Research work on computer science "computer security". Problems of legal and organizational protection of personal data (monograph) Scientific research work on the protection of personal data

Send your good work in the knowledge base is simple. Use the form below

Students, graduate students, young scientists who use the knowledge base in their studies and work will be very grateful to you.

Posted on http://allbest.ru

National Research Institute of Continuing Professional Education

Test

Protection personal data workers

Discipline: Legislation on the protection of personal data

Completed by: listener

Avakyan Raisa Yurievna

Teacher:

Lavrentieva Elena Yurievna

Moscow - 2017

INTRODUCTION

2.3 Ensuring the protection of personal data stored by the employer

2.4 Responsibility for disclosure of employee personal data

CHAPTER 3. PROBLEMS OF LEGAL REGULATION OF THE PROTECTION OF PERSONAL DATA OF EMPLOYEES IN LABOR LAW AND WAYS TO SOLUTION THEM

INTRODUCTION

In modern society, almost all people, perhaps with rare exceptions, work in a variety of forms. When applying for a job, almost every citizen, at the request of the employer, provides numerous documents and fills out questionnaires, which contain sections related not only to professional activities, but also affecting aspects of the person’s private life.

The employer, already at the first correspondence acquaintance with a potential employee, intends to obtain maximum information about him, however, the lack of a clear criterion that allows him to distinguish between personal information that affects aspects of a person’s private life and information that characterizes the person directly as an employee, i.e. from the point of view of his business and professional qualities, level of education or qualifications, is a “stumbling block” that makes it difficult for the employer to determine the degree of permissible interference and the limits of intrusion into the employee’s private life.

This circumstance gives rise to situations in which the lack of a clear understanding of what information needs to be recognized as an object of protection or, in general, as personal data of an employee, leads to the impossibility of implementing the rules defining the procedure and conditions for the collection, storage, use and dissemination of relevant information in the labor sphere.

For a long period of time, starting in 1993, when the Constitution was adopted Russian Federation, and until the Labor Code of the Russian Federation came into force in 2002, in Russian legal science and, accordingly, in legislative norms, personal data was traditionally considered as a special institution for protecting the right to privacy, and all individuals (citizens) were considered carriers of personal data, located on the territory of Russia, however, the legal formalization of Chapter 14 of the Labor Code “Protection of the personal data of an employee,” as well as the recognition of the legal independence of the category “personal data of an employee” itself, allowed the legislator to declare not only the emergence of a qualitative new category in labor legislation, but also to fundamentally define a new plane for research. The adoption by the State Duma of the Russian Federation in 2006 of two new Federal laws “On Information, Informatization and Information Protection” and “On Personal Data” became a kind of evidence of the need to regulate the sphere of circulation of personal information, which is practically uncontrolled by the state. modern conditions development of society. All of the above allows us to assert that the research conducted is relevant.

To achieve this goal, it is necessary to solve the following tasks:

Study the regulatory framework for the protection of personal data of employees;

Consider the legal nature of employees’ personal data;

Research the legal regulation of the processing of personal data of employees;

Study the legal basis for the storage, use and transfer of personal data of employees;

Analyze the protection of personal data stored by the employer;

Investigate responsibility for the disclosure of employee personal data;

Conduct an analysis of law enforcement practice in the field of protection of personal data of employees;

Determine ways to improve legislation on the protection of personal data of employees.

The object of the thesis research is the totality of social relations that develop in the field of personal data protection within the framework of official and labor relations.

The subject of the study is the norms of labor, administrative and information law, as well as the doctrinal provisions of the relevant branch legal sciences, which together form the institution of personal data protection in official and labor relations.

CHAPTER 1. THEORETICAL ASPECTS OF PROTECTION OF PERSONAL DATA OF EMPLOYEES IN LABOR LAW

1.1 Regulatory and legal support for the protection of personal data of employees

International acts, the Constitution of the Russian Federation, and other federal laws provide for the protection of information about the personality and personal life of citizens from unreasonable familiarization with them or the dissemination of this information without the knowledge (consent) of the person to whom this information relates.

