the Internet Windows Android
Expand
the main

Personal data from open sources. Concept and types of personal data

The displaced data include:

  • Name, name and patronymic;
  • Nickname / login subject on the Internet;
  • Email address (without binding to FULL NAME);
  • Position, place of work (without personal data).

The public data includes the subject of the subject that can be obtained in open sources of information, for example, in the telephone directory or address book. In such public bases, the data is made with the written consent of the subject. : Features The peculiarity of publicly available personal data is that they can be placed in open sources of information. That is, if the contact details of officials are indicated in the contact details directory, such as studying and hiring personnel, then such data is considered publicly available.

Concept and types of personal data

TK RF). Processing personal data implies various operations provided for by law Russian Federation. The types of PD treatment concerns the collection, systematization, accumulation, storage, updating, use, depersonalization, destruction, which are made according to the established procedures of regulatory enactments.


Performing operations with PDNs can state, federal, municipal bodies and organizations that have such a right to status. All PDNs are divided into such sections:
  • Publicly available personal data;
  • Special personal data;
  • Biometric personal data.

In the formation of information systems for personal data (duty), it is recommended to be guided by order of FSTEC, FSB and Ministries information technologies and links of the Russian Federation No. 55/86/20 from 13.
02.

Public personal data

Inappropriate use of such information is punishable by law. The law on the protection of personal data takes care not only about the physical, but also legal entitiesoh.

Attention

Little who will like if information about the financial state of affairs or data of employees of the company will be available to each wishes. This would significantly simplify the life of fraudsters, which are not like ordinary citizens, nor law enforcement officers.


What data are considered personal under the law? A clear list of information that belongs to personal, is not given in law. Content:
  • Public personal data
  • Article 8.

Publicly available personal data

For example, the law does not define exactly whether the phone number is personal data. Roskomnadzor in response to the appeal of citizens explained that only by number it is impossible to accurately identify a person.

By itself, he is not personnel, and in a bundle with the name of the owner and the city of residence refers to PD. Therefore, the inconsonted distribution of SMS messages is not considered a violation of FZ No. 152.

The general PD is contained in the passport, a military ticket, a diploma, personal card of an employee, an employment book, etc. Written permission is not necessary to obtain this data, quite indirect, for example, a tick opposite the relevant item online questionnaire.
The relative simplicity of access often brings problems to the subjects of PD - ordinary citizens: from obsessive advertising until blackmail and fakes of credit applications.

What personal data is considered publicly available

For example, the following:

  • need to store backups all database;
  • a specialist is needed, which will be engaged in administering the information system;
  • the costs of specially designed equipment and software will be required;
  • an employee who processes personal data should be extremely visible.

What methods are used to effectively protect personalized employee information?

  • Make premises in which personal data are processed fully closed to access other employees.
  • For any information, employees must receive a special permission.
  • Data storage must be clearly organized.

Considering the presence and disadvantages, and the benefits of each of the methods, as a rule, employers combine them.

Article 8. Public Sources of Personal Data

Commercial secret salary will not be due to the fact that it refers to the wage system. But this does not exclude it from the list of PD, for the distribution of which the employee can be dismissed according to the Labor Code.

And if the employee starts to challenge this decision in court, then the employer is obliged to prove that disclosing information refers to the secret, whose information employee undertakes to not report anyone. To content types of personal data types can be classified by:

  • Contents laid in them:
  • The discharge, which includes a list specified in Art 10: Race, belonging to the nation, religion, health, personal life, political beliefs. At the same time, according to the FZ-152, there are limitations here, namely, access can be carried out only with the written permission of the owner.

Wages are personal data or not?

Important

For information security purposes, publicly available sources of personal data (including reference books, address books) can be created. In publicly available sources of personal data with the written consent of the subject of personal data, its surname, name, patronymic, year and place of birth, address, subscriber number, profession information and other personal data reported by the subject of personal data can be included.


