the Internet Windows Android
Expand
the main

In publicly available sources of personal data, the data is included. Personal data are publicly available to them

- Physical person who are granted to them about themselves.

To the general data there is free access in the presence of a written permission of the subject. This may also include such information about the subject, which are not provided for by law.

The subject is an individual; information about which collects, stores, processes and with any purpose uses the operator (legal or individual, municipal or state body).

What types of information are they?

The list of personal information of the publicly available nature includes:

Features

Public personal information is presented in such sources as a passport or other identity card, driver's license, military ID, workbook, education diploma.

Not in all cases there is a need for a written permission to use them, sometimes enough signatures or "check mark" set in the desired column (for example, when filling out applications via the Internet).

General information can be placed in sources with free access.. They contain information about the subjects, their number includes a variety of reference books with telephone numbers or addresses.

FSTEC - federal Service Technical and export control issues licenses to organizations providing services to other persons to create personal data protection systems. The data protection system is created for its needs, the license is not required.

An individual is entitled to get information about the operator, as well as find out the specific purpose pursued by the operator during processing.

The subject has the full right to submit an application, the approval of which allows you to clarify, block or destroy personal information if they are outdated, invalid, incomplete or availability is not required when processing.

In addition, an individual is entitled to request access to his personal information from the operator, as well as familiarize himself with the means of processing information. Operators are specialists engaged in processing information about a person..

Personal data processing bodies are all organizations that collect, process, accumulate and store information about employees, clients, suppliers.

For more information about how the personal data processing is needed, read.

In which case are they included in open sources?

The inclusion of information into publicly available sources occurs in various situations, for example:

  • in case of employment and conclusion of the employment contract;
  • in the process of census;
  • establishment of trade relations, etc.

Personal data of the subject are classified by the volume of personal information about man and the degree of importance. Any operations with them are made strictly within the framework of legal acts and are subject to protection.

Operators are required to organize the security of the work process. They must ensure complete personal information of subjects from access to unauthorized persons.

In the process of collecting the operator is obliged to take a written permission for further processing. The processing includes information about the subject and the operator (FULL NAME, address), the purpose of the processing and list of the necessary information, as well as the description of the operations to be made with them.

The displaced data include:

  • Name, name and patronymic;
  • Nickname / login subject on the Internet;
  • Email address (without binding to FULL NAME);
  • Position, place of work (without personal data).

The public data includes information about the subject that can be obtained in open sources Information, for example, in the telephone directory or address book. In such public bases, the data is made with the written consent of the subject. : Features The peculiarity of publicly available personal data is that they can be placed in open sources of information. That is, if the contact details of officials are indicated in the contact details directory, such as studying and hiring personnel, then such data is considered publicly available.

Concept and types of personal data

TK RF). Processing personal data implies various operations provided for by law Russian Federation. Types of processing of PDNs include collecting, systematization, accumulation, storage, update, use, depletion, destruction, which are manufactured according to the procedures established by regulatory acts.


Performing operations with PDNs can state, federal, municipal bodies and organizations that have such a right to status. All PDNs are divided into such sections:
  • Publicly available personal data;
  • Special personal data;
  • Biometric personal data.

When forming information systems Personal data (dot) It is recommended to be guided by the order of the FSTEC, FSB and the Ministry information technologies and links of the Russian Federation No. 55/86/20 from 13.
02.

Public personal data

Inappropriate use of such information is punishable by law. The law on the protection of personal data takes care not only about the physical, but also on legal entities.

Attention

Little who will like if information about the financial state of affairs or data of employees of the company will be available to each wishes. This would significantly simplify the life of fraudsters, which are not like ordinary citizens, nor law enforcement officers.


What data are considered personal under the law? A clear list of information that belongs to personal, is not given in law. Content:
  • Public personal data
  • Article 8.

Publicly available personal data

For example, the law does not define exactly whether the phone number is personal data. Roskomnadzor in response to the appeal of citizens explained that only by number it is impossible to accurately identify a person.

By itself, he is not personnel, and in a bundle with the name of the owner and the city of residence refers to PD. Therefore, the inconsonted distribution of SMS messages is not considered a violation of FZ No. 152.