Among the international acts that protect human rights and freedoms, the privacy of his private and family life, we should mention, first of all, the Universal Declaration of Human Rights of 1948, the Convention for the Protection of Human Rights and Fundamental Freedoms of 1950, the International Covenant on Civil and Political Rights of 1976 ., Convention of the Commonwealth of Independent States on Human Rights and Fundamental Freedoms of 1995.

Russia has ratified the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data of January 28, 1981, as amended on June 15, 1999. Federal Law of December 19, 2005 N 160-FZ // SZ RF. 2005. N 52 (part I). Art. 5573. with a number of reservations:

1) Russia will not apply the Convention to personal data:

a) processed by an individual solely for personal and family needs;

b) classified as a state secret in the manner established by the legislation of the Russian Federation on state secrets;

2) will apply the Convention to personal data that is not subject to automated processing if the application of the Convention corresponds to the nature of the actions performed with personal data without the use of automation tools;

3) reserves the right to establish restrictions on the right of the subject of personal data to access personal data about himself in order to protect the security of the state and public order.

On February 10, 2006, the President of the Russian Federation signed Order No. 54-RP “On the signing of an additional protocol to the Council of Europe Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data concerning supervisory authorities and cross-border data transfers” of the RF SZ. 2006. N 7. Art. 769.

By order of the Government of the Russian Federation of June 9, 2005 No. 748-r, the Concept of creating a system of personal registration of the population of the Russian Federation was approved. Bulletin of labor and social legislation of the Russian Federation. 2005. N 7. P. 35. personal private information protection

The Constitution of the Russian Federation establishes that in the Russian Federation the rights and freedoms of man and citizen are recognized and guaranteed in accordance with generally accepted principles and norms of international law and in accordance with this Constitution (Article 17). Fundamental human rights and freedoms are not alienated and belong to everyone from birth (Part 2 of Article 17).

The exercise of human and civil rights and freedoms must not violate the rights and freedoms of other persons (Part 3 of Article 17).

The main current act regulating relations to a certain extent related to the personal data of an employee and their protection is the Federal Law of February 20, 1995 N 24-FZ “On information, informatization and information protection” of the Social Protection of the Russian Federation. 1995. N8. Art. 609 (hereinafter referred to as the Information Law).

Article 85 of the Labor Code formulates two basic concepts for this chapter:

1) personal data of the employee;

2) processing of the employee’s personal data.

An employee’s personal data contains a number of features that distinguish them from other information about the employee (citizen, person). They contain information that is necessary specifically for the employer and specifically in connection with the labor relationship with a specific employee.

The employee’s personal data, primarily related to his work activity, serves as the basis for determining his work legal status, his position as a party to the employment contract with this employer.

Information about the employee’s personality, his career path, and marital status is of a purely personal nature and relates only to him, his life and activities.

Giving legal character to the specified information, the Labor Code formulates the concept of personal data of an employee (Part 1 of Article 85) and the concept of processing this data (Part 2 of Article 85).

The processing of an employee’s personal data includes operations (actions) carried out by the employer represented by its authorized representatives (as a rule, personnel service employees) on:

a) receiving,

b) storage,

c) combination,

d) transfer of the employee’s personal data or their other use.

In the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data 1981 (member states of the Council of Europe are parties to it), the concept of “personal data” includes any information relating to a natural person, either identified or capable of being identified (v. 2).

In accordance with Art. 2 of the Federal Law of February 20, 1995 No. 24-FZ “On information, informatization and information protection”, information about citizens (personal data) means information about the facts, events and circumstances of a citizen’s life, allowing his personality to be identified. Personal identification is facilitated by a passport and the information contained in it.

The regulations on the passport of a citizen of the Russian Federation, the sample form and description of the passport of a citizen of the Russian Federation were approved by Decree of the Government of the Russian Federation of July 8, 1997 N 828 with subsequent amendments to the Social Protection of the Russian Federation. 1997. N 28. Art. 3444; 1999. N 41. Art. 4918; 2001. N 3. Art. 242; 2002. N 4. Art. 330; 2003. N 27. Art. 2813; 2004. N 5. Art. 374. .

