freedoms and responsibilities of individuals and citizens, the legal status of organizations and the powers of state bodies and local governments.

Restricted information is information of value to its owner, access to which is legally restricted. In turn, restricted access information is divided into information constituting a state secret and information the confidentiality of which is established by federal law (confidential information).

On October 22, 2002, Federal Law No. 125-FZ “On Archival Affairs in the Russian Federation” was adopted. This law regulates relations in the field of organizing storage, acquisition, accounting and use of documents from the Archival Fund of our country and other archival documents, regardless of their form of ownership, as well as relations in the field of archival management in the Russian Federation in the interests of citizens, society and the state. This law, in Article 3, considers such concepts as documents on personnel (reflecting the labor relations of the employee with the employer), a particularly valuable document (a document that has enduring cultural, historical and scientific value, of particular importance for society and the state and in respect of which it is established a special regime of accounting, storage and use), a unique document (a particularly valuable document that has no similar ones in terms of the information it contains and (or) its external features, irreplaceable if lost from the point of view of its value and (or) autographicity), etc. d. This law also distinguishes archival documents related to state property, as well as municipal and private property. In Art. 10 explains the peculiarities of the position of archival documents owned by the Russian Federation or municipalities. Chapter 6 focuses on the scope of access to and use of archival documents. The user of archival documents has the right to freely search and receive archival documents for study. But there is also a restriction on access to archival documents, which are discussed in Article 25. This article states that Access to archival documents may be limited in accordance with an international treaty of the Russian Federation, the legislation of the Russian Federation, as well as in accordance with the order of the owner or holder of privately owned archival documents, this article also states that the restriction access to archival documents containing information about the personal and family secrets of a citizen, his private life, as well as information that poses a threat to his safety, is established for a period of 75 years from the date of creation of these documents.

Federal Law of the Russian Federation “On operational investigative activities” dated August 12, 1995 No. 144-FZ provides for restrictions on the constitutional rights of citizens to secrets telephone conversations, correspondence, postal, telegraph and other messages transmitted over electrical and postal communication networks on the basis of a court decision and only if there is information about the preparation, commission or completion of an illegal act or about events or actions that pose a threat to state, military, economic or environmental security Russian Federation.

This normative establishes an exhaustive list of operational investigative activities and bodies carrying out operational investigative activities. It allows for operational and technical forces and means to control postal, telegraph and other messages; listening to telephone conversations with connection to stationary equipment of enterprises, institutions and organizations, regardless of their form of ownership, individuals and legal entities providing communication services; removal of information from technical communication channels only to the bodies of the FSB and the Ministry of Internal Affairs, which can provide these forces and means on the basis of special agreements or interdepartmental regulations to other bodies carrying out operational investigative activities. But the bodies (officials) carrying out operational investigative activities, when carrying out operational investigative activities, must ensure respect for human and citizen rights to privacy, personal and family secrets, inviolability of home and secrecy of correspondence.

The sphere of relations concerning the employee’s personal data is regulated by Chapter 14 of the Labor Code of the Russian Federation. Where the concept of an employee’s personal data is established, the procedure for working with it is established and the employer’s responsibility for violating relevant standards is established. The Labor Code states that an employee’s personal data is information necessary for the employer in connection with labor relations and relating to a specific employee.

The Criminal Procedure Code of the Russian Federation dated December 5, 2001 also addresses the area of personal data. In Art. 13 talks about the secrecy of correspondence, telephone and other conversations, postal, telegraph and other messages. This article states that the seizure of postal and telegraph items and their seizure in communication institutions, control and recording of telephone and other conversations can only be carried out on the basis of a court decision.

The list of confidential information was published in Decree of the President of the Russian Federation dated March 6, 1997 N 188 “On approval of the list of confidential information.” Types of confidential information include the following:

Personal data - information about facts, events and circumstances of a citizen’s daily life, allowing his personality to be identified, with the exception of information that is subject to dissemination in the media in cases established by federal laws;
Secret of investigation and legal proceedings - information constituting the secret of investigation and legal proceedings, as well as information about protected persons and measures of state protection carried out in accordance with the Federal Law of August 20, 2004 No. 119-FZ and other regulatory legal acts of the Russian Federation;
Official secret - official information, access to which is limited by government authorities in accordance with the Civil Code of the Russian Federation and federal laws;
Professional secret - information related to professional activities, access to which is limited in accordance with the Constitution of the Russian Federation and federal laws (medical, notarial, lawyer's secret, confidentiality of correspondence, telephone conversations, postal items, telegraphic and other messages, etc.) ;
Trade secret - information related to commercial activities, access to which is limited in accordance with the Civil Code of the Russian Federation and federal laws;
Information about the essence of the invention - information about the essence of the invention, utility model or industrial design before the official publication of information about them.

The list of information classified as state secrets is published in Art. 5 of the Law of the Russian Federation N 5485 of July 21, 1993 “On State Secrets”. According to this law, such information includes: information in the military field; in the field of economics, science and technology; in the field of foreign policy and economics; in the field of intelligence, counterintelligence and operational investigative activities. Classification of information as a state secret is carried out in accordance with its industry, departmental or program-target affiliation, as well as in accordance with this Law. In Art. 2 reveals the concept of state secret - “information protected by the state in the field of its military, foreign policy, economic, intelligence, counterintelligence and operational investigative activities, the dissemination of which could harm the security of the Russian Federation.” This law also talks about declassification, protection, and disposal of information related to state secrets.

The Federal Law of the Russian Federation “On Trade Secrets” considers and regulates relations related to the classification of information as a trade secret, the transfer of such information, and the protection of its confidentiality in order to ensure a balance of interests of owners of information constituting a trade secret. According to this law, “a trade secret is the confidentiality of information that allows its owner, under existing or possible circumstances, to increase income, avoid unjustified income, maintain a position in the market for goods, works, services, or obtain other commercial benefits.” The concepts of trade secret regime are also considered; owner of such information; transfer and provision of information constituting a trade secret, etc. In Art. 5 lists data that cannot constitute a trade secret. The Federal Law “On Trade Secrets” also talks about protecting the confidentiality of information and the consequences of failure to take the necessary measures to protect such information.

The Federal Law “On Credit Histories” talks about the creation of a unified system for the formation, storage and disclosure of information about the conscientious fulfillment of obligations by borrowers to creditors. The law introduces a legal definition of credit history, regulates its composition, the procedure for its formation, the basis for storing and using credit histories, as well as the range of subjects of these legal relations, which include: borrowers, credit history bureaus, users of credit histories, the Central Catalog of Credit Histories.

On February 2, 2010, Order No. 58 of the Federal Service for Technical and Export Control (FSTEC of Russia) was issued approving the regulations on methods and means of protecting information in personal data information systems . This provision was developed in accordance with the Regulations on ensuring the security of personal data during their processing in personal data information systems, approved by Decree of the Government of the Russian Federation of November 17, 2007 No. 781 (Collected Legislation of the Russian Federation, 2007, No. 48, Art. 6001) . This provision establishes methods and means of information protection used to ensure the security of personal data during their processing in personal data information systems by state bodies, municipal bodies, legal entities or individuals organizing and (or) carrying out the processing of personal data, as well as determining the purposes and content processing of personal data. This Regulation does not address issues of ensuring the security of personal data classified in the prescribed manner as information constituting state secrets, as well as issues of the use of cryptographic methods and methods of protecting information.

1.2. Definition of the concept of “personal data” in scientific literature

The legal literature presents an ambiguous classification of information (information) protected by law.

So, V.A. According to access to information, Kopylov divides it into open and limited access.

He refers to open information as information as an object of civil rights (works, patents, copyright certificates); mass information; information about elections, referendum (data about the preparation of elections, referendum and voting results); official documents (documents adopted by legislative, executive and judicial authorities that are of a mandatory, advisory or informational nature); mandatory submission (control copies of documents submitted to statistical authorities, registration and other such information); scientific, legal and other information.

Restricted information includes information constituting a state secret; know-how, trade secret, personal data (in order to protect personal secrets), other restricted information.

Information about citizens (personal data), according to V.A. Kopylov, is created by citizens themselves in their daily activities, including those related to the implementation of rights and freedoms (rights to work, housing, recreation, medical care, social insurance, pension provision, freedom of speech and much more) and performance of duties (for example, military duty) and is presented as information about oneself (personal data) to various subjects.

I.V. Smolkova gives the following classification:

1. State (including military) secrets.

2. Confidential information.

· Personal secrets (including personal data)

· Family secret

· Professional confidentiality

· Trade secret

In the opinion of V.A. Mazurov information can be classified as follows: information of open access, limited access (confidential information (private life secret, professional secret, official secret, commercial secret) and state secret).

The presence of several points of view regarding the classification of information confirms that in the scientific research literature there is no consensus on issues of personal data. They are being studied more deeply and thoroughly, which provides more complete knowledge about restricted information, and the adoption of many legislative acts aimed at protecting various types of secrets provides better protection of personal data. But still, the creation of a legal framework for the protection of various types of information, and personal data in particular, is in its infancy. Despite the fact that the number of regulations regulating certain aspects of various types of information is large. It cannot be said that legal support for the protection of personal data satisfies the needs of modern society.

Chapter 2

Protection of personal information.

2.1. Protection of personal information.

The need to protect and protect personal data is beyond doubt. At the moment, Russian legislation is doing its best to prevent violations of the rights of state citizens in the field of personal data. There are a lot of laws ensuring information security, which are updated every year, creating ever greater conditions for maintaining the confidentiality of personal data. In recent years, the Russian Federation has implemented a set of measures to improve its information security. Measures were taken to ensure information security in federal government bodies, government bodies of constituent entities of the Russian Federation, at enterprises, institutions and organizations, regardless of their form of ownership.

International cooperation of the Russian Federation with countries of the world community in the field of ensuring information security contributes to increasing information security. This is an integral component of political, military, economic, cultural and many other types of interaction between countries that are part of the world community.

The state information protection system is a set of bodies and executors, the information protection technology they use, as well as objects of protection, organized and functioning according to the rules established by the relevant legal, organizational, administrative and regulatory documents in the field of information protection. Also is integral part system for ensuring the national security of the Russian Federation and is designed to protect the security of the state from external and internal threats in information sphere.

The state information protection system as a more complex system includes subsystems for licensing the activities of enterprises in the field of information protection, certification of information protection means and certification of informatization objects according to information security requirements.

Bodies that regulate the protection of personal data:

Federal Service for Technical and Export Control (FSTEC of Russia) and its territorial bodies(regional departments in the constituent entities of the Russian Federation)

· Federal executive authorities, other bodies and organizations of the Russian Federation, whose senior employees are members of the FSTEC board of Russia by position (Ministry of Justice, Ministry of Defense, Ministry of Emergency Situations, Ministry of Internal Affairs, Ministry of Foreign Affairs, Ministry of Industry, Ministry of Economic Development, Ministry of Natural Resources, FSO, FSB, SVR, GUSP, RAS , CBR)

· Structural units for information protection of federal executive authorities, other government bodies and organizations of the Russian Federation

· Enterprises carrying out work using information classified as restricted information, and their information protection departments

· Research organizations on information security issues

· Organizations that develop information security tools, secure technical means and means of monitoring the effectiveness of information security

· Companies providing services in the field of information security

Organizations of the Federal Agency for technical regulation and metrology (formerly Gosstandart of Russia), performing standardization work in the field of information security

· Bodies of the licensing system for activities in the field of information security

· Bodies of the information security certification system

· Bodies of the certification system for objects of protection according to information security requirements

Legal measures - the activities of legislative bodies to create a legal framework that ensures the proper generation, dissemination and use of information; regulating the activities of entities involved in the creation, transformation and consumption of information; providing for liability for violations in the information sphere, measures to ensure the security and legal protection of information, information infrastructure.