(as amended by Federal Law of July 25, 2011 N 261-FZ) (see Text in the previous edition) 2. Information about the personal data entity must at any time are excluded from publicly available sources of personal data at the request of a personal data entity or by court or other authorized state bodies. (as amended by Federal Law of July 25, 2011 N 261-FZ) (see
Content
  • Biometric. Characterize physiology.
  • Not biometric. Data that do not belong to biometric.

Types of personal data on what types are personal data divided? What applies to them? It is important to understand that all information that is kept in the enterprise with respect to a certain employee can be considered from two different points vision.

  • Data O. married and the family of an employee (individual members), namely: the presence of dependents, the presence of children, their age and quantity, state of health.
  • Information about a specific employee, namely: FULL NAME (passport), profession, health condition, as well as any particular circumstances.

The head of the enterprise is obliged to form a regulatory act of a local value, which considers the procedure that determines the storage of personal data.

Personal data are publicly available to them

Responsibility for the disclosure is important to consider that 152 FZ "On Protection of Personal Data" provides for only the administrative responsibility of the enterprise for the disclosure of personal data of the employee. So, if an organization is not able to guarantee the absolute protection of their personal information to employees, it is only a penalty. Moreover, the amount of cash punishment for incorrect storage of personal data is absolutely funny. In general, they fluctuate from five to ten thousand rubles. Of course, it is so if we are talking only about single payments. As a rule, in enterprises where there is such a problem, multiple disorders, and therefore, the amounts of the fine increase significantly. However, cash costs are far from the most important consequence that the use of personal data is incorrect. It hits the company's reputation.
For example, the following:

  • availability of additional resources for storage, such as special premises, equipment, safes, and so on;
  • labor complexity;
  • special skills require paper documentation.

Sometimes personnel departments prefer to store information about one employee separately (in various thematic folders). So, all employment contracts, questionnaires and other documents for all employees immediately are stored separately. They are numbered for a more convenient search. This method is less labor-intensified than the one that was described above, and does not require any special skills from the personnel officer. Nevertheless, it is not devoid of flaws.
Notifying the processing of personal data of a very frequent error of operators to notify the processing of PD when it was possible to do this. And if you still decided to notify Roskomnadzor, then here are some recommendations:

  • Read very carefully from Part 2 of Article 22 of the FZ of the Russian Federation of June 27, 2006.

    N 152-FZ "On Personal Data".

  • Look at the data that is processed with you. Some cases will require you adjustments with PD carriers.

One of the reasons why it is possible not to notify the processing of PD is indicated in paragraph 2 of Part 2 of Article 22 of the Federal Law and it looks like this: take an example to establish business relationships with the physical person to fulfill the service.

To make it clear that everything is ready and you did not have to just go about a few tens of kilometers, prudent master took your phone number to announce the joyful news.

"Person" - data that concerns a person, personality, biological organism.

What is how to collect where to store how to protect?

Dactualcopic map - Is it personal data or not?

It has no identity data.

personal data - any information related to a particular or defined physical person on the basis of such information (subject of personal data), including its surname, name, patronymic, year, month, date and place of birth, address, family, social, property situation , education, profession, income, other information;

The address is registration at the place of residence or the place of stay.

Conditional classification of personal data.

1) by degree of openness:

publicly available personal data - personal data, the access of an unlimited range of people to which is provided with the consent of the subject of personal data or which in accordance with federal law does not apply to confidentiality compliance.

Publicly available personal data is the data to which voluntary consent is given and are placed in open access.

Often some site owners request information to register that you do not want to provide.

Confidential information - information is provided strictly for certain purposes. Sometimes it can be assembled without a facial knowledge.

Information centers are stored in the Ministry of Internal Affairs

2) by accessories

- Personal - belong from birth

- Service - during work, service - cool rank, etc.

3) by the method of granting

- voluntary information provided

- Granted in general procedure in accordance with the law (forcibly)

- collected without the consent of the citizen in accordance with the legislation

4) by character data

- Biometric (Dactyloscopic information)

The basic concepts used when working with personal data.