Fingerprint data also allows personal identification. For employees of agencies designed to combat crime, this data is of immediate importance. In this regard, on July 25, 1998, the Federal Law “On State Fingerprint Registration in the Russian Federation” was adopted, as amended by the Federal Law of the Russian Federation. 1998. N 31. Art. 3806; 2000. N 46. Art. 4537. . For certain categories of persons, the civil public service adopted instructions stipulating the mandatory nature and procedure for conducting fingerprint registration. For example, Order No. 18 of the State Committee of the Russian Federation for Control of Traffic in Narcotic Drugs and Psychotropic Substances dated January 28, 2004 approved the Instructions on the procedure for carrying out mandatory state fingerprint registration of employees of bodies for control of traffic in narcotic drugs and psychotropic substances Bulletin of normative acts. 2004. N 11. P. 125.

1.2 Legal nature of personal data of employees

Currently modern technical means make it possible to collect and process significant volumes of socially significant information necessary for the life of a person, society and the state. The rapid development of computer technology makes it possible to access and use various data banks for almost any subject of information relations, while the speed of obtaining and disseminating information has increased significantly. Whoever owns information owns the world, philosophers rightly believe. Information, being an indispensable condition for the life and social activities of people, the subject of their constant attention, has existed as long as society has existed. It accompanies any social relationships and determines the decisions and actions of the individual. Currently, it is customary to talk about the existence of the so-called information environment of human habitation.

Now that information technologies have become universally available, they have spread to almost all areas of public activity related to information Bachilo I.L. Information law. Fundamentals of practical computer science: Textbook. M., 2001. S. 16 - 20; Gorodov O.A. Fundamentals of information law in Russia: Textbook. St. Petersburg, 2003. P. 12. .

Authorities and management bodies, guided in the course of their activities by the interests of society and the state, collect the necessary information about each of us, form various electronic databases of personal data of citizens, and as a result, have comprehensive information about our social and property status. Moreover, acting on the basis of legislative requirements, they have the right to request and receive the necessary personal data from individuals, which often affects the sphere of a person’s private interests. Officials basically know: where, with whom and in what conditions we live; where we work; what property do we have; what income we receive, what expenses we incur, etc.

However, any systematized socially significant information can be used both for the benefit and harm of people. The state has always sought to know as much as possible about the private lives of its citizens and manage them on the basis of this knowledge. More Plato in his treatise on the state Plato. State // Collection. cit.: In 4 vols. T. 3. M., 1994. P. 79 - 420. wrote about the need to put people's behavior under total control " all seeing eye"states.

History shows that such attempts to use the personal data of citizens and information about their private lives have already been repeatedly made in the practice of various political regimes. Nevertheless, it should be recognized that the formation and use of electronic databases of personal data of citizens is an objective process that is now being carried out in many developed countries of the world, where in parallel with this, various universal personal identifiers are also being created.

It is no coincidence that already in the 80s. last century in some countries of Western Europe, characterizing the information transparency of information about the personal lives of citizens for authorities and management, large public and private corporations, they began to use a special term - “glass people” Kozlova N. Glass people // RG. 2001. June 28. . Many foreign and domestic experts, in order to improve the existing system of identification of citizens, are already proposing the widespread use of fingerprint and genetic passports. I. Zhukov. Information pulled from the finger is the most accurate // AiF. Petersburg. 2003. February. N 9; Severov M. Is humanity doomed to a genetic census? // AiF. Petersburg. 2003. April. No. 17. . At the same time, they do not deny the presence of a potential danger in the functioning of such control institutions, especially in terms of ensuring the confidentiality of data subject to recording and use.