The general PD is contained in the passport, a military ticket, a diploma, personal card of an employee, an employment book, etc. Written permission is not necessary to obtain this data, quite indirect, for example, a tick opposite the relevant item online questionnaire.
The relative simplicity of access often brings problems to the subjects of PD - ordinary citizens: from obsessive advertising until blackmail and fakes of credit applications.

What personal data is considered publicly available

For example, the following:

  • need to store backups all database;
  • a specialist is needed, which will be engaged in administering the information system;
  • the costs of specially designed equipment and software will be required;
  • an employee who processes personal data should be extremely visible.

What methods are used to effectively protect personalized employee information?

  • Make premises in which personal data are processed fully closed to access other employees.
  • For any information, employees must receive a special permission.
  • Data storage must be clearly organized.

Considering the presence and disadvantages, and the benefits of each of the methods, as a rule, employers combine them.

Article 8. Public Sources of Personal Data

Commercial secret salary will not be due to the fact that it refers to the wage system. But this does not exclude it from the list of PD, for the distribution of which the employee can be dismissed according to the Labor Code.

And if the employee starts to challenge this decision in court, then the employer is obliged to prove that disclosing information refers to the secret, whose information employee undertakes to not report anyone. To content types of personal data types can be classified by:

  • Contents laid in them:
  • The discharge, which includes a list specified in Art 10: Race, belonging to the nation, religion, health, personal life, political beliefs. At the same time, according to the FZ-152, there are limitations here, namely, access can be carried out only with the written permission of the owner.

Wages are personal data or not?

Important

In order to information support Public sources of personal data can be created (including reference books, address books). In publicly available sources of personal data with the written consent of the subject of personal data, its surname, name, patronymic, year and place of birth, address, subscriber number, profession information and other personal data reported by the subject of personal data can be included.


(as amended by Federal Law of July 25, 2011 N 261-FZ) (see Text in the previous edition) 2. Information about the personal data entity must at any time are excluded from publicly available sources of personal data at the request of a personal data entity or by court decision or other authorized state bodies. (as amended by Federal Law of July 25, 2011 N 261-FZ) (see
Content
  • Biometric. Characterize physiology.
  • Not biometric. Data that do not belong to biometric.

Types of personal data on what types are personal data divided? What applies to them? It is important to understand that all information that is kept in the enterprise with respect to a certain employee can be considered from two different points vision.

  • Data O. married and the family of an employee (individual members), namely: the presence of dependents, the presence of children, their age and quantity, state of health.
  • Information about a specific employee, namely: FULL NAME (passport), profession, health condition, as well as any particular circumstances.

The head of the enterprise is obliged to form a regulatory act of a local value, which considers the procedure that determines the storage of personal data.

Personal data are publicly available to them

Responsibility for the disclosure is important to consider that 152 FZ "On Protection of Personal Data" provides for only the administrative responsibility of the enterprise for the disclosure of personal data of the employee. So, if an organization is not able to guarantee the absolute protection of their personal information to employees, it is only a penalty. Moreover, the amount of cash punishment for incorrect storage of personal data is absolutely funny. In general, they fluctuate from five to ten thousand rubles. Of course, it is so if we are talking only about single payments. As a rule, in enterprises where there is such a problem, multiple disorders, and therefore, the amounts of the fine increase significantly. However, cash costs are far from the most important consequence that the use of personal data is incorrect. It hits the company's reputation.
For example, the following:

  • availability of additional resources for storage, such as special premises, equipment, safes, and so on;
  • labor complexity;
  • special skills require paper documentation.

Sometimes personnel departments prefer to store information about one employee separately (in various thematic folders). So, all employment contracts, questionnaires and other documents for all employees immediately are stored separately. They are numbered for more convenient search. This method is less labor-intensified than the one that was described above, and does not require any special skills from the personnel officer. Nevertheless, it is not devoid of flaws.
Notifying the processing of personal data of a very frequent error of operators to notify the processing of PD when it was possible to do this. And if you still decided to notify Roskomnadzor, then here are some recommendations:

  • Read very carefully from Part 2 of Article 22 of the FZ of the Russian Federation of June 27, 2006.

    N 152-FZ "On Personal Data".