- processing personal data- actions (operations) with personal data, including the collection, systematization, accumulation, storage, refinement (update, change), use, distribution (including transmission), depersonal, blocking, destruction of personal data;

- distribution of personal data - actions aimed at transferring personal data to a certain circle of persons (transfer of personal data) or to familiarize themselves with the personal data of an unlimited circle of persons, including the publication of personal data in the means mass media, accommodation in information and telecommunication networks or providing access to personal data in any other way;

- Using personal data - actions (operations) with personal data performed by the operator in order to make decisions or committing other actions that generate legal implications regarding the subject of personal data or other persons either otherwise affect the rights and freedoms of the subject of personal data or other persons;

- Blocking personal data - temporary termination of collecting, systematization, accumulation, use, distribution of personal data, including their transfer;

The information posted on the Internet often cannot be blocked.

Most personal data:

- Store on the computer

- posted on the Internet

Control placement hard

- Destruction of personal data - actions, as a result of which it is impossible to restore the content of personal data in information system personal data or as a result of which material carriers are destroyed; - Situations when the archives burned

definition of personal data

- depletion of personal data - actions, as a result of which it is impossible to determine the affiliation of personal data to a specific subject of personal data;

personal data information system - an information system, which is a set of personal data contained in the database, as well as information technologies and technical means to carry out processing such personal data using automation tools or without the use of such funds;

privacy Policy- Mandatory for compliance with the operator or other gained access to a personal data from the requirement to prevent their dissemination without the consent of the subject of personal data or the presence of a different legal basis;

transboundary transfer of personal data - transfer of personal data by the operator through the state border of the Russian Federation to the authority of the authority of the foreign state, the physical or legal entity of the foreign state;

- publicly available personal data - Personal data, the access of an unlimited range of people to which is provided with the consent of the subject of personal data or which in accordance with federal laws does not apply to confidentiality.

Processing personal data.

1) the legality of the goals and methods of processing personal data and conscientiousness;

2) compliance of the purpose of processing personal data to the objectives, predetermined and declared when collecting personal data, as well as the powers of the operator;

3) compliance with the scope and nature of the processed personal data, the methods of processing personal data goals for processing personal data;

4) the accuracy of personal data, their sufficiency for the purpose of processing, inadmissibility of processing personal data, redundant to the objectives declared when collecting personal data;

5) Inadmissibility of combining the purposes of personal data information systems created for incompatible among themselves.

If someone has once filled a dactyloscopic map, then it is in the information center in their databases. We cannot, for example, combine the databases on ordinary citizens and faces who committed a crime.

1) with the consent of the owner of personal data

2) without the consent of the owner of personal data.

This refers to persons occupying a certain position and position: military personnel, corpses

Personal data confidentiality:

When not required:

1) in case of depleting personal data;

2) in relation to publicly available personal data.

- Operator who collects and processing personal data.

- limit access within your own organization

The operator is personal responsibility for distributing personal data.

- establishing access restrictions both indoors and network (bandwidth, card identification system)

For local networks - Login + password

You can restrict biometric information: fingerprint, retina eye.

- about racial affiliation

- About political views

- about religious or philosophical beliefs

- About health

- about intimate life

Their processing is possible only with the consent of the subjects.

1) the availability of written consent of the subject on their processing

2) if the personal data entity made them publicly available

3) if this information refers to the information necessary for the protection of life, health and other vital interests of the face

Such information may be provided in medical and prophylactic purposes - for example, viral infection.

Feature of processing personal data in state or municipal information systems for processing personal data.

- concerns only civil servants and municipal employees.

The state authority has its own status, there are independent systems for processing information about state or municipal employees.

1) installed which information is needed within its competence

2) There are still FZ "On the State Civil Service", that is, regulated not only by law on personal data.