With the adoption of the new Labor Code of the Russian Federation, law enforcers were faced with the need to implement Chapter 14 “Protection of employee personal data” in practice. According to Art. 85 of the Labor Code of the Russian Federation, personal data of an employee is information necessary for the employer in connection with labor relations and relating to a specific employee. The Code establishes the basic requirements that must be observed when processing, that is, when receiving, storing, combining, transferring or any other use of an employee’s personal data. At the same time, a mandatory condition for the legality of emerging legal relations to obtain significant information is the participation of the employee himself in them.

In general, such a legislative definition of an employee’s personal data seems unsuccessful, since the concept formulated in this way does not highlight the essential features of this type of information and does not define the limits of its possible request and receipt.

In order to determine the essential characteristics of the legal regulation of this institution, it is necessary to dwell on the question of the legal nature of the employee’s personal data: to establish what place the designated information resource occupies in the system of existing legal entities. In the legal literature, social relations that arise regarding the processing of personal data of employees and regulated by the rules of law are called information labor relations, which constitute a separate institution of labor law A.V. Dvoretsky. Protection of personal data under the legislation of the Russian Federation: Author's abstract. dis. ...cand. legal Sci. Tomsk, 2005. P. 7. . This emphasizes their special character - they are formed regarding a special type of information.

Currently, the “core” act of legislative regulation of relations in connection with the use information resources is the Federal Law of February 20, 1995 N 24-FZ “On information, informatization and information protection” of the Social Protection of the Russian Federation. 1995. N 8. Art. 609. (hereinafter referred to as the Law on Information), which, based on Art. 23 and 55 of the Constitution of the Russian Federation in Part 2 of Art. 10 divides information with limited access into information classified as state secrets and confidential information.

Issues of protection and defense of state secrets are regulated by law, Law of the Russian Federation of July 21, 1993 N 5485-1 “On State Secrets”; Decree of the President of the Russian Federation of February 11, 2006 N 90 “On the List of Information Classified as State Secrets.” . According to the Law on Information, information about citizens (personal data), that is, information about the facts, events and circumstances of a citizen’s life that allows him to be identified, is classified as confidential (Article 2, Part 5, Article 10, Part 1, Art. eleven). There is an officially approved List of Confidential Information, Decree of the President of the Russian Federation of March 6, 1997 N 188 “On approval of the List of Confidential Information.” . They are divided into: personal data (personal secret); official information (official secret) (Article 139 of the Civil Code of the Russian Federation); information related to commercial activities (trade secret) Federal Law of July 29, 2004 N 98-FZ “On Trade Secrets” // SZ RF. 2004. N 32. Art. 3283. ; professional information related to medical, notarial, lawyer, banking secrets and other types of secrets; information constituting the secret of investigation and legal proceedings; information constituting the secret of correspondence, telephone conversations, postal items, telegraphic and other messages; information about the essence of the invention, utility model, industrial design before the official publication of information about them. Thus, the Decree of the President of the Russian Federation emphasizes the special nature of citizens’ personal data, in connection with their identification as a separate type of confidential information.

The main bodies of confidential information were studied in detail in the work of V.N. Lopatin, who revealed the existence of more than 30 types of restricted access information Lopatin V.N. Legal basis information security: Lecture course. M., 2000. .

At the same time, one cannot help but take into account that the personal data of individual employees may constitute a state secret and, accordingly, relate to a different type of information. So, according to Part 5 of Art. 14 of the Federal Law of May 27, 2003 N 58-FZ "On the civil service system of the Russian Federation" SZ RF. 2003. N 22. Art. 2063. “personal data entered into the personal files and records of civil servants are personalized and, in cases established by federal laws and other regulatory legal acts of the Russian Federation, relate to information constituting a state secret, and in other cases to information of a confidential nature” .

For example, in accordance with Art. 17 of the Federal Law of April 3, 1995 N 40-FZ “On the Federal Security Service” of the Federal Law of the Russian Federation. 1995. N 15. Art. 1269. “information about employees of federal security service bodies who performed (carry out) special tasks in special services and organizations of foreign states, in criminal groups, constitutes a state secret and can be made public only with the written consent of these employees and in cases provided for by federal laws ".