The legal basis for the mechanism for protecting personal data has been formed in two directions: specialized legislation and other legislation that only partially contains legal norms guaranteeing privacy and regulating the scope of personal data protection. Specialized legislation includes such legal acts as: Federal Law “On Personal Data” dated July 27, 2006, Federal Law “On Information, Information Technologies and Information Protection” dated July 27, 2006, Decree of the President of the Russian Federation dated March 6, 1997. No. 188, approving the “List of Confidential Information”, and others.

Legal norms regulating work with personal data are also contained in Chapter 14 of the Labor Code of the Russian Federation “On the Protection of Personal Data of an Employee”, in the Law “On Archiving in the Russian Federation” of October 22, 2004 (Article 25), in the Law “ On operational investigative activities" (Articles 3, 5, 9, 10, 12, 21), in the Law "On the Mass Media" (Articles 41, 43, 46, 51, 57), the Law "On Individual (Personified ) registration in the state pension insurance system”, according to which personal data is contained in the individual personal account of the insured person, the rules on the protection of information obtained during the All-Russian population census (personal data) are contained in the Law “On the All-Russian population census”.

In the European Union, the Council of Europe Convention “On the Protection of Individuals with regard to Automatic Processing of Personal Data”, signed in Strasbourg (France) in 1981, is devoted to the protection of the interests of owners of personal data that have been subjected to electronic processing. The Federal Law on the ratification of the Convention was signed by the President of the Russian Federation on December 19, 2005.

In accordance with Art. 5 of the Convention, personal data subject to automated processing:

a) are collected and processed on a fair and lawful basis;

b) are stored for specified and lawful purposes and are not used in any other way incompatible with those purposes;

c) are adequate, relevant and not excessive for the purposes of their storage;

d) are accurate and updated when necessary;

e) are stored in a form that allows the identification of data subjects for no longer than is required for the purposes of storing this data.

The main Law regulating the protection of personal data in the Russian Federation is the Federal Law “On Personal Data”. The basis of this Law is the basic principles and conditions for the processing of personal data, which were developed in pursuance of the provisions of the Council of Europe Convention on the Protection of Individuals with regard to Automatic Processing of Personal Data, as well as the provisions of Directive of the European Parliament and the Council of Europe 95/46/EC on the Protection of individuals in relation to the processing of personal data and the free circulation of this data" and Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the protection of personal data and the protection of personal data in the electronic communications sector, which replaced the Directive of the European Parliament and Council of Europe 97/66/EC of December 15, 1997, regulating the use of personal data and guaranteeing privacy in the field of telecommunications.

The principles and conditions for the processing of personal data, which are also complemented by the mandatory basic requirements for activities related to the processing of personal data, comply with the principles and criteria concerning personal data and the legitimization of their processing established in Articles 6 and 7 of Directive 95/46/EC. Article 5 of the Law “On Personal Data” establishes six principles for the processing of personal data that protect a person’s personal information; These principles are similar to those contained in many European legal acts. First, personal data must be collected and used lawfully and fairly. This provision states that personal data must be collected and used in accordance with the legislation of the Russian Federation and only with the consent of the subject of personal data, but with the exception of cases clearly specified in Part 2 of Article 6 of the Law, when such consent is not required. The subject of personal data must give consent to the processing of his personal data in writing; the content of this document is clearly established in paragraph 4 of Article 9 of the Law. For example, the written consent of the subject must necessarily indicate the purpose of processing personal data and their list, as well as the period during which the consent is valid and the procedure for its revocation.

Secondly, the previously clearly defined purposes for using personal data should not be changed. Personal data cannot be collected and used for other purposes about which the subject who gave written consent to the processing of his data was not informed in advance (clause 2, part 1, article 5).

Thirdly, the volume, nature and methods of processed personal data must correspond to the purposes of processing personal data. This rule is aimed at excluding situations when, when collecting personal data, they try to obtain other personal information that goes beyond the stated purposes.

Fourthly, personal data must be reliable, and the volume of personal information collected must be justified by the purposes of its collection. The amount of personal data collected should not be excessive unless it serves specific and legitimate purposes. Moreover, if it is discovered that errors have been made and personal data is inaccurate, the subject of personal data has the right to make the necessary changes (clause 3, Article 20).

Fifthly, the Law prohibits the consolidation of personal data into a single information system of personal data that was collected by personal data operators for different purposes. This rule is aimed at avoiding a situation where a telecom operator maintains a database of a person’s personal data, and in the event of a leak of such a database, the person will be vulnerable to unauthorized and dishonest use of this information.

And finally, sixthly, the storage of personal data must be carried out in a form that makes it possible to identify the subject of personal data, no longer than required by the purposes of their processing, and they must be destroyed upon achieving the purposes of processing or in the event of the loss of the need to achieve them. This norm corresponds to paragraph “e” of Article 5 of the Convention “On the Protection of Individuals with Automatic Processing of Personal Data” and is also aimed at protecting the subject of personal data from unauthorized use of his personal data. It is worth keeping in mind that this rule does not apply to a person’s personal data contained in archival documents, the storage period of which is established by the Law “On Archiving in the Russian Federation” of 2004.

The Information Security Doctrine of the Russian Federation, approved by the President of the Russian Federation on September 9, 2000. represents a set of official views on the goals, objectives, principles and main directions of ensuring information security of the Russian Federation. The information security doctrine defines 4 main components of the national interests of the Russian Federation in the information sphere, including compliance with the constitutional rights and freedoms of man and citizen in the field of obtaining and using information, as well as protecting information resources from unauthorized access, ensuring the security of information and telecommunication systems.

This doctrine provides the basis for:

· Formation of state policy in the field of ensuring information security of the Russian Federation;

· Preparation of proposals to improve legal, methodological, scientific, technical and organizational support information security of the Russian Federation;

· Development of targeted programs to ensure information security of the Russian Federation.

This Doctrine develops the Concept of National Security of the Russian Federation in relation to the information sphere.

Paragraph 2 of the Regulations on ensuring the security of personal data during their processing in personal data information systems states that the security of personal data is achieved by excluding unauthorized, including accidental, access to personal data, which may result in destruction, modification, blocking, copying, distribution of personal data, as well as other unauthorized actions. Paragraph 10 states that the security of personal data during their processing in the information system is ensured by the operator or the person to whom, on the basis of an agreement, the operator entrusts the processing of personal data (hereinafter referred to as the authorized person). When processing personal data in the information system, the following must be ensured:

· carrying out measures aimed at preventing unauthorized access to personal data and (or) transfer to persons who do not have the right to access such information;

· timely detection of facts of unauthorized access to personal data;

· preventing influence on technical means of automated processing of personal data, as a result of which their functioning may be disrupted;

· constant monitoring of ensuring the level of security of personal data.

· the ability to immediately restore personal data modified or destroyed due to unauthorized access to it;

2.2. Responsibility for violation of work with personal data

The law establishes that persons guilty of violating the requirements of this Law bear civil, criminal, administrative, disciplinary and other liability provided for by the legislation of the Russian Federation. In case of violation of the rights of the subject of personal data, he may appeal against actions or inactions to the Authorized Body for the Protection of Personal Data or in court. The authorized body for the protection of the rights of the subject of personal data is a new institution for Russia, whose activities are aimed at exercising control and supervision over the processing of personal data. The authorized body has the right to file claims in court to protect personal data and represent the interests of personal data subjects in court.

Disciplinary liability must be established by the internal rules of the organization (in this case, the operator). In the form of disciplinary liability, an employee who has committed any disciplinary offense in connection with the processing of personal data that does not entail administrative, civil or criminal liability may be given a reprimand, reprimand, or may be dismissed on the appropriate grounds provided for in Article 81. Labor Code of the Russian Federation. The Labor Code of the Russian Federation does not clearly establish the type of disciplinary liability for violating the procedure for processing personal data, but only states that civil, criminal, administrative, and disciplinary liability are also established for violation of the rules for protecting an employee’s personal data.

As for civil liability, the subject of personal data in civil proceedings may demand compensation for losses and (or) compensation for moral damage.

In accordance with Article 13.11 of the Code of the Russian Federation on Administrative Offenses (CAO), administrative liability is provided for violation of the procedure established by the Law “On Personal Data” for the collection, storage, use or dissemination of information about citizens (personal data) in the form of a warning or the imposition of an administrative fine on citizens in in the amount of three to five minimum wages (minimum wages), from five to ten minimum wages for officials and from fifty to one hundred minimum wages for legal entities. Disclosure of information to which access is limited by federal law by a person who has gained access to such information in connection with the performance of official or professional duties entails the imposition of an administrative fine on citizens in the amount of five to ten minimum wages, and on officials in the amount from forty to fifty minimum wage.

Since the protection of a person’s personal data is an integral part of the institution of guarantees of the inviolability of a person’s private life, the norms of a special part of the Criminal Code of the Russian Federation regarding criminal liability for violating the inviolability of a person’s private life also apply to the procedure for protecting personal data. Thus, Article 137 of the Criminal Code of the Russian Federation establishes criminal liability for the illegal collection or dissemination of information about the private life of a person, constituting a personal or family secret, without his consent, or the dissemination of this information in a public speech, publicly displayed work or the media. The specified acts are punishable by a fine in the amount of up to two hundred thousand rubles or in the amount of the wages or other income of the convicted person for a period of up to eighteen months, or by compulsory labor for a term of up to one year, or by arrest for a term of up to four months. The same acts committed by a person using his official position are punishable by a fine in the amount of one hundred thousand to three hundred thousand rubles or in the amount of wages or other income of the convicted person for a period of one to two years, or by deprivation of the right to hold certain positions or engage in certain activities. activities for a period of two to five years, or arrest for a period of four to six months.

Conclusion

Thus, after analyzing the situation regarding the protection of personal data, the following conclusions can be drawn.

There are several points of view regarding the classification of information, but in general, it can be divided into open and restricted access information. Restrictions on access to information can only be established by federal laws. The list of restricted access information is established in the Presidential Decree “On approval of the list of confidential information.” This information also includes personal data.

Following Article 3 of the Federal Law “On Personal Data”, the following definition of the concept “personal data” can be formed - any information relating to an individual identified or determined on the basis of such information (subject of personal data), including his last name, first name, patronymic , year, month, date and place of birth, address, family, social, property status, education, profession, income and other information.

Also, thanks to regulations and research work, it becomes clear that personal data is confidential information and that legal liability arises for violation of work with it.

Regarding the protection of personal data, it should be noted that the security of personal information is at a high level. This is facilitated by both the legal framework and numerous technical controls. The legislation of European countries and the Russian Federation provides for almost all the necessary norms to protect this category of legal relations. The main law regulating work with personal data is the Federal Law “On Personal Data”. It describes the basic principles and conditions for the processing and protection of such information.

The law establishes that persons guilty of violating the requirements of this law bear civil, criminal, administrative, disciplinary and other liability provided for by the legislation of the Russian Federation.

The abundance of regulations governing relations in the field of personal data provides reliable protection of the security of restricted access information, but it should be noted that it is necessary to further improve the mechanisms for protecting personal data at the disposal of federal government bodies, government bodies of constituent entities of the Russian Federation, local government, etc.

List of sources and literature

Sources

1. The Constitution of the Russian Federation was adopted by popular vote on December 12, 1993 – M., 2002.

2. Universal Declaration of Human Rights (adopted at the third session of the UN General Assembly by resolution 217 A (III) of December 10, 1948)//SPS Consultant Plus, 2009

3. Convention for the Protection of Human Rights and Fundamental Freedoms (Rome, November 4, 1950) (as amended September 21, 1970, December 20, 1971, January 1, November 6, 1990, May 11, 1994) //SPS Consultant Plus, 2009

4. International Covenant on Civil and Political Rights (New York, December 19, 1966) // SPS Consultant Plus, 2009

5. Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data of January 28, 1981 (ratified by the Russian Federation on December 19, 2005) // SPS Consultant Plus, 2009

6. Federal Law of the Russian Federation of July 27, 2006 N 152-FZ “On Personal Data”//SPS Consultant Plus, 2009

7. Federal Law of the Russian Federation of July 27, 2006 N 149-FZ “On information, information technologies and information protection” // SPS Consultant Plus, 2009

8. Federal Law of the Russian Federation of August 12, 1995 No. 144-FZ “On operational investigative activities” // SPS Consultant Plus, 2009.