Information that characterize the physiological features of a person and on the basis of which its identity can be established (biometric personal data) can be processed only if there is an agreement in the written form of the subject of personal data, except for the following cases:

1) commitment

Treatment of biometric personal data can be carried out without the consent of the subject of personal data in connection with the implementation of justice, as well as in cases provided for by the legislation of the Russian Federation on security, the legislation of the Russian Federation on operational investigation activities, the legislation of the Russian Federation on public service, the criminal executive legislation of the Russian Federation, legislation of the Russian Federation on the procedure for departure from the Russian Federation and entry into the Russian Federation.

- Collection of information from the suspect is illegal

Processing cross-border information.

It is possible to require in order to protect the citizens of the country where is transmitted, is collected only with the written consent of the subject.

The rights of the subject of personal data.

1) the right to the subject of personal data on access to its personal data

Cannot call the Ministry of Internal Affairs Center (Chief Information Center and Zonal Information Center)

2) the rights of personal data to the processing of their personal data in order to promote goods, works, services on the market, as well as for political agitation

The accuracy of the information will be checked by other persons.

3) decision making on the basis of exclusively automated processing of personal data. A person may not trust automated processing. You can require that traces of your fingers stored not only in the computer, but also on paper.

- Labor of the Russian Federation is a chapter dedicated to personal data.

Federal Law on State Dactylocopic Registration in the Russian Federation of July 25, 1998 N 128-FZ

Publicly available personal data

Personal Information - any information related to a certain or defined on the basis of such information physical lick , including:

His last name, name, patronymic,

Year, month, date and place of birth,

Address, family, social, property situation, education, profession, income,

other Information (see FZ-152, Article 3).

For example: Passport details, financial statements, medical maps, year of birth (for women), biometrics, other identification information of personal character.

IN publicly available Sources of personal data (address books, lists and other information Support) with written consent individuals may be included in his surname, name, patronymic, year and place of birth, address, subscriber number and other Personal data (see FZ-152, Article 8).

Personal data refer to information limited access and must be secure In accordance with the legislation of the Russian Federation. When forming security requirements, personal data is divided into 4 categories.

What is the operator and the subject of personal data?

Personal data operator - This is usually an organization, or rather the state or municipal authority, a legal or individual organizing and (or) processing personal data, as well as determining the goals and maintenance of personal data processing.

Personal data entity - This is an individual.

The operator is responsible for protecting the personal data of the subject in accordance with the current legislation of the Russian Federation.

How to classify personal data information system?

In order to attribute type Information system of personal data (CDN) to a particular class necessary:

II. Determine volume Personal data processed in the information system:

volume 3. - In the information system, the data is simultaneously processed. less than 1000 subjects personal data or personal data of personal data entities within a particular organization;

volume 2. from 1000 to 100,000 subjects personal data or personal data of personal data entities working in the industry of the Russian Federation, in the public authority living within the municipality;

volume 1. - In the information system, personal data is processed at the same time. more than 100,000 subjects personal data or personal data of personal data entities within the constituent entity of the Russian Federation or the Russian Federation as a whole;

III. According to the results of the analysis of the source data typical Caiden is assigned one of the following classes (See Table.):

Class 4 (K4) - information systems for which the violation of the specified security characteristics of personal data processed in them does not lead to negative consequences for personal data entities;

Class 3 (K3) - information systems for which the violation of the specified security characteristics of personal data processed in them can lead to minor negative consequences for personal data entities;

Class 2 (K2) - information systems for which the violation of the specified security characteristics of personal data processed in them may result in negative consequences for personal data entities;

Class 1 (K1) - information systems for which the violation of the specified security characteristics of personal data processed in them may result in significant negative consequences for personal data entities.

Judgment day delayed until January 1, 2011

Information systems of personal data created before the day of entry into force of the Federal Law of the Russian Federation No. 152 "On Personal Data" should be aligned with the requirements of this federal law no later than January 1, 2010 (see FZ-152, Article 25).

This means that personal data operators who failed to fulfill the highly strict requirements of the FZ-152, from January 1, 2010 will carry the relevant civil, administrative, disciplinary, and maybe (God forbid) and the criminal a responsibility .