  • Look at the data that is processed with you. Some cases will require you adjustments with PD carriers.

One of the reasons why it is possible not to notify the processing of PD is indicated in paragraph 2 of Part 2 of Article 22 of the Federal Law and it looks like this: take an example to establish business relationships with the physical person to fulfill the service.

To make it clear that everything is ready and you did not have to just go about a few tens of kilometers, prudent master took your phone number to announce the joyful news.

[Personal data law] [Chapter 2]

1. For information security purposes, publicly available sources of personal data can be created (including reference books, address books). In publicly available sources of personal data with the written consent of the subject of personal data, its surname, name, patronymic, year and place of birth, address, subscriber number, profession information and other personal data reported by the subject of personal data can be included.

2. Information on the subject of personal data should be excluded at any time from publicly available sources of personal data at the request of the subject of personal data or by decision of the court or other authorized state bodies.

Counseling lawyer under Art. 8 of the Law on Personal Data

    Roman Mavrov

    Question to practicing lawyers in civil proceedings. A certain, very common telephone directory, printed false information. Tell me to give mine mobile number (direct number, with urban code), as an industrial enterprise number. Now I constantly call and are trying to send faxes around the clock. Information in new editions corrected, but old directories and CDs with information programs continue to be used. Immediately I say, I have an unlimited tariff and not to show financial pritenzy, only moral ... Is there any opportunity to sue the company-publishing house?

    • Lawyer's answer:

      The ability to have .Fell law of July 27, 2006 No. 152-FZ "On Personal Data" Article 8. 1. For information support purposes, publicly available sources of personal data may be created (including reference books, address books). In publicly available sources of personal data with the written consent of the personal data entity, its surname, name, patronymic, year and place of birth, address, subscriber number, profession information and other personal data provided by the personal data entity.2 may be included. Information about the subject of personal data may at any time are excluded from publicly available sources of personal data at the request of the subject of personal data or by the court decision or other authorized state bodies. Stories 9. The consent of the subject of personal data on the processing of its personal data1. The personal data entity decides on the provision of its personal data and agrees to process their will and in its interest, with the exception of cases provided for by paragraph 2 of this article. Consent to the processing of personal data can be withdrawn by the subject of personal data.2. Present Federal law And other federal laws provide cases of compulsory provision by the subject of personal data of their personal data in order to protect the foundations of the constitutional system, morality, health, the rights and legitimate interests of others, ensuring the defense of the country's and security of the state. The obligation to provide proof of obtaining the consent of the subject of personal data to process its personal data, and in the event of the processing of publicly available personal data, the obligation to prove the fact that the personal data being processed are publicly available to the operator.4. In cases provided for by this Federal Law, personal data processing is carried out only with the consent in writing the subject of personal data. The written agreement of the subject of personal data on the processing of its personal data should include: 1) the surname, name, patronymic, address of the subject of personal data, the number of the main document certifying his identity, information about the date of issuance of the specified document and issued it by the authority; 2) (surname, name, patronymic) and the address of the operator who receives the consent of the subject of personal data; 3) The purpose of the processing of personal data; 4) a list of personal data, the processing of which is the consent of the personal data entity; 5) a list of actions with personal data, to which which Agreement is given, the general description of the operator of the methods of processing personal data; 6) the period during which consent acts, as well as the procedure for its response. For processing personal data contained in accordance with the written subject to the processing of its personal data, additional consent is required. In case of incapacity of the subject of personal data, consent to the processing of its personal data gives a legitimate representative of the personal data entity in writing. In the event of the death of the subject of personal data, the consent to the processing of its personal data is given in writing the heirs of the subject of personal data in writing, if such consent was not given to the subject of personal data in his life. The arts are 24. Persons guilty of violating the requirements of this Federal Law are civil, Criminal, administrative, disciplinary and otherwise provided for by the legislation of the Russian Federation responsibility.