10. List of confidential information (approved by Decree of the President of the Russian Federation of March 6, 1997 N 188) // SPS Consultant Plus, 2009.

11. Civil Code of the Russian Federation of November 30, 1994 N 51-FZ (with amendments and additions that entered into force on January 11, 2009) // SPS Consultant Plus, 2009.

12. Criminal Code of the Russian Federation of June 13, 1996 No. 63-FZ (as amended on December 30, 2008) // SPS Consultant Plus, 2009.

13. Code of the Russian Federation on Administrative Offenses of December 20, 2001 N 195-FZ (as amended on December 30, 2008) // SPS Consultant Plus, 2009

14. Labor Code of the Russian Federation of December 30, 2001 N 197-FZ (as amended on July 24, 25, 2002, June 30, 2003) // SPS Consultant Plus, 2009

15. Regulations on ensuring the security of personal data during their processing in personal data information systems dated November 17, 2007. N-781 (approved by Decree of the Government of the Russian Federation) // SPS Consultant Plus, 2009.

Bibliography

1. Alimova N.A. Large personnel directory. - M.: Publishing and trading corporation "Dashkov and K", 2007. - 536 p.

2. Kopylov V.A. Information law. M.: Yurist, 2005. – 512 p.

3. Magnitskaya E.V. Jurisprudence: textbook, E.V. Magnitskaya, E.P. Evstigneev: Peter, 2003. - 512 p.

4. Mazurov V.A. Criminal legal aspects of information security: textbook - Barnaul: Alt Publishing House. Univ., 2004. – 288 p.

5. Polyakov V.V., Mazurov V.A. Problems of legal and technical protection: collection. scientific Art. / Altai State University, 2008. – 179 p.

6. Saidov A.G. Constitutional and legal basis for ensuring information security of the Russian Federation: abstract: Makhachkala, 2004. – 26 p.

7. Smolkova I.V. Problems of legally protected secrets in criminal proceedings. – M.: 1999. – 346 p.

8. Theory of operational-search activity: textbook. Ed. – comp. K.K. Goryainov, V.S. Ovchinsky, G.K. Sinilov - M.: List New, 2008. - 842 p.

9. Yarochkin V.I. Information security: a textbook for universities. - M.: Gaudeamus, 2004. - 544 p.

The Constitution of the Russian Federation, adopted in a national referendum on December 12, 1993 // SPS Consultant Plus, 2009.

Magnitskaya E.V. Jurisprudence: textbook, E.V. Magnitskaya, E.P. Evstigneev: Peter, 2003. – P. 346.

Saidov A.G. Constitutional and legal foundations for ensuring information security of the Russian Federation: Makhachkala, 2004. – P. 24.

Yarochkin V.I. Information Security. – M.: Gaudeamus, 2004. – P.31-49, 99-117.

Polyakov V.V., Mazurov V.A. Problems of legal and technical protection: collection. scientific Art. / Altai State University, 2008. – pp. 73-76.

Alimova N.A. Large personnel directory. - M.: Publishing and trading corporation "Dashkov and K", 2007. - P. 126-129, 192-196.

Mazurov V.A. Criminal legal aspects of information security: Altai University Publishing House, 2004. – pp. 12-16.

Universal Declaration of Human Rights (adopted at the third session of the UN General Assembly by resolution 217 A (III) of December 10, 1948) // SPS Consultant Plus, 2009.

Convention for the Protection of Human Rights and Fundamental Freedoms (Rome, November 4, 1950) (as amended September 21, 1970, December 20, 1971, January 1, November 6, 1990, May 11, 1994) // SPS Consultant Plus, 2009 Art. 8.

International Covenant on Civil and Political Rights (New York, December 19, 1966) // SPS Consultant Plus, 2009. Art. 17.

Constitution of the Russian Federation of December 12, 1993//SPS Consultant Plus, 2009, Art. 15

Federal Law No. 152-FZo “personal data” // SPS Consultant Plus, 2009. Chapter 1 Article 2

Federal Law No. 152-FZ on “personal data” Chapter 1 Article 3: operator - a state body, municipal body, legal entity or individual that organizes and (or) carries out the processing of personal data, as well as determining the purposes and content of the processing of personal data ;

Federal Law N24-FZ “On Information, Informatization and Information Protection” dated February 20, 1995 // SPS Consultant Plus, 2009. Art.

Mazurov V.A. Criminal legal aspects of information security: textbook - Barnaul: Alt Publishing House. Univ., 2004. – P. 244.

Regulations on ensuring the security of personal data during their processing in personal data information systems dated November 17, 2007. N-781 // SPS Consultant Plus, 2009, paragraph 11.

Federal Law of the Russian Federation of July 27, 2006 N 152-FZ “On Personal Data” // SPS Consultant Plus, 2009, Art. 24.

Labor Code of the Russian Federation of December 30, 2001 N 197-FZ (as amended on July 24, 25, 2002, June 30, 2003) // SPS Consultant Plus, 2009, Art. 13.14.

Abstract of the dissertation on the topic "Protection of personal data"

VORONEZH INSTITUTE OF THE MIA OF RUSSIA

As a manuscript

PROSVETOV A OLGA BORISOVNA

PROTECTION OF PERSONAL INFORMATION

Specialty: 05.13.19 - Methods and systems of protection

information, information security (legal sciences)

Voronezh 2005

The dissertation was completed at the Department of Constitutional and Administrative Law of the Voronezh Institute of the Ministry of Internal Affairs of Russia

Scientific adviser;

Candidate of Legal Sciences, Associate Professor Zanina Tatyana Mitrofanovna

Official opponents:

Doctor of Law, Professor - Lelekov Viktor Andreevich

Candidate of Legal Sciences, Associate Professor - Golovko Vladimir Vladimirovich

Leading organization - Belgorod Law Institute of the Ministry of Internal Affairs of Russia

The dissertation defense will take place on April 26, 2005, at 3 p.m. OOmin., in room No. 329 at a meeting of the dissertation council K! 203 004 01 at the Voronezh Institute of the Ministry of Internal Affairs of Russia at the address: 394065, Voronezh, ave. Patriotov, 53.

The dissertation can be found in the library of the Voronezh Institute of the Ministry of Internal Affairs of Russia.

Scientific secretary of the dissertation council

GENERAL DESCRIPTION OF WORK

Relevance of the dissertation research topic The provisions of the Constitution of the Russian Federation indicate a decisive transition of the state to the path of building a democratic society, where the main value is the person. At present, we can say with confidence that the Russian state on this path has encountered a number of problems that require solutions, among which the protection of the private life of a citizen stands out.

The development of this problem raises a natural need to ensure reliable protection of information resources and processes, and streamline social relations in this area. Our state is just beginning to develop and implement in the legislative and executive fields an integrated approach to ensuring the protection of personal data. In this regard, it is especially important that the approach being developed covers the entire range of problems, and is not reduced to considering only their technical component.

the Federal Law “On Information, Informatization and Protection of Information”, as well as the Federal Law “On Participation in International Information Exchange”2. However, the process of forming a comprehensive legal system for the protection of personal data cannot be considered complete, as a result of which it remains to be considered and adopted a significant number of draft new laws, as well as additions and changes to existing legislation.

Considering the fact that in the domestic legal system there is no democratic experience in protecting relations in the field of personal data through legal means, as well as in connection with the significant transformation of the tasks and functions of the state in comparison with the socialist period of time, there was a need for a scientific analysis and understanding of the possibilities of legal science to ensure the protection of confidential personal information

Based on the foregoing, research in this area is very relevant from a scientific point of view, and can also have practical implications if the projects and proposals formulated by the author are adopted with the further improvement of legal norms.

The degree of development of the research topic. Studying a significant number of sources of legal and technical literature allows us to state that the problem of protecting personal data is poorly understood, and therefore requires separate study. A significant number of scientific papers devoted to information security and information protection were only partially concerned with the problem of personal data protection, and those publications that included consideration of issues of regulation of the area under study touched only on general problems without the necessary specification

In the present study, to a certain extent, there was a combination of doctrinal approaches in the study of the protection of personal

2 SZ RF, 07/08/1996, No. 28, Art. 3347.

data from specialists in the field of technical sciences, on the one hand, and specialists in the field of legal sciences, on the other. The author of the dissertation research relied on the achievements of the theory of law and state, as well as scientific results, obtained by representatives of technical sciences dealing with the problems of ensuring information security and information protection.

Theoretical problems of information law, legal support of information security and information protection were studied by I.L. Bachilo, V. A. Kopylov, V.N. Lopatin, V. A. Pozhilykh, M.M. Rassolov, A.A Fatyanov, M.A. Fedotov, O.A. Fedotova, S.G. Chubukova, A.A Shiversky, V.D Elkin and others.

Problems of functioning of the information security system from the point of view of technical sciences are reflected in the works of A.L. Balyberdin, M.A. Vus, V.A. Gerasimenko, A.A. Grusho, S.B. Dvoryankina, P.D. Zegzhdy, E.V. Kaspersky, V.D. Kurushina, A A Malyu-ka, V.A Minaeva, V.E. Potanina, V.N. Sablina, S.B. Skrylya, A.P. Fisun and a number of other scientists.

Object and subject of research. As an object of research within the framework of the topic, social relations emerging in the process of legal regulation of ensuring the protection of personal data are considered.

Purpose and objectives of the research The purpose of the dissertation research is to develop scientifically based proposals for the development and improvement of legislation that ensures the protection of the confidentiality of personal data.

As part of achieving this goal, the following theoretical and scientific-practical problems are solved in the dissertation research.

1) consider current problems of constitutional and legal regulation of personal data at the present stage;

2) analyze the articles establishing legal liability for violation of rules on personal data, and propose a solution

recommendations for their implementation and improvement, taking into account existing international experience;

1. Researched and proposed by the author, having scientific and methodological significance for the development and improvement of the doctrinal understanding of the problem, definitions of the categories “personal data”, “information processes”, “automatic processing of personal data”, “dissemination of information”.

2. An exhaustive list of categories of information, developed by the author, classified as confidential information about citizens (personal data). The formation of this list is one of the key points in creating a legal framework that ensures the protection of personal data. This follows from the fact that the domestic law enforcement officer has not previously encountered the category of “personal data” and does not have a centuries-old tradition of forming and implementing legislation through the prism of ensuring the rights and freedoms of humans and citizens.

cannot provide comprehensive protection of personal data based only on abstract definitions.

4. The conclusion that the protection of confidential personal information is at a fairly low level, which in general characterizes the inconsistency of the current system of regulatory legal acts, and therefore there is an objectively urgent need in the country to develop a legal framework in the field of working with personal information. data, due to which it is necessary to adopt a number of system-forming laws proposed by the author of the study, while parliamentarians need to consider provisions relating to additions, changes or establishment of norms in the current legislation.

5. Proposals for a new edition of Articles 13.11 of the Code of Administrative Offenses of the Russian Federation, 137 of the Criminal Code of the Russian Federation, on the addition of Chapter 28 of the Criminal Code of the Russian Federation with the following elements of the crime - “Violation of the established procedure for the circulation of confidential information about citizens (personal data) using a computer”, as well as some changes and additions to certain articles of the Labor Code of the Russian Federation, the Civil Code of the Russian Federation, the Criminal Code of the Russian Federation. These proposals can form the basis for the formation of a system for the protection of confidential personal information, access to which is limited in accordance with the legislation of the Russian Federation, through legal sanctions

6 Conclusion that the state has not yet formed a modern infrastructure of general informatization and, in particular, the sphere of personal data, capable of satisfying the needs of interested subjects for information and computing services at the required level, information resources of personal data have not been organized into database systems. In the non-state sector, although information technologies are widely used in various fields, this has not yet had any impact on ensuring the lawful accumulation and storage of personal data using information technologies. To solve the existing problem, the state must determine the degree of its participation in regulating the processes of creation and

functioning of closed non-state (corporate) systems, as well as open systems, first of all, in the interests of protecting the rights of citizens

Scientific novelty of the research. The dissertation is the first monographic work in which, from the standpoint of combined doctrinal approaches in the study of personalized information, specialists in the field of technical sciences, on the one hand, and specialists in the field of legal sciences, on the other, explored the problems of protecting personal data. The author analyzes theoretical provisions in the field of constitutional and legal regulation of personal data, critically analyzes the state of norms affecting relations in this area of public relations, which is important for society and the state.