All information systems that have been commissioned after February-April 2008 (from the date of the methodological details FSTEC of Russia and the FSB of Russia), but not relevant to the requirements of Russian legislation in the field of personal data, may suffer the specified responsibility and earlier, for example, tomorrow morning.

Note. Changes in the Criminal Code of the Russian Federation, substantially tougher responsibility for violations affecting privacy, will also take effect on January 1, 2010.

But as always happens, personal data operators did not move particularly, and few people managed to do everything that is required. On December 16, 2009, the State Duma took in the third reading amendments to articles 19 and 25 of the Law "On Personal Data" (152-ФЗ). The term of bringing information systems of personal data (CDN) in line with this law was postponed by the year - until January 1, 2011. In addition, the norm eliminates the norm, obliging the operator when processing personal data to use encryption (cryptographic) data protection tools.

Mandatory requirements for the protection of personal data information systems

Main mandatory requirements for the organization of information protection system, depending on the class standard CD:

For dot class 4:

The list of measures to protect personal data is determined by the operator (depending on the possible damage)

For dot class 3:

Declaration of conformity or

Receiving a license of FSTEC of Russia for technical protection activities confidential information (for distributed systems Dot k3)

For dot class 2:

Mandatory certification for information security requirements

Obtaining a license of FSTEC Russia for technical protection of confidential information for distributed systems

For dot class 1:

Mandatory certification for information security requirements

Events on the protection of personal data from Pamin must be implemented

Receiving a license of FSTEC of Russia for technical protection of confidential information

Procedure for the protection of the information system of personal data

Sequence of actions when performing the requirements of personal data processing legislation:

1) notification to the authorized body to protect the rights of personal data of personal data on its intention to process personal data using automation tools;

2) the pre-project examination of the information system - collecting source data;

3) classification of personal data processing system;

4) construction of a private model of threats in order to determine their relevance for the information system;

5) the development of a private technical task on the personal data protection system;

6) design of a personal data protection system;

Responsibility for violations of personal data processing

Persons guilty of violating the requirements of the Federal Law 152-FZ "On Personal Data", carry:

- criminal (see Criminal Code of the Russian Federation, Article 137, 140, 155, 183, 272, 273, 274, 292, 293)

Administrative (see the Code of the Russian Federation on Administrative Offenses, Art. 5.27, 5.39, 13.11-13.14, 13.19, 19.4-19.7, 19.20, 20.25, 32.2),

Disciplinary (see Labor Code of the Russian Federation, Article 81; Article 90; Article 195; Article 237; Article 391)

and other responsibility provided for by the legislation of the Russian Federation (see Watch-made acts on working with personal data, which are published in the subjects of the Russian Federation, departments and organizations).

FSTEC - Federal Service for Technical and Export Control.

Pamin - Side electromagnetic radiation and tip

Protection of personal information

In December 2014, the State Duma in the Third Reading adopted a bill on the storage of personal data of citizens treated on the Internet, on servers in Russia. According to a member of the Committee on Inform Polithika Roman Chuychenko, the main objective of the bill is to strengthen the information security of the country and its citizens. Such a measure was adopted in connection with the complication of the international situation. This bill will come into force on September 1, 2015.

The entry into force of the new provision on the protection of personal data involves providing personal data operators:

  • timely detection of unauthorized access to PDNs;
  • understanding the impact on technical meansexercising automated processing PDN;
  • the possibilities of operational response to the fact of unauthorized access and immediate recovery of PDN in cases of their destruction or change;
  • continuous monitoring of the level of security of personal data.

Personal data categories

Handling CDN can also be carried out by the "Scope of Processed Personal Data" parameter, which involves the number of subjects processed in the information system, and can take the following values:

  • simultaneous treatment of more than 100 thousand PD entities (performed both within the subject of the Russian Federation and in the Russian Federation as a whole);
  • the simultaneous treatment of PDs from 1 to 100 thousand subjects (performed in the state of the state, working in the field of economy of the Russian Federation);
  • simultaneous treatment of PDs is less than 1 thousand subjects (performed within a particular organization).