    Inna Antonova

    whether Responsibility and what, person who publishes passport data on the Internet in any community, such as LJ RU_AVTO,

    • Lawyer's answer:

      passport details are personal data of the person and are subject to protection "On Personal Data" Article 7. 1. Operators and third parties receiving access to personal data should ensure the confidentiality of such data, except in cases provided for by paragraph 2 of this Article 2. The confidentiality of personal data is not required: 1) in case of depleting personal data; 2) in relation to publicly available personal data. APAP: Article 13.11. Violation of the procedure for collecting, storing, using or disseminating information about citizens (personal data); a violation of the procedure for collecting, storing, using or disseminating information about citizens (personal data) is a warning or imposition of an administrative fine on citizens in the amount of three to five minimum wages; on officials - from five to ten minimum wages; On legal entities - from fifty to one hundred minimum wages.

    Sergey Raprikov

    How can I protect myself legally?. I have a big problem. I found a questionnaire on ICQ.com, a mirror-matching questionnaire. My data is completely copied in it, my photo is used. From my name is sent out information that disclosures my personal data (mobile phone, address) against my will on web pages of other people. What should I do and how can I protect myself legally? How can you find out who specifically created the page and can I attract him to answer through the court? Thank you in advance for any consultation.

    • Contact the site administration where the "problem" questionnaire is signed with the specified problem and indicate that you have already created a questionnaire and that your data is used there.

    Vladimir Khomishin

    Online Base traffic police: What are the rules of law violated?. http://www.nomer.org/mosgibddd if there is any norms of law on the placement of the base on this site and if violated, what exactly?

    • Lawyer's answer:

      In the database, I found out the date of birth, the house. address, telephone, registration dates and their kind, brand, year of production and the state number of the car ... As a result of the above-mentioned law on the permitted law, this base is just a personal data, the processing of which is admissible or with consent, or on the basis of the law ( Other reasons I do not consider), let's say there is a law that allows you to process this data, however, in any case, confidentiality should be observed, i.e. the publication is prohibited, except: impersonal depungs and publicly available, which, in turn, can be only With a written consent, which still should not be withdrawn (articles 7.8.9,0,0). In this case, the operator (suppose that on the legitimate basis of the processing crumpled) pumped them and allowed leakage (read 1 Art. 17), it means: Article 17. The right to appeal against actions or inaction operator 2. The subject of personal data has the right to protect their rights and legitimate interests, including for damages and (or) Compensation of moral damage in court (not so much laws directly provide for this). Dealer: Article 24. Responsibility for violation of the requirements of this Federal Law, those responsible for violating the requirements of this Federal Law are civil, criminal, administrative, disciplinary and otherwise provided The legislation of the Russian Federation is responsible. Measure attention to the sequence !! ! I said about the civilian, the criminal is kind of like 137 of the Criminal Code (I can make a mistake), the administrative is art. 13.11 Administrative Code - a violation of the procedure for collecting, storing, using or disseminating information about citizens (personal data) - the warning or imposition of an administrative fine on citizens in the amount of three hundred to five hundred rubles; on officials - from five hundred to one thousand rubles; On legal entities - from five thousand to ten thousand rubles. (nonsense in general) Disciplinary - not at all interesting. All! h S. My word "other" died))) moral responsibility What are they going to envisage in law?

    Inna Romanova

    Help organize a charitable foundation for children!. I really want to know the step-by-step procedure and pitfalls when organizing a charitable foundation for orphans

    • Lawyer's answer:

  • Grigory Pastkin

    What the new Base Does physicians? Sent a piece of paper on making (no consent to the operation)

    • Most likely it is an introduction to the database of your PDNs (may in particular biometric data), it was the inner form of having to settle the issue with the storage and use of your PDNs.

    • Zinaida Efimova

    personal data processing notification must fill in all legal entities? for what? and what are the consequences?. And if the company has four licenses for different types Activity, then you need to submit four notifications or how?

    • Lawyer's answer:

  • Yuri Kasumov

    what is "publicly available personal data"?