The author offers his own vision in defining the concept of personal data, on the basis of which a set of measures should be developed to ensure the protection of confidential personal information using legal norms. This study has developed proposals and recommendations that can be used to develop the conceptual framework of regulatory legal acts in the field of personal data protection.

The theoretical and practical conclusions of the dissertation research, its content can be used in the system of higher professional education of a legal profile, advanced training for law enforcement officers and specialists in the field of ensuring the protection of personal data.

The dissertation research materials were published in four scientific articles and a textbook, the total volume of publications was 5.8 pl. Developed based on dissertation research guidelines introduced into the practical activities of the UOOP of the Main Internal Affairs Directorate of the Voronezh Region, as well as into the educational process of the Voronezh Institute of the Ministry of Internal Affairs of the Russian Federation.

The introduction substantiates the relevance of the topic, defines the object and subject, as well as the goals and objectives of the study, reveals its methodology and methodology, characterizes the empirical basis, validity and reliability of the study, its scientific novelty, theoretical and practical significance, formulates the main provisions put forward for defense, data on testing the research results are provided.

The first chapter - “Constitutional and legal regulation of personal data” - is devoted to the initial theoretical provisions on personal data, which are established by the Constitution of the Russian Federation, international legal acts and legal acts of the Russian Federation regulating the sphere of relations under study.

The Constitution of the Russian Federation, adopted in a general referendum on December 12, 1993, became the main step towards the creation of a democratic rule-of-law state in our country, where the rights and freedoms of man and citizen should enjoy special protection. The provisions enshrined in the Basic Law of Russia indicate a decisive rejection of the totalitarian approach to the “person - state” problem, in which the state takes on the most important issues of life support, and the person turns into a cog in a large state machine.

The new Russian statehood radically changes the relationship between the individual and the state. It is not man created for the state, but the state for man - this is now the main principle of their relationship. The priority of the individual over the state makes it possible to understand the place of the individual in civil society. This place is not determined by the state, it inherently belongs to the person and is realized to the best of his abilities and initiative. Thus, the content of Chapter 2 of the Constitution of the Russian Federation is subject to the fundamental principle of human and civil rights and freedoms being the highest value of the state. It follows that all branches of government, all links of the state mechanism serve the main goal of ensuring the rights and freedoms of man and citizen, protecting his legal status

The fundamental basis of the legal status of a person and a citizen is personal (civil) rights and freedoms. Most of them are absolute in nature, i.e. are not only inalienable, but also not subject to limitation (the right to life, to nationality, freedom of conscience and religion, etc.) Some of these rights and freedoms (on-

for example, the right to protection of personal data) may be limited by the state, due to which their legal protection becomes particularly relevant and significant.

The Universal Declaration of Human Rights (Article 12) declares that no one shall be subjected to arbitrary interference with his private or family life, his home, his correspondence or his honor and reputation. Every person has the right to the protection of the law from such attacks.”1 This right is also enshrined in Art. 17 of the International Covenant on Civil and Political Rights4, in Art. 16 of the Convention on the Rights of the Child5, in Art. 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms."

The provisions of the above international legal acts are specifically reflected in the provisions of Articles 23 and 24 of the Constitution of the Russian Federation, which enshrines the right to privacy. In turn, “private life”, “personal and family secrets”, “honor” are the most important human benefits that personify a person. All this allows us to talk about the synthesizing concept of “personal data”, which is given in individual legal acts, but has not been studied in detail to date.

According to the author, despite the already existing legislative definition of personal data, based on the research conducted, the definition of “personal data” must be stated in the following wording - this is information about the facts of events and circumstances of life of a specific individual or his family, as well as those intended to identify them with a specific individual and reflecting the latter’s characteristics in relation to other people (society)

In an exhaustive list of categories of information classified as confidential information about citizens (personal data), include the following data: last name, first name, patronymic (unless otherwise follows from the law or national custom) of the person; date and place of birth, other data on the birth certificate, gender; citizenship; nationality; attitude towards military duty; address of place of residence (registration); address of place of residence; marital status (presence or absence of ds-

3 Universal Declaration of Human Rights. Adopted by the UN General Assembly on December 10, 1948 // Human Rights. Sat. international documents. - M. Ed. Moscow State University. 1986. pp. 21-29.

4 Gazette of the Supreme Soviet of the USSR, 1976, No. 17 (1831), article 291.

5 United Nations Publication - New York, 1992

children (also adopted or illegitimate), data on previously concluded and dissolved marriages, alimony relationships); family composition; professional activity parents; the property status of the parents and the citizen himself; information about income; information about the dwelling (size and type of ownership of the occupied dwelling): number contact phone number(home, work, mobile); email number: professional activity of the citizen (position); place of work; details of a passport or other identification document (series and number, authority that issued the document, date of issue of the document); data on diplomas of completion of educational institutions, receipt of academic degrees, titles, etc.; fingerprint information and genotype information; personal medical information; information about the characteristics of a citizen’s sex life and his sexual orientation; information about political views and religious beliefs; information about places of visit and recreation of a citizen or his family; content of personal conversations; information about the presence of an unexpunged conviction or cases of legal liability; state number of owned vehicles, driving experience; personal code; information for providing benefits for payment of housing and communal services; an identification number taxpayer (if any); information about the individual entrepreneur: TIN; certificate of entrepreneurial activity; activities; availability of a license; numbers of accounts opened in banks; place of business and telephone numbers; others (in particular, a description of the personality, which includes - 1 Height; 2 Eye color; 3. Special features).

Taking into account the complexity of working with personal data, the author has formulated the following requirements: personal data must be obtained and processed legally on the basis of current legislation; personal data is included in personal data bases on the basis of the free consent of the subject, expressed in writing, except for cases expressly established by law; Personal data must be collected for clearly defined and legitimate purposes and not be used in conflict with or redundant with those purposes. It is not allowed to combine personal data databases collected by holders for different purposes for automated processing of information; the personal data provided by the holder must be accurate and, if necessary, updated; personal data must be stored no longer than required by the purpose for which it is collected and is subject to

press destruction upon achieving this goal or when the need has passed; personal data is protected in a confidential information regime, excluding their accidental or unauthorized destruction or accidental loss, as well as unauthorized access to data, their modification, blocking or transfer, for persons holding senior government positions and candidates for these positions, may be established a special legal regime for their personal data, ensuring the openness of only socially significant data.

Violation of established requirements and norms regarding personal data should result in legal liability equivalent to the offense committed. It is worth noting that quite a lot has already been done in this direction within the framework of the Labor Code, Civil Code, Code of Administrative Offences, Criminal Code and other regulations at the federal level, however, in the aggregate, legal liability for violating the rules on personal data is far from being perfection.

The main disadvantage of the existing legal liability for violation of rules on personal data is the lack of consistency between various areas of personal data circulation. Among other shortcomings, one should highlight, firstly, the lack of comprehensiveness in ensuring legal liability for violation of rules on personal data, and a number of rules generally represent separate fragments of this activity, not systematically connected with each other, and secondly, in regulatory legal acts absent systems approach in regulating relations related to the protection of personal data through legal sanctions; thirdly, the presence of significant shortcomings in the legal and technical design of the offenses themselves affecting the relationships under study

It is worth saying that the set of legal institutions regulating relations in the sphere of circulation of confidential information is currently in the process of formation. The doctrinal understanding of many aspects of these relations is not fully established. However, it can be assumed that after a short period of time, as legislation develops, it will be necessary to develop the whole system offenses specialized in protecting these particular relationships. In particular, as the author believes, this will concern personal data.

At the same time, the offense already existing in the Code of Administrative Offenses of the Russian Federation “Violation of the established procedure for the collection, storage, use or dissemination of information about citizens (personal data)”, which is a kind of harbinger for the emergence of new system, according to the author, does not fully reflect the real state of affairs in this area. In connection with this, the author has proposed his own version of Article 13.11 of the Code of Administrative Offenses of the Russian Federation.

It should be noted that the existing significant shortcomings in the legal and technical design of the offenses themselves, affecting the above relations, in some cases significantly reduce the effectiveness of their application. In other cases, their content turns out to be narrower or completely different from the title of the corresponding articles.

According to the author, the problem of establishing legal liability for violation of rules on personal data is not the only one in this area; one of the main drawbacks is that the rules relating to the regulation of relations related to confidential personal information are not systematized and are contained only in a few regulations -legal acts.

The Federal Law “On Information, Informatization and Information Protection” defines the term “personal data” and lays down the basic principles of legal regulation of activities related to personal data. In particular, the article! I of this Law classifies such data as confidential information, introduces liability for violation of their confidentiality, as well as mandatory licensing for non-governmental organizations and individuals for activities related to the processing and provision of personal data. But these norms are of a general nature and have not yet been specified

Issues of legal regulation of work with personal data are raised in the Fundamentals of the Legislation of the Russian Federation “On the Archive Fund of the Russian Federation and Archives” (Article 20). Federal Law “On Operational Investigative Activities” (Articles 3, 5, 9, 10, 12, 21), Laws of the Russian Federation “On State Secrets” (Article 5), “On the Mass Media” (Article Art. 41, 43, 46, 51, 57), “On the police”, election legislation, etc. However, all these legal acts

you are not in relationship with each other when regulating the protection of confidential personal information.

The protection of confidential personal information with the help of codified sources is at a fairly low level, which in general characterizes the inconsistency of the current system of regulatory legal acts, and therefore there is an objectively urgent need in the country to develop a legal framework in the field of working with personal data, in Therefore, it is necessary to adopt the Federal Laws “On Privacy”, “On Personal Information”, “On Personal (Personal) Code”, “On State Population Register”. In addition to the adoption of these laws, parliamentarians need to consider provisions relating to additions, changes or establishment of norms in existing legislation.

Summarizing what has been said, we note that the Federal Law “On Personal Information” should provide a legal basis for the development of a regulatory legal framework that ensures the formation, use and protection of personal data arrays in a country where the following will be considered priorities:

a) protection of personal data of individuals from unauthorized access to it by criminal structures, other citizens, representatives of government bodies and services who do not have the appropriate authority, by regulating the procedure for access of personal data subjects to their data;

b) ensuring the safety, integrity and reliability of data based on:

Establishing a confidentiality regime for relevant personal data;

Regulation of the duties, rights and responsibilities of holders (possessors) of personal data arrays for working with this data;

c) ensuring, in the conditions of development of market relations in the country, opportunities for working with personal data of holders (possessors) or third parties to whom personal data is disclosed, who have a license to work with this data, in particular, on the basis of direct marketing.

The second chapter - “Ensuring information processes in the field of personal data” - is devoted to modern technical and legal means of implementing information processes in ensuring the circulation of personal data.

The problem of protecting the individual’s right to confidentiality of personal information with the development of advanced technologies is considered in industrialized countries as one of the most intractable, since here the legislator is faced with the task of establishing an optimal balance between the interests of the individual and society.

Regulation of these interests is carried out within the framework of information processes, which are determined by regulatory legal acts of the state. Today, in the legal acts of the Russian Federation, even a simple listing of existing information processes is given by law ambiguously.