The division into categories allows not only to determine the CDM class, but also to establish a set of security measures and protect personal data on the Internet, when processing in infosystems.

Personal data employee

The right to protect their personal data has every worker (paragraph 9 of Art. 86 of the Labor Code of the Russian Federation).

In accordance with Art. 89 Labor Code of the Russian Federation, each employee can be implemented by the following actions:

  • free free access to its personal data, including the receipt of a copy of any record, in which the Employee PDNs are contained;
  • defining a personal representative to protect its personal data;
  • obtaining full information about PDNs and their processing;
  • setting the requirements for exclusion or correction of personal data containing incorrect information or if they were processed in violation of the requirements of the legislation;
  • appeal in the court of unlawful actions of the employer, as well as its inaction during processing and protection of PDN.

The composition of the personal data of the employee

Based on paragraph 2 of Article 86 of the Labor Code of the Russian Federation, the volume and maintenance of personal data of the employee is determined by the employer in accordance with the Constitution of the Russian Federation, the Labor Code and other federal laws. As a rule, the activities of any organization involves the use of the employer in document flow two main types of documents:

  1. Documents that are provided by an employee at the conclusion of an employment contract (Article 65 of the Labor Code of the Russian Federation). This category includes documents containing the photo image of the employee, name, information about the place and date of birth, citizenship, marital status, place of registration, education, specialty (passport, insurance certificate of state pension insurance, military ID, etc.).
  2. Documents that are formed by the employer independently (primary accounting documentation for labor accounting and payment). This category includes orders or orders for the admission of an employee, termination of the employment contract, the promotion of an employee, a personal card, wage documents.

Protection of personal data, responsibility for violation of legislation

It should be noted that some sanctions for violation of the individual compounds of offenses are applied both on individuals and officials and on legal.

In accordance with Article 150 of the Civil Code of the Russian Federation, privacy, personal and family secrets are applied to the number of inalienable intangible rights under the protection of existing laws.

It should be noted that the rights and obligations of the employee who are directly related to the PDNs of other employees are determined by the terms of the employment contract and the composition of local regulatory acts that establish the employment functions of the employee and the list of its official duties.

Administrative responsibility For violation of the procedure for collecting, storing and distributing personal data entails a warning or penalty in the amount: from 300 to 500 rubles - for individuals; from 500 to 1000 rubles - officials, from 5 to 10 thousand rubles - for legal entities (Article 13.11 of the Administrative Code of the Russian Federation). Administrative responsibility for the dissemination of information protected by law, in the performance of official and professional duties, entails a penalty in the amount: from 500 to 1000 rubles for individuals, from 4 to 5 thousand rubles - for officials (Art. 13.14 of the Codecha of the Russian Federation) .

A violation of privacy, in particular personal data, a person when using his official position provides for a punishment in the form of:

  • fine in the amount of from 100 to 300 thousand rubles, wages or other revenue of the offender for 1-2 years;
  • deprivation of the right to occupy certain positions for a period of 2 to 5 years;
  • arrest for a period of 4 to 6 months.

    publicly available personal data - personal data, access to which is provided with an unlimited circle of persons with the consent of the subject of personal data or which in accordance with federal law does not apply to confidentiality. ... ... Technical translator's reference

    Publicly available personal data - Personal data, the access of an unlimited range of persons to which is provided with the consent of the personal data entity or which in accordance with federal laws does not apply to the confidentiality requirement ... Big Law Dictionary

    Publicly available personal data - according to the Federal Law "On Personal Data" of July 27, 2006 No. 152 of the Federal Law, - personal data, the access of an unlimited range of people to which is provided with the consent of the subject of personal data or to which in accordance with the federal ... ... office work and archival business in Terms and definitions