    • Lawyer's answer:

      See the law itself: dated July 27, 2006 N 152-FZ (ed. From 07.25.2011) "On Personal Data" Article 3. The main concepts used in this Federal Law for the purposes of this Federal Law are used by the following basic concepts: 1) Personal Data - any information related to directly or indirectly defined or determined to the physical person (subject of personal data); ... Article 6. Conditions for processing personal data 1. Processing of personal data should be carried out in compliance with the principles and regulations provided for by this Federal Law. The processing of personal data is allowed in the following cases: ... 10) The processing of personal data is carried out, the access of an unlimited circle of persons to which is provided to the subject of personal data or at its request (hereinafter - personal data made by the publicly available subject of personal data); ... Article 8. 1. For information security purposes, publicly available sources of personal data can be created (including reference books, address books). In publicly available sources of personal data with the written consent of the subject of personal data, its surname, name, patronymic, year and place of birth, address, subscriber number, profession information and other personal data reported by the subject of personal data can be included. (as amended by Federal Law of July 25, 2011 No. 261-FZ) ... Article 22. Notice of processing of personal data ... 2. The operator has the right to carry out without notifying the authorized body to protect the rights of personal data to the processing of personal data: .. . 4) made by the subject of personal data are publicly available; (p. 4 as amended by Federal Law of July 25, 2011 N 261-FZ) 5) including only names, the names and patrony of personal data entities; ... And that's all I found. If here on the network I declare that I am the 6th dozen, then this information done by me is publicly available, because anyone can look here. But it is impossible to call it well, because everyone does not have to know. And the fact that Alexander Sergeevich Pushkin is the author of the "Eugene Onegin", for Russian-speaking and publicly available, and well known, and is the personal data of a completely defined person. According to the Law "On Information, Information Technologies and On Information Protection" of July 27, 2006, N 149-FZ (personal data - a private information case!) Article 7. Public information 1. The publicly available information includes well-known information and other information, access to which is not limited. 2. Public information can be used by any persons at their discretion subject to the restrictions established by federal laws regarding the dissemination of such information. 3. The owner of the information that has become publicly available by its decision, has the right to demand from individuals distributing such information, indicate itself as a source of such information. Article 8. The right to access to information ... 4. It cannot be limited to: ... 3) information on the activities of state bodies and local governments, as well as on the use of budget funds (except for the information constituting a state or service mystery); !!! And in this paragraph refers to the names of officials of the state of the organs and bodies of local self-government, i.e., all officials. I think so.

    • Diana Putin

    Question on labor legislation. Uv. Comrademanship Lessushcyalists (without sarcasm) Please clarify the next question. Today, at work, this incident occurred: before the lunch break came to the head (at the immediate supervisor, and I never had such excesses) I never arose) and I said that today I need to go for lunch (I rarely go, in a break I prefer to work) Next Here is such a dialogue with the participation of both persons (I, the head and the logistics, which is always climbing out of his work.) R: For lunch? I: yes, and that R., l .: Why don't you wear with you? Ya.: Why, why do I go to the house for 5 minutes walk L.: Well, and what, we (to whom it is not clear to us), too, we carry with you (what am I up to you, at least do not go to work Size) L.: We have a warehouse forbidden for lunch home go to r: Yes, I really: what does it mean forbid me in TR. The contract is written for lunch from 12-30 to 13-30, this is my personal time and I decide how to manage it, and by law .... In general, the essence of the question is: what nonsense, the ban go for a lunch break. We are not some kind of plant for the production of nuclear warheads and not even a row shop at the jewelry factory, but an ordinary base for the sale of building materials. Please explain if possible with Articles of the Labor Code of the Russian Federation in advancely grateful!

    • Lawyer's answer:

      Actions are illegal, regulates breaks for recreation and nutrition. Part 1 For a working day (shift), an employee must be given a break for recreation and nutrition to a duration of no more than two hours and at least 30 minutes, which is not included during working hours. Part 2 The time for the provision of a break and its specific duration is established by the rules of the internal employment regulations or by agreement between the employee and the employer. Only part 3 determines that in works, where, according to the terms of production (work), the provision of a break for recreation and nutrition is impossible, the employer is obliged to provide an employee with the possibility of resting and eating during working hours. The list of such works, as well as places for recreation and meals are set by the rules of the internal labor regulation. Conditions of production This is for example conveyor or blast furnace and other continuous production

    • http://minfin.com.ua/blogs/igorzabuta/19619/

    • Konstantin Savostin

    consent to the collection and processing of personal data at school.Ukraina. I do not want to sign. How to do and what to motivate your refusal. I feel that will crush-on what laws will refer. Help