So, according to Part 4 of Art. 29 of the Constitution of the Russian Federation, everyone has the right to freely seek, receive, transmit, produce and disseminate information in any legal way. In accordance with Art. 2 of the Federal Law "On Information..." "information processes are defined as processes of collecting, processing, accumulating, storing, searching and distributing information. In the Federal Law of July 4, 1996 No. 85-FZ "On participation in international information exchange » information processes are understood as the processes of creation, collection, processing, accumulation, storage, search, distribution and consumption of information*.

A comparison and analysis of the above definitions indicates that in the legislation (and in the scientific literature) there is no consistency in the conceptual apparatus, i.e. in regulatory legal acts, the concepts of information processes do not correlate with each other. Therefore, it is necessary to streamline them.

In the context of the issue under consideration, we have to admit that in domestic legislation there is almost no legal regulation of the processes of collecting and processing personal data about citizens, especially if automated systems are used. And this despite the fact that such data, included in federal information resources and information resources of the constituent entities of the Russian Federation, as well as received and collected by non-governmental organizations, is classified by the Federal Law “On Information, Informatization and Information Protection”4 as confidential information.

7 Federal Law of the Russian Federation dated February 20, 1995, No. 8, Art. 609. "SZ RF dated July 8, 1996 No. 28, art. 3347. 9 SZ RF dated February 20, 1995, No. 8, art. 609.

According to the author, the concept of “automatic processing of personal data” should include the following operations if they are completely or partially carried out using automated means: accumulation of data, separating them into separate blocks of information contained, carrying out logical and/or arithmetic operations with such data, their analysis, modification, erasure, restoration, preparation for use or distribution. As it seems, this definition should be included in the current federal laws “On information, informatization and information protection”, “On the State Automated System of the Russian Federation “Elections””0, as well as in the draft federal laws “On privacy”, “On information of a personal nature”, “On personal (personal) code”, “On the state population register”.

Particularly significant is the problem of regulating the procedure for automatic processing of personal data in relation to developing global computer networks, where the greatest interest, undoubtedly, is the Internet, which currently firmly occupies the position of the world's main information infrastructure.

In this regard, the author proposes to place on the site a noticeable and understandable description of the procedure for using information by the owner of the saiga, and also to ensure in a programmatic way that the visitor cannot access the content of the site without clicking a button confirming the visitor’s consent to the collection and use of information. A site collecting information must not only obtain the consent of the person to collect information about him, but also create certain conditions for its storage. At a minimum, the security and confidentiality of the information received must be ensured, and the subject of the information must be able to verify compliance with the agreed rules.

In order to make it easier for visitors to evaluate a site from the point of view of maintaining confidential information, we propose to introduce special certificates that can only be obtained by a site that in practice complies with certain rules for handling received confidential personal information (in this case, a special logo of such a certificate is placed on the site) .

But even compliance by the sender and addressee of the message with all established rules handling of personal data has not yet been ensured

respects their confidentiality. In this regard, choosing the Internet as a means of transmitting confidential information is quite responsible. Unfortunately, one of the aspects of the problem under consideration is that modern legislation does not yet provide effective means of ensuring the safety of such information by persons to whom it becomes available during the transfer process.

Another aspect is the lack of formation in the state of a modern infrastructure of general informatization and, in particular, the sphere of personal data, capable of satisfying the needs of interested subjects for information and computing services at the required level; information resources of personal data are not organized into database systems. In the non-state sector, although information technologies are widely used in various fields, this has not yet had any impact on ensuring the lawful accumulation and storage of personal data using information technologies. It seems that in order to solve the existing problem, the state must determine the degree of its participation in regulating the processes of creation and operation of closed non-state (corporate) systems, as well as open systems, primarily in the interests of protecting the rights of citizens.

Another important aspect is the establishment of a regime for publicly accessible personal information stored in automated databases. The confidentiality regime of personal data can be lifted in cases of depersonalization of personal data or at the request of the subject for his personal data, including a regime of publicly accessible information can be established - in biobibliographic directories, telephone books, address books, private advertisements, etc. In these cases, the following identifying personal data may be included in public databases: last name, first name, patronymic, year and place of birth, address of residence and work, contact telephone number, information about profession, other information provided by the subject and/or obtained from open sources. In the latter case, the holder must inform the subject about the content of his personal data, the sources of receipt and the purpose of use. Personal data of a specific subject must be immediately excluded by the holder of personal data from the public database on the basis of an order of this subject or a decision of an authorized government body, in cases specified in the law.

In addition to tasks technical solution regarding the accumulation, storage and management of information resources containing personal data, great importance should be attached to the issues of application and updating of regulations in force in this area. The most socially pressing problem in the field of legal regulation of informatization is the protection of individual rights in the conditions of accumulation and storage of personal data using a computer.

An appeal to international experience in the context under consideration indicates that one trend is obvious for foreign legislation: the elements of computer crimes proper (Actions against only protected computer information) are either simply absent or exist along with traditional offenses (fraud, disclosure of state secrets, collection and distribution of personal data). The latter either provide for an independent composition, which acts as a special one in relation to the general one (the same fraud), or are in the same article as a qualified composition.

In this regard, the application of the relevant provisions of the 1996 Criminal Code of the Russian Federation is more complex. The practice of applying existing compositions is very small, which allows us to state the practical difficulties of qualifying acts and the absence of additional norms in the Criminal Code of the Russian Federation that would correspond both to the articles of the Code of Administrative Offenses of the Russian Federation and other norms of federal legislation.

Another important aspect in ensuring information processes in the field of personal data is regulating the process of disseminating confidential personal information. Dissemination poses a more significant social danger for specific citizens than other relations inherent in information processes, and therefore the solution to the issue of regulating the procedure for disseminating personal data is more than relevant at the present time and requires careful and prompt consideration.

It should be taken into account that today the law or other regulatory legal acts do not disclose the legal content of the concept of “dissemination of information”, by which the author proposes to understand the publication of information in the press, broadcast on radio and television and video programs, demonstration in newsreel programs and other media information, presentation in judicial characteristics, public speeches, statements addressed to officials.

or a message in any other form, including oral, to several or at least one person.

For a complete, comprehensive and objective understanding of the problem, it must be considered from the perspective of determining the methods of disseminating personal data. Among these, direct and indirect distribution should be distinguished. Without in any way detracting from the importance of regulating the first method of disseminating confidential personal information, the second is currently of greatest interest, which is primarily due to the process of informatization taking place in society. At the same time, the direction of legal regulation of relations in this area depends on how sharply the technological and social features of information transfer are reflected in society. In this regard, the growing popularity of the global Internet is of particular concern. Considering the gaps in the legal regulation of the Network, they should be eliminated in the new information legislation.

The conclusion of the dissertation outlines the main theoretical conclusions and practical proposals arising from the research results.

2. Taking into account the importance of developing the legal framework in the field of working with personal data, as well as the need to make adjustments to the current legislation, the author proposed his conceptual vision of this problem, formulated a number of regulations that fill the gap and allow the formation of a system of norms that ensure the protection of relations in the area under consideration through both regulatory norms, definitional norms, and legal sanctions.

3 The main disadvantage of the existing legal liability for violation of rules on personal data is the lack of interconnection between various areas of circulation of personal data. Based on what has been said, the author has formulated a number of offenses that make it possible to eliminate the above shortcomings in the field of

personal data shields. Among the studied compositions, one can highlight the own edition of Articles 13.11 of the Code of Administrative Offenses of the Russian Federation, 137 of the Criminal Code of the Russian Federation, a new article supplementing Chapter 28 of the Criminal Code of the Russian Federation, and the author also proposed some changes and additions to certain articles of the Labor Code of the Russian Federation, the Civil Code of the Russian Federation, and the Criminal Code of the Russian Federation.

4. The definitions that make up the concept of “information processes” available in regulatory legal acts indicate that the legislation lacks consistency in the conceptual apparatus, and therefore the author has proposed a definition of “automatic processing of personal data”, which includes an exhaustive list of possible operations with personal data. It is also proposed to disclose the legal content of the concept of “dissemination of information” at the federal level. Taking into account the gaps in the legal regulation of the Internet, the author proposes to work out the conceptual apparatus in the new information legislation with the involvement of relevant experts in the field of technical knowledge to develop clear legislative concepts, etc.

Thus, the dissertation research carried out allowed us to note that the problem of protecting relationships related to confidential personal information is complex, affecting many areas of society, including material and procedural branches of law. Progress in the fair regulation of these relations cannot be achieved without a general evolutionary movement in the minds of people to consolidate the priorities of the interests of the individual, his rights and freedoms as the highest value for the state and society

The appendix to the dissertation presents a questionnaire studying the opinions of law enforcement officers whose functional responsibilities include working with personal data, as well as the results of an analytical study.

The main provisions of the dissertation research are reflected in four scientific articles and a textbook with a total volume of 5.8 pp.

1. Prosvetova OB, Rymareva NV Information security and modern information technologies // IV All-Russian scientific and practical conference “Security, security and communications”: Collection of materials. Part 2. - Voronezh: Voronezh Institute of the Ministry of Internal Affairs of Russia, 2003. - 0.23 pp. (co-author).

2 Prosvetova O.B. Constitutional regulation of legal means of protecting personal data // All-Russian scientific-

practical conference “Modern problems in the fight against crime”: Collection of materials. - Voronezh: VI Ministry of Internal Affairs of the Russian Federation, 2004. (Information security in the activities of internal affairs bodies) - 0.23 pp.

3. Zanina T.M., Prosvetova O.B. Administrative responsibility in the field of protection of confidential personal information // Bulletin of the Voronezh Institute of the Ministry of Internal Affairs of Russia. - T. 4 (19). - Voronezh: Voronezh Institute of the Ministry of Internal Affairs of Russia, 2004. - 0.2 pp. (co-authored).

4. Prosvetova O B Legal regulation of personal data // Bulletin of the Voronezh Institute of the Ministry of Internal Affairs of Russia. - T. 4 (19). -Voronezh: Voronezh Institute of the Ministry of Internal Affairs of Russia, 2004. - 0.2. p.l.

5. Prosvetova O B, Fedotov I.S Personal data: Educational * manual. - Voronezh: Voronezh Institute of the Ministry of Internal Affairs of Russia, 2004. -

Prosvetova Olga Borisovna Proofreader

Conditional oven l. 1.21 Signed for publication on March 21, 2005. Uch. -ed. l. 1.07

Circulation 100 copies_Order No. 5"?

Printing house of the Voronezh Institute of the Ministry of Internal Affairs of Russia 394065, Voronezh, prosp. Patriotov, 53.

RNB Russian Fund

Introduction.

Chapter 1. Constitutional and legal regulation of personal data

1. Constitutional protection of personal data.

2. Legal liability for violation of regulations on personal data.

3. Systematization of legislation on personal data.

Chapter 2. Ensuring information processes in the field of personal data

1. Regulation of the procedure for automated collection and processing of personal data.

2. Technical and legal support for the accumulation and storage of personal data.

3. Distribution of personal data.

Introduction 2005, dissertation on information science, computer technology and management, Prosvetova, Olga Borisovna

Relevance of the research topic. The provisions of the Constitution of the Russian Federation indicate a decisive transition of the state to the path of building a democratic society, where the main value is the person. At present, we can say with confidence that the Russian state on this path has encountered a number of problems that require solutions, among which the protection of the private life of a citizen stands out.

Part one of Article 24 of the Constitution of the Russian Federation contains a rule according to which “the collection, storage and dissemination of information about the private life of a person without his consent is not permitted.” This provision of the Constitution of the Russian Federation has a fundamental, system-forming character and should determine the meaning and content of a significant number of regulatory legal acts at various levels, distinguishing the category of “private life” and its derivative “personal data”.

The separation of the category “personal data” from the more general category “private life” is primarily associated with the spread of automated systems for processing and storing information, primarily computer databases, which can be accessed remote access through technical communication channels. It was these systems, which essentially revolutionized the structuring, storage and retrieval of necessary data, that created the preconditions for the problem of protecting confidential personal information.