    Personal data Publicly available - publicly available personal data, the access of an unlimited range of people to which is provided with the consent of the subject of personal data or which in accordance with federal laws does not apply to the compliance requirement ... Official terminology

    Public sources of personal data - according to the Federal Law "On Personal Data" dated July 27, 2006 No. 152 of the Federal Law, - Reference books, targeted books, etc. In publicly available sources of personal data with the written consent of the Personal Data Subject, its last name may be included, name ... Document Production and archival business in terms and definitions

    About - Security for Credit (Security for Credit, Loan Security, Collateral) Providing stocks (Number of days ', Weeks' Stock) Impairment of assets (Impairment of Assets) ... Economics and Mathematical Dictionary

    Website - Main page Website wikipedia.org Website (from English Website ... Wikipedia

\u003e What are publicly available personal data and what types of information about this?

Features

Public personal information is presented in such sources as a passport or other identity card, driver's license, military ID, workbook, education diploma.

Not in all cases there is a need for a written permission to use them, sometimes enough signatures or "check mark" set in the desired column (for example, when filling out applications via the Internet).

General information can be placed in free access sources. They contain information about the subjects, their number includes a variety of reference books with telephone numbers or addresses.

According to the "List of confidential character", those that are subject to dissemination in the media are not confidential.

The processing is engaged in special units or bodies that are collected, systematized, stored, use, and also destroy information. Control over the legality of the use of personal data is carried out by Roskomnadzor, FSB and FSTEC.

FSTEC - federal Service Technical and export control issues licenses to organizations providing services to other persons to create personal data protection systems. The data protection system is created for its needs, the license is not required for it.

An individual is entitled to get information about the operator, as well as find out the specific purpose pursued by the operator during processing.

The subject has the full right to submit an application, the approval of which allows you to clarify, block or destroy personal information if they are outdated, invalid, incomplete or availability is not required when processing.

In addition, an individual is entitled to request access to his personal information from the operator, as well as familiarize himself with the means of processing information. Operators are specialists engaged in processing information about a person.

Personal data processing bodies are all organizations that collect, process, accumulate and store information about employees, clients, suppliers.

In which case are they included in open sources?

The inclusion of information into publicly available sources occurs in various situations, for example:

  • in case of employment and conclusion of the employment contract;
  • in the process of census;
  • establishment of trade relations, etc.

Personal data of the subject are classified by the volume of personal information about man and the degree of importance. Any operations with them are made strictly within the framework of legal acts and are subject to protection.

Operators are required to organize the safety of the work process. They should ensure full protection of personal information of subjects from access to unauthorized persons.

In the process of collecting the operator is obliged to take a written permission for further processing. In writing consent, information on the subject and the operator (name, address), the purpose of processing and the list of necessary information, as well as the description of the operations to be made with them.

    Citizen as owner personal Information Himself, can withdraw a previously signed permit for its processing. If the subject is incapacitated or in the case of his death, consent is requested from legal representatives or heirs. The basis of the operator's action lies the federal law "On personal data."

    Violation of the law is frozen by criminal, civil, administrative or other types of responsibility.

    Any information about the physical person - the subject of personal data can be excluded from publicly available sources on the basis of the requirements of the subject, Roskomnadzor, the decision of the court or other state bodies.

    If you have found an error, please select a text fragment and press Ctrl + Enter.