    • Lawyer's answer:

      The Law of Ukraine "On Protection of Personal Data" () does not oblige you to agree to collect and process your data.
      P. p. 5, 6 tbsp. 6 of the law obligate the owner of the Personal Data Base to process data in volumes and for purposes defined in the Agreement with you and only with your consent.
      Also, according to paragraph 2 of paragraph 2 of Art. 8 of the law, you have the right to require information on data access conditions, as well as information about third parties with access to the database.
      In addition, according to paragraph. 1 of paragraph 1 of Art. 11 of the Law, with its agreement you can make a requirement to limit the right to process your data. For example, according to paragraph 1 of Art. 16 of the law, you have the right to determine the order of access of third parties to your data. A, according to paragraph 1 of Art. 21 of the law, the database owner is obliged to notify you about the transfer of your information to third parties if the terms of the agreement require.
      Remember, according to Art. Art. 6, 627 of the Civil Code of Ukraine ([link is blocked by the decision of the project]), contractual relations in Ukraine are free.

    Natalia Belov

    personnelians of Ukraine: Do I need to take a job application for the use of personal values \u200b\u200bwhen taking?

    • Lawyer's answer:

      Of course, according to paragraph 5, 6 of Art. 6 of the Law of Ukraine "On Protection of Personal Data" of 01.06.2010 No. 2297-VI ([link is blocked by the Decision of the Project Administration]).
      Moreover, according to paragraph 2 of paragraph 2 of Art. 8 of the law, the employee has the right to require information on data access conditions, as well as information on third parties with access to the database.

    Arthur Efyrov

    Does the employer have the right to learn about your administrative violations in the police. Preferably write what article

    • Lawyer's answer:

      No, there is a specific question: "Does the employer have the right to learn in the police ...", and not where you can learn. At the same time, an enforcement proceedings or debt would not necessarily be erected. Specific answer: Federal Law "On Police" dated February 7, 2011 N 3-FZ: Article 17. Formation and maintenance of data banks on citizens 1. The police have the right to process data on citizens necessary to fulfill obligations assigned to it, followed Making the information received in banks on citizens (hereinafter - data banks). Introduction to data banks are subject to information: .... 8) on persons who committed an administrative offense; .... here: 7. Processing personal data is carried out in accordance with the requirements established by the legislation of the Russian Federation in the field of personal data. That is, we look at the Federal Law of July 27, 2006 N 152-FZ "On Personal Data" in Article 3 states that 1) Personal data - any information related to directly or indirectly defined or determined to the physical person (Personal Subject data); ... 3) Processing personal data - any action (operation) or a set of actions (operations) committed using automation tools or without using personal data, including collection, recording, systematization, accumulation, storage, refinement (update, change), extraction, use, transmission (distribution, provision, access), dewincing, blocking, deletion, destruction of personal data; Article 6 of the same law contains conditions for processing personal data, which indicate that personal data processing is carried out with the consent of the subject of personal data on the processing of its personal data. The remaining conditions do not seem to suit. Hence the conclusion: 1. The question is defined incorrectly. Employer (JUR. Person, Phys. Person) No law is prohibited from handling written statements in the state. Authorities and other bodies, JUR. Persons, Phys. Persons. Another question is whether the police have the right to exit such information? Answer: If you have given an employer consent to the processing of your personal data, then it is formally entitled to get (or demand-as you want) from the police such information about you. Otherwise, it does not. In the absence of such a consent, the Ministry of Internal Affairs should not issue such information by virtue of the above Art. 17 "About the police". This condition is applicable if you are in labor relations with the employer, and not just set to work if, when issuing the issue, you did not confuse these concepts.

    • Article 7. Confidentiality of personal data 1. Operators and third parties that receive access to personal data should ensure the confidentiality of the pros, except for the cases provided for by part 2 of this ...

    • Margarita Sergeeva

    If my address along with the name on the network, what can I do? To court? So a document of debt. In front of the HFU xs in which sham of the year. And how to remove it from there I do not know. My personal data on the network! Tin! If the court will be removed into court?