The development of this problem raises a natural need to ensure reliable protection of information resources and processes, and streamline social relations in this area. Our state is just beginning to develop and implement an integrated approach to ensuring the protection of personal data in the legislative and executive fields. In this regard, it is especially important that the approach being developed covers the entire range of problems, and is not reduced to considering only their technical component.

The presented dissertation research is devoted to the analysis of legal aspects that ensure the protection of confidential personal information. In this regard, it should be noted that over the last decade the legislator has not ignored the emerging information environment under consideration, having adopted a number of system-forming legislative acts, among which we can highlight the Federal Law “On Information, Informatization and Information Protection”1, as well as the Federal Law "On participation in international information exchange". However, the process of forming a comprehensive legal system for the protection of personal data cannot be considered complete, as a result of which a significant number of draft new laws, as well as additions and amendments to the current legislation, still need to be considered and adopted.

Considering the fact that in the domestic legal system there is no democratic experience in protecting relations in the field of personal data through legal means, as well as in connection with the significant transformation of the tasks and functions of the state in comparison with the socialist period, there is a need for scientific analysis and understanding of the possibilities of legal science to ensure the protection of confidential personal information.

To date, legal science has practically not studied the potential of legislation to have a positive impact on the state of the system for ensuring the protection of personal data, although, in the author’s opinion, quite broad opportunities open up here.

1 SZ RF, 02.20.95, No. 8, Art. 609.

2 SZ RF, 07/08/1996, No. 28, Art. 3347.

Based on the foregoing, research in this direction is very relevant from a scientific point of view, and can also have practical implications if the projects and proposals formulated by the author are adopted with the further improvement of legal norms.

The degree of development of the research topic. Studying a significant number of sources of legal and technical literature allows us to state that the problem of personal data protection is poorly understood, and therefore requires separate study. A significant number of scientific works devoted to information security and information protection only partially dealt with the problem of protecting personal data, and those publications that included consideration of issues of regulation of the area under study addressed only general problems without the necessary specification.

In the present study, to a certain extent, there was a combination of doctrinal approaches in the study of the protection of personal data by specialists in the field of technical sciences, on the one hand, and specialists in the field of legal sciences, on the other. The author of the dissertation research relied on the achievements of the theory of law and state, as well as on scientific results obtained by representatives of technical sciences dealing with the problems of ensuring information security and information protection.

Theoretical problems of information law, legal support of information security and information protection were studied by I.L. Bachilo, V.A. Kopylov, V.N. Lopatin, V.A. Pozhilikh, M.M. Rassolov, A.A. Fatyanov, M.A. Fedotov, O.A. Fedotova, S.G. Chubukova, A.A. Shiversky, V.D. Elkin and others.

Problems of functioning of the information security system from the point of view of technical sciences are reflected in the works of A.L. Balyberdina, M.A. Vusa, V.A. Gerasimenko, A.A. Grusho, S.V. Dvoryankina, P.D. Zegzdy, E.V. Kaspersky, V.D. Kurushina, A.A. Malyuka, V.A. Minaeva, V.E. Potanina, V.N. Sablina, S.V. Skrylya, A.P. Fisun and a number of other scientists.

At the same time, the problems of improving the protection of personal data have not yet become the subject of a separate monographic study.

Object and subject of research. As an object of research within the framework of the topic, the social relations that develop in the process of legal regulation of ensuring the protection of personal data are considered.

The subject of the study is the set of legal norms regulating relations in the information sphere and, in particular, the set of legal norms to ensure the confidentiality of personal data.

Purpose and objectives of the study. The purpose of the dissertation research is to develop scientifically based proposals for the development and improvement of legislation that ensures the protection of the confidentiality of personal data.

In order to achieve this goal, the following theoretical and scientific-practical problems are solved in the dissertation research:

1) consider current problems of constitutional and legal regulation of personal data at the present stage;

2) analyze articles establishing legal liability for violation of rules on personal data, and offer recommendations for their implementation and improvement, taking into account existing international experience;

3) explore the problems of systematizing legislation on personal data, taking into account both existing laws and existing projects and proposals;

4) study technical experience and regulations governing the procedure for automated collection and processing of personal data;

5) explore the problems of technical and legal support for the accumulation and storage of personal data;

6) reveal the process of disseminating personal data from the perspective of existing modern capabilities in order to develop recommendations and improve standards for their protection.

Methodological and source study foundations of the study. The methodological basis of the research is the dialectical method of cognition, historical, systemic, comprehensive, targeted approaches to the problem under study, as well as special methods of cognition: formal logical, formal legal, comparative legal, as well as methods of abstraction, analogy and modeling.

During the work, the author of the dissertation analyzed the following sources: the Constitution of the Russian Federation, international legal acts, administrative, civil, criminal legislation, by-laws at the federal level, as well as other legal and technical material.

Provisions for defense:

2. An exhaustive list of categories of information classified as confidential information about citizens (personal data) developed by the author. The formation of this list is one of the key points in creating a legal framework that ensures the protection of personal data. This follows from the fact that the domestic law enforcement officer, who has not previously encountered the category of “personal data” and does not have a centuries-old tradition of forming and implementing legislation through the prism of ensuring the rights and freedoms of man and citizen, cannot ensure comprehensive protection of personal data based only on abstract definitions.

3. Justification for the provision that the rules relating to the regulation of confidential personal information are not systematized and are contained only in a few federal laws. However, their presence does not solve the problems that arise today in the area under consideration, since the norms are of a general, declarative nature, and therefore are subject to further development and specification.

4. The conclusion that the protection of confidential personal information. national character is at a fairly low level, which in general characterizes the inconsistency of the current system of regulatory legal acts, and therefore there is an objectively urgent need in the country to develop a legal framework in the field of working with personal data, due to which it is necessary to adopt a number of system-forming laws proposed by the author of the study, while parliamentarians need to consider provisions relating to additions, changes or establishment of norms in the current legislation.

5. Proposals for a new edition of Articles 13.11 of the Code of Administrative Offenses of the Russian Federation, 137 of the Criminal Code of the Russian Federation, on the addition of Chapter 28 of the Criminal Code of the Russian Federation with the following elements of the crime: “Violation of the established procedure for the circulation of confidential information about citizens (personal data) using a computer,” as well as some changes and additions to individual articles of the Labor Code of the Russian Federation, the Civil Code of the Russian Federation, and the Criminal Code of the Russian Federation. These proposals can form the basis for the formation of a system for the protection of confidential personal information, access to which is limited in accordance with the legislation of the Russian Federation, through legal sanctions.

6. Conclusion that the state has not yet formed a modern infrastructure of general informatization and, in particular, the sphere of personal data, capable of satisfying the needs of interested subjects for information and computing services at the required level, information resources of personal data have not been organized into database systems. In the non-state sector, although information technologies are widely used in various fields, this has not yet had any impact on ensuring the lawful accumulation and storage of personal data using information technologies. To solve the existing problem, the state must determine the degree of its participation in regulating the processes of creation and operation of closed non-state (corporate) systems, as well as open systems, primarily in the interests of protecting the rights of citizens.

7. Recommendations for regulating the procedure for disseminating personal data, taking into account the process of informatization taking place in society. In this regard, special attention is paid to the growing popularity of the global Internet, which currently firmly occupies the position of the world's main information infrastructure.

Scientific novelty of the research. The dissertation is the first monographic work in which, from the standpoint of combined doctrinal approaches in the study of personalized information, specialists in the field of technical sciences, on the one hand, and specialists in the field of legal sciences, on the other, explored the problems of personal data protection. The author analyzes theoretical provisions in the field of constitutional and legal regulation of personal data, critically analyzes the state of the norms affecting relations in this important area of public relations for society and the state.

Theoretical and practical significance of the research results. In accordance with the stated goals and objectives, all conclusions and provisions resulting from the research are subordinated to the idea of using them in developing new and improving existing legislation and building an effective system for ensuring the protection of personal data.

The author offers his own vision in defining the concept of personal data, on the basis of which a set of measures should be developed to ensure the protection of confidential personal information using legal norms. This study has developed proposals and recommendations that can be used when developing the conceptual apparatus of regulations in the field of personal data protection.

The author proposes to present in a new edition the two existing compositions of the Code of Administrative Offenses of the Russian Federation and the Criminal Code of the Russian Federation, to supplement the composition of Chapter 28 of the Criminal Code of the Russian Federation, as well as to make some changes and additions to certain articles of the Labor Code of the Russian Federation, the Civil Code of the Russian Federation, the Criminal Code of the Russian Federation and other federal laws, which together will allow certain to improve the level of protection of personal data through legal sanctions. In addition, regulations have been proposed to systematize legislation on personal information.

The empirical basis of the study was an analysis of the results of a survey of 120 law enforcement officers from twenty constituent entities of Russia, of which three republics, three territories, thirteen regions and one federal city (Moscow), as well as the results of a study of 50 materials of civil cases affecting the sphere of private life.

Approbation of the work and implementation of the research results. The main provisions of the dissertation were reported and discussed at the Department of Constitutional and Administrative Law of the Voronezh Institute of the Ministry of Internal Affairs of Russia, during practical classes with full-time adjuncts, at the IV All-Russian Scientific and Practical Conference “Security, Security and Communications” (Voronezh, 2003), at the All-Russian scientific and practical conference of cadets, adjuncts and students “Modern problems in the fight against crime” (Voronezh, 2004).

The dissertation research materials were published in four scientific articles and a textbook, the total volume of publications was 5.8 pp. The methodological recommendations developed on the basis of the dissertation research were introduced into the practical activities of the UOOP of the Central Internal Affairs Directorate of the Voronezh Region, as well as into the educational process of the Voronezh Institute of the Ministry of Internal Affairs of the Russian Federation.

Structure of the dissertation. The dissertation consists of an introduction, two chapters (including 6 paragraphs), a conclusion, a list of references and an appendix.

Conclusion dissertation on the topic "Protection of personal data"

Summarizing the above, we note the main conclusions of the dissertation.

1. Currently in Russia, the rules relating to the regulation of confidential personal information are not systematized and are contained only in a few federal laws. However, their presence does not solve the problems that arise today in the area under consideration, since the norms are of a general, declarative nature, and therefore are subject to further development and specification.

2. The protection of confidential personal information is at a fairly low level, which in general characterizes the inconsistency of the current system of regulatory legal acts, and therefore there is an objectively urgent need in the country to develop a legal framework in the field of working with personal data, due to which it is necessary to adopt a number of system-forming laws, while parliamentarians need to consider provisions relating to additions, changes or establishment of norms in the current legislation.

Considering the importance of developing the legal framework in the field of working with personal data, as well as the need to make adjustments to the current legislation, the author proposed his conceptual vision of this problem, formulated a number of regulatory legal acts that fill the gap and allow the formation of a system of norms that ensure the protection of relations in the considered sphere through both regulatory norms, norm-definitions, and legal sanctions.

3. Taken together, legal liability for violation of rules on personal data is far from perfect, however, quite a lot has already been done within the framework of the Labor Code, Civil Code, Code of Administrative Offences, Criminal Code and other regulatory legal acts at the federal level.

The main disadvantage of the existing legal liability for violation of rules on personal data is the lack of interconnection between various areas of personal data circulation. Among other shortcomings, one should highlight, firstly, the lack of comprehensiveness in ensuring legal liability for violation of rules on personal data, and a number of rules generally represent separate fragments of this activity, not systematically connected with each other, and secondly, in regulatory legal acts there is no systematic approach to regulating relations related to the protection of personal data through legal sanctions; thirdly, the presence of significant shortcomings in the legal and technical design of the offenses themselves affecting the relationships under study.

It should be noted that the existing shortcomings in the legal and technical design of the offenses themselves, affecting the relationships under study, in some cases significantly reduce the effectiveness of their application. In other cases, their content turns out to be narrower or completely different from the title of the corresponding articles.