This circumstance in no way detracts from the legal significance of the employee’s personal data, does not impinge on their isolation, but, on the contrary, contributes to more effective protection by the state. Thus, the same information can constitute both a state secret and confidential information related to the employee’s personal data. At the same time, personal data, in our opinion, may constitute an official or professional secret. Let us turn to the legal nature of these types of confidential information.

V.N. Lopatin considers the data of the preliminary investigation, as well as judicial secret, to be information constituting an official secret. Lopatin V.N. Legal protection and defense of the right to secret // Legal world. 1999. No. 7. P. 40. . On the contrary, Yu.V. Frantsifirov points to the need to highlight professional secrets and divide them into state, official, medical, investigative, banking, lawyer, as well as the secret of the meeting of judges. Yu.V. Frantsifirov. Contradictions between openness and secrecy in criminal proceedings // Investigator. 2004. No. 3. P. 40. . In turn, I.L. Petrukhin Petrukhin I.L. Personal secrets (man and power). M.: Institute of State and Law of the Russian Academy of Sciences, 1998. P. 15. Among the professional secrets are medical, judicial protection and representation, confession, preliminary investigation, notarial actions.

The mentioned Decree of the President of the Russian Federation, establishing the List of confidential information, does not define the criterion in connection with which professional and official secrets can be divided between each other. In addition, firstly, the list of confidential information is established only by federal law; secondly, when determining official secrets, reference to civil law is not entirely appropriate, due to the fact that not in all cases official secrets represent commercial information.

E.L. Nikitin and A.A. Tymoshenko propose to separate professional secrets and official secrets depending on the subjects of their possession.

The etymology of the word “official” involves referring to the concept of “service” (state or municipal) Nikitin E.L., Timoshenko A.A. On the issue of the legal nature of an employee’s personal data // Journal of Russian Law. - 2006. - No. 7. . They believe that it is appropriate to refer to Federal Law No. 58-FZ of May 27, 2003 “On the civil service system of the Russian Federation” SZ RF. 2003. N 22. Art. 2063, where in Art. 1 the civil service of the Russian Federation is defined as the professional activity of citizens of the Russian Federation to ensure the execution of the powers of public authorities of the Russian Federation and their officials.

Professional secrecy involves the receipt of confidential information by a person in connection with his activities in fulfilling the obligations of an employment contract and a civil law contract, but precisely within the framework of professional activities. In this sense, official activity is already professional, since it is also aimed at the implementation of professional skills, however, due to the specifics of the legal status of employees, which implies vesting them with certain powers, it can be distinguished separately.

Neither professional secrets nor official secrets cover information that becomes known to citizens when applying for judicial or other state protection. Consequently, it is appropriate to highlight the secret of justice separately, and in its composition to state the existence of the secret of criminal, civil, and administrative types of legal proceedings.

The secrecy of criminal proceedings includes investigative secrecy (preliminary investigation data (Article 161 of the Code of Criminal Procedure of the Russian Federation)) and judicial secrecy (Articles 241, 298 of the Code of Criminal Procedure of the Russian Federation). It must be borne in mind that secrecy in criminal proceedings can be internal and external. At the same time, internal secrecy in criminal proceedings exists due to the established restriction on familiarization with the materials of the criminal case for individual participants in the criminal process, as well as with data on the identity of witnesses and victims, classified in the manner prescribed by law (the same personal data).

The external nature of secrecy, in particular in criminal proceedings, acquires due to the regulatory restriction of coverage in the media of preliminary investigation data or the restriction established by an official of the investigative authorities on the disclosure of information to unauthorized persons (not participants in the criminal process) during the preliminary investigation, as well as during a closed investigation. court session.

Thus, we can conclude that the Decree of the President of the Russian Federation in question does not clearly distinguish the types of confidential information, since separately designated personal data of a person, including the personal data of an employee, may be part of other confidential information.

At the same time, in the process of inclusion in other types of information of limited access, the employee’s personal data, firstly, continues to be protected by labor legislation, and secondly, acquires the means characteristic of other types of confidential information legal protection.