    • Lawyer's answer:

      It is better to write a complaint to Roskomnadzor. Federal Law of July 27, 2006 N 152-FZ "On Personal Data" Article 7. Privacy of personal data Operators and other persons who have gained access to personal data are obliged to not disclose to third parties and not distribute personal data without the consent of the personal data entity, Unless otherwise provided by federal law. Article 8. 1. For information security purposes, publicly available sources of personal data can be created (including reference books, address books). In publicly available sources of personal data with the written consent of the subject of personal data, its surname, name, patronymic, year and place of birth, address, subscriber number, profession information and other personal data reported by the subject of personal data can be included. 2. Information on the subject of personal data should be excluded at any time from publicly available sources of personal data at the request of the subject of personal data or by decision of the court or other authorized state bodies. Article 21. Operator's duties to eliminate violations of legislation made in the processing of personal data, to clarify, block and destroy personal data 1. In case of detection of unlawful processing of personal data when contacting the subject of personal data or its representative or at the request of the subject of personal data or its representative or an authorized body for protecting the rights of personal data of personal data The operator is obliged to block the unlawful processed personal data relating to this subject of personal data, or to ensure that they are blocked (if the processing of personal data is carried out by another person acting on the instructions of the operator) from the moment of such an appeal or receipt of the specified Request for the period of verification. If inaccurate personal data is detected when contacting the subject of personal data or its representative or on their request or at the request of the authorized body to protect the rights of personal data, the operator is obliged to block personal data relating to this subject of personal data, or to ensure their blocking (if processing Personal data is carried out by another person acting on the instructions of the operator) from the moment of such an appeal or receipt of the specified request for the period of verification, if blocking personal data does not violate the rights and legitimate interests of the subject of personal data or third parties. Article 17.

Roskomnadzor revealed violations in terms of compliance with the processing of personal data with the requirements of legislation on the results of the planned visiting check of one of the credit bureaus. These results of the Bureau tried to challenge in the Arbitration Court of the city of Moscow (the decision of the Arbitration Court of the city of Moscow dated May 5, 2017 in case No. A40-5250 / 17-144-51).

The essence of violations identified by Roskomnadzor was as follows:

  • the financial organization did not provide notice to the authorized body on the use of Double Data Social Link and Double Data Social Attributes services, which were transferred to the financial organization of individuals or potential customers from open sources of information (, following - Law No. 152-FZ);
  • there was no consent to the processing of personal data contained in open sources - in social networks And on Internet portals ().

The Arbitration Court of the city of Moscow determined that the processing of personal data is allowed in cases where personal data is available to an indefinite circle of persons, the consent of the data owner and the information is provided directly to the subject itself ().

The court stressed that without the written consent of the subject of personal data, it is impossible to approve the provision of the consent of the specified person. In his opinion, if the owner made personal data with publicly available to all, they can only be contained in publicly available sources (). According to the court, social networks are not such sources of personal data, respectively, information about the face placed in them cannot be attributed to the publicly available.

The decision of the arbitration states that the names, name, patronymic, year and place of birth, the address, subscription number, the year and place of birth may be included in publicly available sources of personal data, and other personal data of their owner with his written consent and reported by them. The court came to the conclusion that the owners of personal data did not make information publicly available, which were processed by the Bureau of credit stories in social networks (,). In this connection, the Court recognized the order of Roskomnadzor legitimate and refused to financial institutions in meeting the claims.

Is it possible to bring to justice the company for using an image of an individual without his consent if it announced the photos of employees in social networks? The answer to this and other practical questions - in "Base of knowledge of legal consulting service" In the Internet version of the guarantor system. Get full access For 3 days for free!

The court of appeal agreed with the findings of the lower court, stressing that the placement of personal data on social networks does not make them automatically publicly available, therefore, the consent of the subject to information processing (Resolution of the Ninth Arbitration Court of Appeal dated July 27, 2017 in case No. A40-5250 / 17). The court of cassation and the Supreme Court of the Russian Federation stood on the side of Roskomnadzor and did not find grounds for the abolition of the contested judicial acts (Resolution of the Arbitration Court of the Moscow District of November 9, 2017 in case No. A40-5250 / 2017, the definition of the Arbitration Court of the Russian Federation of January 29, 2018 Case No. 305-kg17-21291).