Based on what has been said, the author has formulated a number of offenses that make it possible to eliminate the above shortcomings in the field of personal data protection. Among the studied compositions, one can highlight the own edition of Articles 13.11 of the Code of Administrative Offenses of the Russian Federation, 137 of the Criminal Code of the Russian Federation, a new article supplementing Chapter 28 of the Criminal Code of the Russian Federation, and the author also proposed some changes and additions to certain articles of the Labor Code of the Russian Federation, the Civil Code of the Russian Federation, and the Criminal Code of the Russian Federation.

4. The definitions of information processes available in regulatory legal acts indicate that in the legislation (and in the scientific literature) there is no consistency in the conceptual apparatus, i.e. concepts of information processes do not correlate with each other.

In the context of the situation under consideration, we have to admit that in domestic legislation there is almost no legal regulation of the processes of collecting and processing personal data about citizens (especially if automated systems are used). And this despite the fact that such data, included in federal information resources and information resources of constituent entities of the Russian Federation, as well as received and collected by non-governmental organizations, is classified by the Federal Law “On Information, Informatization and Information Protection” as confidential information.

Following the above, the presented study proposes a definition of “automatic processing of personal data”, which includes an exhaustive list of possible operations with personal data. This definition, in the author’s opinion, should be included both in existing federal laws and in draft laws designed to regulate the scope of personal data.

5. The state has not yet formed a modern infrastructure of general informatization and, in particular, the sphere of personal data, capable of satisfying the needs of interested subjects for information and computing services at the required level, information resources of personal data have not been organized into database systems. In the non-state sector, although information technologies are widely used in various fields, this has not yet had any impact on ensuring the lawful accumulation and storage of personal data using information technologies. To solve the existing problem, the state must determine the degree of its participation in regulating the processes of creation and operation of closed non-state (corporate) systems, as well as open systems, primarily in the interests of protecting the rights of citizens.

6. Based on the fact that the dissemination of confidential personal information poses a more significant public danger for specific citizens than other relations inherent in information processes, resolving the issue of regulating the procedure for disseminating personal data is more than relevant at the present time and requires careful and prompt consideration.

In this regard, the author proposes to reveal the legal content of the concept of “dissemination of information” at the federal level. For a complete, comprehensive and objective understanding of the problem of regulating the dissemination of personal data, it is proposed to consider it from the perspective of determining the methods of dissemination. Among these, direct and indirect distribution should be distinguished. Without in any way detracting from the importance of regulating the first method of disseminating confidential personal information, the second is currently of greatest interest, which is primarily due to the process of informatization taking place in society. At the same time, the direction of legal regulation of relations in this area depends on how sharply the technological and social features of information transfer are reflected in society. In this regard, the growing popularity of the global Internet, which currently firmly occupies the position of the world's main information infrastructure, is of particular concern.

7. Taking into account the gaps in the legal regulation of the Internet, they should be eliminated in the new information legislation. Along with the law regulating public policy on the Internet, a framework law on the Internet should be adopted. In it, according to the author, it is necessary: 1) to work out the conceptual apparatus with the involvement of relevant experts in the field of technical knowledge to develop clear legislative concepts; 2) consolidate the most important principles of “network relations”; 3) reflect the specifics of the subject composition of network relations; 4) establish rules for information exchange on the Internet; 5) formulate the responsibility of participants in network relations for violation of established norms, as well as provide methods of proof and features of consideration of “network disputes”; establish limits of liability for each participant in network relations.

In conclusion, I would like to note that the problem of protecting relationships related to confidential personal information is complex, affecting many areas of society, including substantive and procedural branches of law. Progress in the fair regulation of these relations cannot be achieved without a general evolutionary movement in the minds of people to consolidate the priorities of the interests of the individual, his rights and freedoms as the highest value for the state and society.

Bibliography Prosvetova, Olga Borisovna, dissertation on the topic Methods and systems of information security, information security

1. Constitution of the Russian Federation M.: “Prospekt”, 2000. - 48 p.

2. Universal Declaration of Human Rights. Adopted by the UN General Assembly on December 10, 1948 // Human Rights. Sat. international documents. - M. Ed. Moscow State University. 1986. pp. 21-29.

3. European Convention for the Protection of Human Rights and Fundamental Freedoms // Collection of Legislation of the Russian Federation, 2001, January 8, No. 2, Art. 163.

4. Convention on the Rights of the Child // United Nations Publication New York, 1992.

5. International Covenant on Civil and Political Rights // Gazette of the Supreme Soviet of the USSR, 1976, No. 17 (1831), Art. 291.

6. Civil Code of the Russian Federation (Part Two) dated January 26, 1996 No. 14-FZ (as amended on December 17, 1999) // Collection of Legislation of the Russian Federation, January 29, 1996, No. 5, Art. 410.

7. Code of Administrative Offences. Codes of the Russian Federation: Issue 2. M.: MNFRA - M, 2002. - 283 p.

9. Family Code of the Russian Federation. M.: Association of Authors and Publishers “TANDEM”. Publishing house "EKMOS", 2002. 96 p.

10. Labor Code of the Russian Federation of December 30, 2001 No. 197-FZ // Law of the Russian Federation of January 7, 2002 No. 1 (Part I) Art. 3.

11. Criminal Code of the Russian Federation of June 13, 1996 No. 63-F3 // SZ of the Russian Federation of June 17, 1996 No. 25 Art. 2954.

12. Criminal Procedure Code of the Russian Federation // Rossiyskaya Gazeta, 2001, December 22.

13. Doctrine of information security of the Russian Federation" dated September 9, 2000, approved. President of the Russian Federation No. PR 1895. // Rossiyskaya Gazeta, No. 187, dated September 28, 2000.

14. Federal Law of 02.20.95 No. 24-FZ “On information, informatization and information protection” // SZ RF 02.20.95, No. 8, Art. 609.

15. Federal Law of the Russian Federation “On state protection of judges, officials of law enforcement and regulatory authorities” // SZ RF. 1995. No. 17. Art. 1455.

16. Federal Law of the Russian Federation dated August 12, 1995. No. 144-FZ (ed. 12/30/99) “On operational-search activities” // SZ RF 08/14/95, No. 33, Art. 3349.

17. Federal Law of April 3, 1995 No. 40-FZ “On Bodies federal service security in the Russian Federation” // Rossiyskaya Gazeta. 1995, April 12.

19. Federal Law of August 9, 1995 No. 129 Federal Law “On Postal Communications” // SZ RF. 1995, No. 33, Art. 3334.

20. Federal Law of July 4, 1996 No. 85-FZ “On participation in international information exchange” // SZ RF, 07/08/1996, No. 28, Art. 3347.

21. Federal Law of September 26, 1997 No. 125-FZ “On freedom of conscience and religious associations” // Social Protection of the Russian Federation, 1997, No. 39, Art. 4465.

22. Federal Law of the Russian Federation dated July 25, 1998 No. 128-FZ “On state fingerprint registration in the Russian Federation” // Rossiyskaya Gazeta, 1998, No. 145.

23. Federal Law of March 30, 1999 No. 52-FZ “On the sanitary and epidemiological welfare of the population” // SZ RF, 1999, No. 14, Art. 1650.

24. Federal Law of June 18, 2001 No. 77-FZ “On preventing the spread of tuberculosis in the Russian Federation” // SZ RF, 2001, No. 26, Art. 2581.

25. Federal Law of April 25, 2002 No. 40-FZ “On compulsory insurance civil liability of vehicle owners" // Law of the Russian Federation dated May 6, 2002, No. 18, Art. 1720.

26. Federal Law No. 20-FZ dated January 10, 2003 “On the State Automated System of the Russian Federation “Elections”” // Federal Law of the Russian Federation dated January 13, 2003 No. 2 Art. 172.

27. ZO.Law of the Russian Federation “On the Police” dated 04/18/91 No. 1026-1 // Gazette of the Congress of People's Deputies and the Supreme Council of the RSFSR, 04/18/91. No. 16, art. 503.

28. Law of the Russian Federation dated July 21, 1993 No. 5485-1 “On State Secrets” // Rossiyskaya Gazeta, 1993, September 21. 34.3 Law of the Voronezh Region dated January 13, 1998 No. 28-N-OZ “On Informatization of the Voronezh Region” .

29. Decree of the President of the Russian Federation of March 6, 1997 No. 188 “On approval of the list of confidential information” // Social Protection of the Russian Federation 1997, No. 10, Art. 1127.

30. Decree of the Government of the Russian Federation dated March 14, 1997 No. 298 “On approval of samples and descriptions of forms of basic documents identifying the identity of a citizen of the Russian Federation outside the Russian Federation” // Social Protection of the Russian Federation dated March 24, 1997 No. 12, Art. 1435.

31. Resolution of the Administration of the Voronezh Region dated September 6, 1999 No. 886 “On the implementation of a system for protecting information resources of the Voronezh Region.”

32. Commentary on the Law of the Russian Federation “On the Mass Media” M.: Galeria, 2001.

33. Commentary on the Law of the Russian Federation “On the Police” / Yu.P. Solovey, V.V. Chernikov. Second edition, revised and expanded. M.: “Prospekt”, 2001.

34. Commentary on the Criminal Code of the Russian Federation: Scientific and practical commentary / Rep. ed. V. M. Lebedev. M., 2001.

35. Commentary on the “Law on Mass Media”. Ed. V.N. Monakhova. M., 2001.

36. Commentary on the Tax Code of the Russian Federation for trade organizations / M.Yu. Rakitina, O.JI. Arutyunova, S.V. Sharova M.: Publishing and consulting company “Status Quo 97”, 2003.

37. Commentary on the Labor Code of the Russian Federation (edited by K.N. Gusov) M.: TK Velby LLC, Prospekt Publishing House LLC, 2003.

38. Commentary on the Civil Code of the Russian Federation, part two / Ed. prof. T.E. Abova and A.Yu. Kabalkin; Institute of State and Law RAS. M.: Yurayt-Izdat; Law and Law, 2003. - 976 p.

39. Scientific and practical commentary on the Constitution of the Russian Federation / Rep. ed. V.V. Lazarev // Electronic version for the reference legal system “Garant” as of October 1, 20041. MONOGRAPHIES AND ARTICLES

40. Agapov A.B. Problems of legal regulation of information relations in the Russian Federation // State and Law, 1993, No. 4. S. 125130.

41. Anosov V.D., Streltsov A.A. On the doctrine of information security of the Russian Federation (draft) // Information Society, 1997, No. 2, 3.

42. Arkhipov A.V. Information security of an object is a multifaceted task. // Confidential. No. 1-2.1999. P.30-31.

43. Bachilo I.L. Legal regulation of informatization processes // State and Law 1994, No. 12. P.72-80.

44. Boyko B.B. An integrated approach to ensuring information security. // Interregional conference “Information security of Russian regions”, St. Petersburg, October 13-15, 1999: conferences. Parts 1 and 2. St. Petersburg, 1999.- P.38-39.

45. Volkov S., Bulychev V. Protection of business reputation from defamatory information // Russian Justice, 2003, No. 8. P. 51.

46. Volchinskaya E.K. On the directions of development of legislation in the field of information circulation / Analytical note, 1998, August. P.24-32.

47. Gilyarov E.M., Yanina E.V. Information as an object of legal regulation // Security of information technologies. 2001, No. 3. P.5-10.

48. Gostev I. M. Protection of personal data and information about the private life of citizens. // Confidential. No. 3. 1999. P. 13.

49. Gross G. They stole something very personal // Computerworld, 2003, No. 35.

50. Zhukov I.A., Leonov T.E. Comprehensive information protection in data transmission networks of internal affairs bodies / Information and technical support for the activities of internal affairs bodies. Proceedings of the Academy of Management. M., 1998. pp. 112-119.