Personal data of a person in general and personal data of an employee in particular, along with other secrets protected by law (except state secrets) are phenomena of the same order - information of a confidential nature.

In the provisions of some federal laws, the concept of confidential information is given more broadly, but at the same time there is an unjustified separation of the concepts of other secrets protected by law and confidential information. In particular, Part 2 of Art. 10 of the Customs Code of the Russian Federation SZ RF. 2003. N 22. Art. 2066. already highlights state, commercial, banking, tax or other secrets protected by law and other confidential information.

According to V.N. Lopatina Lopatin V.N. Legal protection and defense of the right to secret // Legal world. 1999. N 4. P. 32., a similar situation is also observed when considering the provisions of Art. 8 of the Federal Law of July 4, 1996 N 85-FZ “On participation in international information exchange” of the Federal Law of the Russian Federation. 1996. N 28. Art. 3347. .

However, the literal interpretation of Part 2 of Art. 8 of the Law on Information (state secrets and other confidential information are distinguished) does not lead to such a conclusion, since this legal source repeats the norm of the said Federal Law.

In order to achieve unity of legal mechanisms for the protection of personal data, it is necessary to adopt a special federal law that would regulate the legal regime of personal data as a whole and establish a unified system for the protection of this data, organically including the personal data of employees (Chapter 14 of the Labor Code of the Russian Federation).

Currently, such a bill is being considered in the State Duma of the Russian Federation Shkel T. Russians will be coded // RG. 2005. November 22; Shkel T. Person under protection // RG. 2005. 25 Nov. . In addition, our state has ratified Federal Law No. 160-FZ of December 19, 2005 “On the ratification of the Council of Europe Convention for the Protection of Individuals with respect to Automatic Processing of Personal Data” // SZ RF. 2005. N 52. Part I. Art. 5573. Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data adopted within the Council of Europe. Collection of documents of the Council of Europe in the field of protecting human rights and combating crime. M., 1998. pp. 106 - 114. , which was joined by 33 European states.

The Directives of the European Parliament and the Council of the European Union of October 24, 1995 N 95/46/EC on the protection of the rights of individuals with regard to the processing of personal data and on freedom of viewing of such information, as well as of July 12, 2002 N 2002/ deserve special attention. 58/E concerning the processing of personal data and the protection of privacy in the electronic communications sector.

They proclaimed legality as the fundamental principle of processing personal data and the need to harmonize the norms of the participating states to ensure an adequate level of protection of fundamental rights and freedoms and, in particular, the right to privacy in relation to the processing of personal data in the electronic communications sector Morozov A.V., Semizarova E.V. Problems of implementation of international law in the field of legal protection of individuals during automated processing of personal data // Problems of legal informatization. 2005. N 5. P. 18. . Within the framework of the Council of Europe, the protection of personal data processed manually is also recognized by CE Directive 96/9/CE “On the legal protection of databases” // Citizens’ access to legal information (materials of international round tables). St. Petersburg, 1999. .

In a similar way, the protection of personal data is carried out in the USA, Japan, Australia Sokolova O.S. Personal data as restricted information: problems of legal regulation // Modern law. 2004. N 2. P. 21. .

In Germany, a constitutional act was adopted in 1977 - the Personal Data Protection Law; in the UK, the Information Protection Law has been in force since July 1998; in Sweden, the Information Protection Law (1973); in France - Law of January 6, 1978 "On information science, files and freedoms", in Hungary - Law of 1992 "On personal data and on the publication of data of public interest", in Spain in 1999 the Organic Law came into force " On the protection of personal data" Protection of personal data: Experience in legal regulation / Author-comp. E.K. Volchinskaya. M.: Galeria, 2001. . The structure of special acts regulating public relations in the labor sphere also contains separate provisions regulating the protection of personal data. Thus, the Workers' Statute of 1970, adopted in Italy, establishes a rule according to which the employer is prohibited, both during hiring and in the process of labor relations, from collecting information, including through third parties, about political and religious views and trade union orientation employees, as well as circumstances that are not significant for assessing the professional suitability of employees Tikhomirova L.V. Protection of employee personal data: Educational and practical manual. M., 2002. P. 12. . Finally, within the CIS, at the fourteenth plenary meeting of the Interparliamentary Assembly of the CIS Member States (Resolution of October 16, 1999), the Model Law “On Personal Data” was adopted. Information Bulletin of the Interparliamentary Assembly of the CIS Member States. 2000. N 23. S. 315 - 326. .