Thus, the courts decided that personal data are publicly available when performing two conditions: they are provided by the owner and are available to an indefinite circle of persons. In their opinion, due to the lack of consent of the owner of personal data on posting information about him in social networks, they cannot be [social networks] to attribute to publicly available sources. At the same time, the operator is entitled to continue processing personal data without the consent of the subject of personal data, in the event of its revocation, only if there are appropriate grounds, for example, to counter terrorism or corruption ().

Leading Lawyer of the European Legal Service Elena Derjieva noted that under the conditions user Agreement The social network "VKontakte" The owner of personal data gives consent only for access to the information that he places on his page, but not for third-party processing.

By all day, individuals provide personal information in various instances. Operators of personal data are responsible for processing information. These are banks, employers, medical organizations, Internet sites and other structures. In accordance with the law, operators are required to protect personal information. For creating sources where publicly available personal data (PD) are contained.

What is public PD?

Unavoidable information about the person who he or she independently provides in the instance. To open free access to information, the person's written permission is required - the subject of personal data. The subject is an individual whose PD collects, stores and processes the operator. The operator is a legal or natural person, a municipal or state authority.

The public PD includes information about the subject on which it can be identified:

  • date and place of birth;
  • home address;
  • phone number;
  • profession;
  • individual tax number;
  • place of work or study and other information.

The composition of public data may include any information that is not confidential in terms of the law. PD subject can be classified by volume and degree of importance of personal information.

To publicly available data also applies personal informationThis is provided:

  • with employment, concluding a contract or employment contract;
  • during the census of the population;
  • when making contractual relationships during trade operations and other similar situations.

Personal data of the subject, which apply through the media, do not relate to confidential, as they are publicly available in accordance with the "List of Confidential Information".

The written consent of the entity for receipt, transmission, processing and other actions with PD is not always required. In some cases, for example, with participation in the questionnaire or subscription to the newsletter, it is enough to put a tick in the graph that allows the use of PD.

Total type data allows placing in sources that are publicly available. This means that sources looks through and uses a huge number of interested parties. An example of such a source - telephone directories.

Processing public data

Departments and units are engaged in the processing of publicly available data, the responsibilities of which include collecting, systematization, storage, change, use and destruction of PD. Individuals have the right to request information about the data statement and find out which goal is the operator while processing PD.

Control of compliance with laws during processing is entrusted to Roskomnadzor. FSB and FSTECs have certain audit and control authority. Operators create personal data protection systems for their own needs, therefore, in connection with this, licensing such activities.

PD is treated with organizations that need to collect, accumulate, process and store information about employees, suppliers and customers. In certain cases, such data is included in the open.

The rights of subjects of publicly available data

PD entities can apply as required to block, destroy, clarify or change public data if the information has lost the relevance, are incomplete or not required for processing purposes. Subjects are also right to request access to their PD and find out which means uses the operator to process them.

Information should be used in accordance with the requirements of the legislation and be protected regardless of whether it is confidential or publicly available. The duties of operators enters full protection PD Subject and limit access to public persons.

The operator begins to handle personal data only after receiving the written permission of the processing entity. Consent includes information about the physical face and operator data: company name, surname, name and patronymic of the operator, position. Also in consent, it is necessary to specify the purpose of processing and a list of data with the description of operations that will be performed with information. The individual has the right to withdraw its PD and cancel your consent to processing.

In case of incapacity or death of the subject, consent to the processing and the use of PD is requested in heirs or legal representatives. At the same time, it is necessary to be guided by the Federal Law on Personal Data.

In case of violation of the requirements of legislation, the perpetrators are administrative, criminal and other types of responsibility. It does not matter whether PD is confidential or publicly available, in accordance with Article 8 of the FZ-152 on personal data, publicly available PDs can be placed in publicly available sources only with the consent of the data entity. Personal data should be excluded from sources, if this requires a subject or authorized bodies: Roskomnadzor, court or other state structures.

Did not find an answer to your question? Look at here
Extension to work with files in the web clientExtension to work with files in the web client
Error correctionFixing the error "Server refused access via POP3" when connecting Gmail mail!
1 does not start on windows 101 does not start on windows 10