51. Kalyatin V.O. Personal data on the Internet // Journal of Russian Law, 2002, No. 5. P. 12.

52. Kirin V.I. Foreign experience in legislative practice in the use of technical means / Computer techologies and management of internal affairs bodies. Proceedings of the Academy of Management. M., 2000. P.181-187.

53. Klimova Yu. How to stop the spread of compromising evidence in the virtual world // Russian Justice, 2001, No. 12. P. 48-50.

54. Kopylov A.V. Protection of information in the premises and technical channels of city district internal affairs bodies / Organizational, technical, mathematical and legal aspects of information activities of internal affairs bodies. Proceedings of the Academy of Management. M., 2001. P.49-57.

55. Kostenko M.Yu. Tax secrecy and other types of confidential information // Your tax lawyer, 2001, No. 2.

56. Krylov V.V. Forensic problems of assessing crimes in the field of computer information // Criminal law. 1998. No. 3.

57. Marshani M.B. Does a doctor have the right to divulge our secrets // Security of information technologies. 2001, No. 3. P.52-54.

58. Pogulyaeva E. Don’t talk! // “ezh-LAWYER”, 2003, No. 43.

59. Polupanov V. How they treat it is a secret // Arguments and Facts, 2002, No. 7. P.24.

60. Sabynin V.N. Organization of work to ensure information security in the company // Informost. 2001, No. 18. P.56-58.

61. Stepanov O.A. The essence of the legal regime for regulating information and electronic relations in the Russian Federation / Information and technical support for the activities of internal affairs bodies. Proceedings of the Academy of Management. - M., 1998. P.50-59.

62. Stepanyuk L. What guarantees for the protection of personal data of employees are established by the Labor Code of the Russian Federation? // Financial newspaper. Regional issue, 2003, No. 37.

63. Tibenko K.A. Some aspects of legal support for information security // Security of information technologies. 2001, No. 3. P.63-69.

64. Fatyanov A.A. Secrecy and law (main systems of restriction of access to information in Russian law): Monograph. - M.: MEPhI, 1999. 288 p.

65. Frantsuzova L. Personal data of employees // Personnel Affairs, 2003, No. 4.

66. Khodorych A. Fractured base // Kommersant money. 2001, No. 7. pp. 13-20.

67. Khodorych A. “You can’t put a scarf on every mouth” // Kommersant money. 2001, No. 7. P.21.

68. Chekulaev R.A. Ensuring information security as new feature private security and detective structures // Security of information technologies. 2001, No. 3. P.76-79.

69. Shlyakhtina S. Internet in figures and facts (http://www/compress.ru/Article.asp.id=4205).

70. TEXTBOOKS, TUTORIALS, LECTURES, DISSERTATIONS,1. ABSTRACTS

71. Aikov D., Sager K., Fonstorkh U. Computer crimes. Guide to combating computer crime. M., 1999.

72. Bachilo I.L., Lopatin V.N. Fedotov M.A. Information Law: Textbook / Ed. acad. RAS B.N. Topornina. St. Petersburg: Publishing Center Press, 2001.789 p.

73. Borodin S.V. Article-by-article Commentary on the Criminal Code of the Russian Federation of 1996. / Ed. A.V. Naumova M.: “Gardarika”, Legal Culture Foundation, 1996.

74. Gavrilin Yu.V. Investigation of unlawful access to computer information: Textbook / Ed. N.G. Shurukhnova. M.: Book World, 2001. 88 p.

75. Gaikovich V.Yu., Ershov D.V. Fundamentals of information technology security. M.: MEPhI, 1995. 96 p.

76. Gerasimenko V.A., Malyuk A.A. Fundamentals of information security. M.: MEPhI, 1997. 537 p.

77. Gomien D, Harris D, Zwaak JI. European Convention on Human Rights and the European Social Charter: Law and Practice.” M., 1998.

78. Grachev G.V. Information and psychological security of the individual: state, possibilities of psychological protection. M.: Publishing house. RAGS, 1998. 125 p.

79. Grinyaev S.N. Intellectual counteraction to information weapons. Series “Informatization of Russia on the threshold of the 21st century.” - M.: SINTEG, 1999. 232 p.

80. Domarev V.V. Information protection and security of computer systems. Kyiv: Publishing house: DiaSoft. 1999. 480 pp.

81. Karelina M.M. Commentary on the Criminal Code of the Russian Federation: Scientific and practical commentary / Rep. ed. V.M. Lebedev. M.: Yurayt-M, 2001.

82. Kovalev V.I. Commentary on the Labor Code of the Russian Federation on the financial liability of workers M.: For the right of military personnel, 2003.

83. Computer terrorists: Newest technologies in the service of the criminal world. / Author-compiler T.I. Revyako. Mn.: Literature, 1997. -640 p.

84. Kondratyeva C.J1. Legal responsibility: the relationship between substantive and procedural law. Diss. . Ph.D. legal Sci. M., 1998. 187 p.

85. Kopylov V.A. Information law: Textbook. M.: Yurist, 1997. 472 p.

86. Kostyuk V.D. Intangible benefits. Protection of honor, dignity and business reputation. M., 2002.

87. Kotov B.A. Manager's Legal Directory. Secret. - M.: PRIOR Publishing House, 1999. 128 p.

88. Krapivin O.M., Vlasov V.I. Employer: rights and obligations / Under general. ed. Professor S.I. Skinny. M.: Norma, 2004. 400 p.

89. Lopatin V.N. Information security in the public administration system (theoretical and organizational and legal problems). Diss. . Ph.D. legal Sci. St. Petersburg, 1997. 193 p.

90. Lopatin V.N. Concept for the development of legislation in the field of ensuring information security of the Russian Federation (draft). - M.: Publication of the State Duma, 1998. 159 p.

91. Lopatin V.N. Information security of Russia: Man. Society. State / St. Petersburg University of the Ministry of Internal Affairs of Russia. - St. Petersburg, 2000. 428 p.

92. Lopatin V.N. Legal foundations of information security: A course of lectures, M.: MEPhI, 2000. 355 p.

93. Lusher F. Constitutional protection of individual rights and freedoms. M., 1993.

94. Malyuk A.A., Pazizin S.V., Pogozhin N.S. Introduction to Information Security automated systems. M.: Hotline-Telecom, 2001. - 148 p.

95. Matveeva A.A. Crimes in the field of computer information. / Course of criminal law. Volume 4. Special part / Ed. Doctor of Law, Professor G.N. Borzenkov and Doctor of Law, Professor B.C. Komissarova. M., 2002. 543 p.

96. Melik-Gaykazyan I.V. Information processes and reality. M., 1997.

97. Melnikov V.V. Protection of information in computer systems. M.: Finance and Statistics. 1997. 368 p.

98. Mikhailov S.F., Petrov V.A., Timofeev Yu.A. Information Security. Information protection in automated systems. Basic Concepts: Study Guide. M.: MEPhI, 1995. 112 p.

99. Naumov V.B. Law on the Internet: Essays on Theory and Practice. M.: Book House “University”, 2002. 135 p.

100. Ozhegov S.I., Shvedova N.Yu. Dictionary Russian language: 80,000 words and phraseological expressions / Russian Academy of Sciences. Institute of Russian Language named after. V.V. Vinogradova. 4th edition, expanded. M.: Azbukovnik, 1999. 944 p.

101. Organization and modern methods of information security (under the general editorship of Diev S.A., Shavaev A.G.) - M., Concern "Banking Business Center". 1998. 472 p.

102. Osipenko A.JI. Fighting crime in global computer networks: International experience: Monograph. M., 2004. 432 p.

103. Fundamentals of information security: Textbook / V.A. Minaev, S.V. Skryl, A.P. Fisun, V.E. Potanin, S.V. Dvoryankin. Voronezh: Voronezh Institute of the Ministry of Internal Affairs of Russia, 2000. - 464 p.

104. Pozhilikh V.A. Organizational and legal features of information protection in automated information systems of internal affairs bodies. Author's abstract. diss. . Ph.D. legal Sci. Voronezh, 2003. 21 p.

105. Law and information security // Under general. ed. Doctor of Law Sciences, Professor E. N. Shchendrigin. In 2 books. Book 1. Orel: OrYui Ministry of Internal Affairs of the Russian Federation, 2000. 143.

106. Crimes in the field of computer information: Qualification and proof: Textbook / Ed. Yu. V. Gavrilina. M., 2003.

107. Investigation of illegal access to computer information / Ed. N. G. Shurukhnova. M., 1999.

108. Rassolov M.M. Information law: Textbook. M.: Yurist, 1999. 400 p.

109. Romanets Yu.V., Timofeev P.A., Shangin V.F. Protection of information in computer systems and networks. -M., 2003.

110. Simkin JI.C. Computer programs: legal protection (legal remedies against software piracy). - M.: Gorodets publishing house, 1998. 208 p.

111. Smolkova I. V. Secret: concept, types, legal protection: Legal terminological dictionary - commentary. M., 1998. 79 p.

112. Snytnikov A.A., Tumanov JI.B. Ensuring and protecting the right to information. M.: Gorodets - publishing house, 2001. 344 p.

113. Stelmakh N.N. Practical guide on taxation of income of individual entrepreneurs. -M.: “Status Quo 97”, 2002.

114. Stepanov E.A., Korneev I.K. Information security and information protection: Textbook. -M.: INFRA-M, 2001. 304 p.

115. Fatyanov A. A. Legal support of information security. Diss. doc. legal Sci. -M., 1999. 503 p.

116. Fatyanov A.A. Legal support for information security in the Russian Federation. Tutorial. -M., 2001. 412 p.

117. Fisun A.P., Kasilov A.N. Meshkov A.G. Computer science and information security: Textbook. // Under the general editorship of Ph.D., Associate Professor Fisun A.P. Orel: OSU, 1999. 282 p.

118. Fedotova O.A. Administrative responsibility in the field of information security. Diss. . Ph.D. legal Sci. - M., 2003. 195 p.

119. Chereshkin D.S., Antopolsky A.B. Kononov A.A., Smolyan G.L., Tsygichko V.N. Protection of information resources in the context of global development open networks. M., 1997. 75 p.

120. Chubukova S.G., Elkin V.D. Fundamentals of legal informatics (legal and mathematical issues of informatics) Textbook / Ed. Doctor of Law, Professor M.M. Rassolova. M., 2004. 252 p.

121. Shiversky A.A. Information security: problems of theory and practice. -M.: Yurist, 1996. 112 p.

122. Sheverdyaev S. Information relations and the system of information legislation. M., 1999.

123. Shurakov V.V. Ensuring the safety of information in data processing systems. M.: Finance and Statistics. 1985. 224 p.

124. Entin M.L. International guarantees of human rights. Experience of the Council of Europe. M., 1997.

125. Eredelevsky A.M. Moral damages and compensation for suffering. M. BECK. 1997.

126. Grande S. Plan to fight moves on long-term eOmail records//Financial Times. 2001.29 June.

127. Case-law concerning Article 10 of the European Convention on Human Rights. Directorate General of Human Rights. Strasbourg. 2000. P. 21-22.

128. Regulation of Investigatory Powers Act 2000.

129. See Case-law concerning Article 10 of the European Convention on Human Rights. Directorate General of Human Rights. Strasbourg. 2000. P. 8, 24.

130. Tareg al Baho v. Marc Fermigier, Hans Hermann, and Francoise Vireux, Tribunal Correctionnel de Paris, 2000.

131. The Washington Post Company: http://www.newsbvtes.eom/news/01/166216.html; BBC: http://news.bbc.co.uk/hi/english/world/europe/newsid 1325000/1325186.stm.

Scientific research work on the protection of personal data. Scientific work: Protection of employee personal data

Abstract of the dissertation on the topic "Protection of personal data"

Introduction 2005, dissertation on information science, computer technology and management, Prosvetova, Olga Borisovna

Conclusion dissertation on the topic "Protection of personal data"

Bibliography Prosvetova, Olga Borisovna, dissertation on the topic Methods and systems of information security, information security

We are in social networks

Categories