Article 8. Public Sources of Personal Data

Comment on Article 8

1. The commented article is devoted to the so-called publicly available sources of personal data that are available to an indefinite circle of persons. Such sources include, in particular, reference books (for example, persons living in an apartment building; operator workers, etc.) or targeted books. At the same time, the norms of this article apply only to those publicly available sources that are created at the initiative of the operator, and not within the framework of the fulfillment of the requirements of the legislation on disclosure or publishing certain information (paragraph 11 of Part 1 of Article 6 of the Law on Personal Data). Thus, it does not concern the information contained in the incorporation, as well as in other registers formed in accordance with the legislation of the Russian Federation (Resolution of the Presidium of the Nizhny Novgorod Regional Court of July 6, 2016 in case No. 44G-49/2016; the appellate definition of the Tambov Regional Court from February 15, 2016 in case No. 33-500 / 2016). The mode of use and changes in the information contained in this information is determined by the requirements of the legislation and is based on the principle of openness and reliability of the data stored in state information systems. So, in accordance with Part 9 of Art. 14 of the Law on Information state bodies are obliged to ensure the accuracy and relevance of the information contained in the state information system, access to this information in cases and in the manner provided by law, as well as the protection of this information from unlawful access, the destruction, modification, blocking, copying, providing, distribution, and other illegal actions.
2. The provisions contained in the commented article should be distinguished from the norms of paragraph 10 of Part 1 of Art. 6 and paragraph 2 of Part 2 of Art. 10 of the Law on Personal Data establishing grounds for processing personal data in the absence of the subject's consent. In the first case, we are talking about the conditions of the validity of primary distribution by the operator of personal data and give them the status of publicly available, in the second case - on the processing of interested persons of personal data, which already Are publicly available, including users of such public sources.
3. The format and composition of data included in publicly available sources of personal data are determined by the operator. At the same time, personal data such as surname, name, patronymic, year and place of birth, address, subscriber number, information about the profession, can be included in publicly available sources based on the data operator, and the source of other types of personal data can only be the subject of the subject , To which unequivocally indicates the word "reported".
4. The main condition for the creation and use by the operator by the operator of the publicly available source of personal data is to obtain consent to this from each subject, whose personal data in such a source is included. At the same time, the law does not make any exceptions from these provisions, and therefore the inclusion of the personal data by the operator, which have already been made publicly available with the consent of their subject earlier, the source of publicly available data created by such an operator still requires the consent of the subject. In many respects, this is due to the fact that the creation of databases containing personal data is in itself carrying certain risks for their subjects, and therefore it should be sanctioned. Such consent must meet the requirements established in Art. 9 of the Law on Personal Data.
5. In accordance with Part 2 of the article, the operator of the publicly accessible source of personal data must eliminate the information on the subject on the basis of the statement of such a subject, the court decision or the requirements of the authorized body (for example, prosecutors or Roskomnadzor). The norm under consideration does not set the period during which the operator must delete information, which are personal data, in connection with which it seems that the positions of Part 1 of Art are applicable here. 21 of the Law on Personal Data, by virtue of which the operator must block access to such data from the moment of their entity appeal, i.e. Immediately. As a result of these actions, the data cease to be affordable to third parties and loss the status of publicly available data, including for the purposes of applying the position of paragraph 10 of Part 1 of Art. 6 of the Law on Personal Data on the admissibility of processing such data without the consent of the subject. Operator's refusal to meet the requirements of the subject of personal data on the exclusion of its data from the publicly accessible source in the order of Part 2 of Art. 8 of the Law on Personal Data gives the right to the subject to appeal this refusal or the inaction of the operator in Roskomnadzor or in court (see a comment on Art. 17 of this Law).
6. European legislation contains provisions regulating subscriber reference books (Directories of Subscribers). In accordance with Art. 12 Directives 2002/58 / EC On Private Life Protection In the field of telecommunications, the following requirements are established:
- Personal data entities should be notified free of charge on the planned inclusion of their data in this kind of reference books describing the search mechanism in these reference books;
- personal data entities should be given the possibility of making corrections to information about them contained in such reference books;
- In the case of the use of such reference books for purposes other than the search for ordinary contact information, it is necessary to obtain the consent of the subject of personal data.
National legislation may establish more stringent requirements for operators when creating this kind of reference books.

Did not find an answer to your question? Look at here
How to combine two accounts on Facebook?How to combine two accounts on Facebook?
Download and insert a beautiful framework to Word DocumentDownload and insert a beautiful framework to Word Document
How to fix clock_watchdog_timeout type errorsHow to fix clock_watchdog_timeout type "Blue screen" (0x00000101)