So, in general, an employee’s personal data can include any information about facts, events and other circumstances of the employee’s life and activities, through which it is possible to identify his personality Anisimov A.N. Legal protection of employee personal data // Labor Law. 2003. N 9. P. 31. . The right to protection of an employee’s personal data, in our opinion, is a manifestation of the constitutional right to privacy of N.G. Belyaeva. The right to privacy and access to personal data // Jurisprudence. 2001. N 1. P. 102. and constitutes the following set of rights: 1) the right to possess personal data; 2) the right to their protection; 3) the right to enjoy other related rights established by law (for example, the right to family secrets, to protect a good name).

It is typical for labor relations that personal data includes information that allows the employer to attract an employee to effectively perform the labor function. It may be contained in the documents provided by the employee when applying for a job:

In the employee’s identity document;

In the employee’s work book;

In the insurance certificate of state pension insurance;

In military registration documents (if any);

In documents on education, qualifications or the presence of special knowledge or training;

In medical documents;

In other documents containing information necessary to determine the employment relationship, including additionally provided by the employee on his own initiative (resumes, certificates, diplomas, diplomas of laureates of various competitions, etc.); in various personnel orders, materials of internal audits and investigations, reports and analytical notes.

Most of such materials are contained in the main personalized accounting document - a personal file, which consists of various types of documentation.

The legal regime of the said documentation is subject to legal regulation on a general basis and cannot be of a local nature, as stated by E.M. Berkutova Berkutova E.M. Protection of employee personal data // Labor disputes. 2005. No. 2. pp. 3-5. . The list considered is open. As already noted, Additional Information can be presented by the employee on his own initiative during an oral conversation with a representative of the employer, as well as when filling out various types of questionnaires and questionnaires. When a citizen undergoes psychological testing when applying for a job in an organization, a regime for the protection of personal data should also be established in terms of their results and information reported during such events.

In the Regulations on the personal data of a state civil servant of the Russian Federation and the management of his personal file, approved by Decree of the President of the Russian Federation of May 30, 2005 N 609 // SZ RF. 2005. N 23. Art. 2242. it is stated that the personal data of a civil servant means information about the facts, events and circumstances of the life of a civil servant, allowing his identity to be identified, and contained in the personal file of a civil servant or subject to inclusion in his personal file in accordance with the specified Regulations (for example, information from the decision on awarding state awards, conferring honorary, military and special titles, awarding state prizes (if any)).

To summarize the above, we can conclude that the employee’s personal data is organically included in the person’s personal data system, constitutes a separate legal entity - the institute of labor law, informational in nature, are subject to comprehensive legal protection by all methods and means established to protect state secrets and confidential information.

CHAPTER 2. FEATURES OF THE CONTENT OF PROTECTION OF PERSONAL DATA OF EMPLOYEES IN LABOR LAW

2.1 Legal regulation of the processing of personal data of employees

Law No. 152-FZ “On Personal Data” quite broadly interprets the concept of processing personal data, including collection, systematization, accumulation, storage, clarification (updating, changing), use, distribution (including transfer), depersonalization , blocking, destruction of personal data.

In accordance with Part 2 of Article 85 of the Labor Code of the Russian Federation, the processing of an employee’s personal data is the receipt, storage, combination, transfer or any other use of the employee’s personal data (for example, the formation of a list of employees compiled according to certain criteria, a report on employees, etc. ).

In order to ensure the rights and freedoms of man and citizen, in accordance with Article 86 of the Labor Code of the Russian Federation, the employer and his representatives, when processing the employee’s personal data, are obliged to comply with the following general requirements:

1) the processing of an employee’s personal data can be carried out solely for the purpose of ensuring compliance with laws and other regulations, assisting employees in employment, training and promotion, ensuring the personal safety of employees, monitoring the quantity and quality of work performed and ensuring the safety of property. Thus, the processing of personal data for any other purposes of the organization is prohibited;

2) when determining the volume and content of the employee’s personal data to be processed, the employer must be guided by the Constitution of the Russian Federation, the Labor Code and other federal laws;

3) all personal data of the employee should be obtained from him. In the event that an employee’s personal data can only be obtained from a third party, the employee must be notified of this in advance, and also obtain written consent from him. In the notice, the employer must inform the employee about the purposes, intended sources and methods of obtaining personal data, as well as the nature of the personal data to be received and the consequences of the employee’s refusal to give written consent to receive it. Thus, collecting information about an employee without his knowledge is not allowed;

4) the employer does not have the right to receive and process the employee’s personal data about his political, religious and other beliefs and private life. It should be noted that in cases directly related to issues of labor relations, the employer has the right to receive and process data about the employee’s private life, but only with his written consent;

5) the employer is prohibited from receiving and processing the employee’s personal data about his membership in public associations or his trade union activities. The exception is cases provided for by the Labor Code of the Russian Federation or other federal laws. An example is membership in extremist public organizations;

6) when making decisions affecting the interests of an employee, the employer does not have the right to rely on the employee’s personal data obtained solely as a result of their automated processing or electronic receipt. This ban based on the fact that the data obtained may be used in the wrong context. In each situation, it is necessary to be guided by the information obtained by studying the entire volume of available documents and information;

7) protection of the employee’s personal data from unlawful use or loss must be ensured by the employer at his expense in the manner established by the Labor Code and other federal laws;

8) employees and their representatives must be familiarized, against signature, with the employer’s documents establishing the procedure for processing personal data of employees, as well as their rights and obligations in this area. Such documents may be the Regulations on Personal Data, Instructions for Working with Personal Data, etc.;

9) employees should not waive their rights to maintain and protect secrets. If the employer’s local regulations on personal data or the employment contract contain a provision that the employee waives these rights, then in this part the document will be considered invalid;

10) employers, employees and their representatives must jointly develop measures to protect the personal data of employees. One of the main tasks in this regard is the adoption of local regulations on personal data.

Article 86 of the Labor Code is aimed at ensuring that personal data is used primarily in the interests of the employee: to determine his legal status in relation to the employer, the scope and content of the rights and obligations of the employee arising from the employment contract, and, accordingly, the counter rights and obligations of the employer.

Art. 86 of the Labor Code of the Russian Federation establishes a list of general requirements that the employer must comply with when processing personal data, which should be supplemented with an indication that the employer is prohibited from obtaining the following information from the person applying for work and the employee:

Information constituting a state secret or other confidential information protected by law that became known to the employee before the emergence of labor relations with the employer;

Information about the past political or social activities of the employee or person applying for work;

Information about cases of criminal prosecution that took place in the past (except for the restrictions established for persons employed in the law enforcement agencies of the Russian Federation and justice, for work related to the upbringing, education of children, and other social meaningful work, as well as those related to the imposition of punishment in the form of deprivation of the right to occupy certain positions or engage in certain activities);

Data on property status (exception for persons applying for elected positions);

Information about the nationality of the employee himself, his close relatives, relatives, close persons, other persons;

Other similar data.

When determining the scope and content of an employee's personal data to be processed, the employer must be guided by the Constitution of the Russian Federation, the Labor Code of the Russian Federation and other federal laws. This requirement directs the employer to comply with the restrictions established to protect the privacy of citizens. However, the line between the information required by the employer in connection with labor relations and information relating to the private life of a citizen is not clearly defined in any of the regulations. In fact, this question remains at the discretion of the employer.

Obtaining personal data must be carried out in accordance with the procedure established by law. By general rule All personal data should be obtained from the employee himself.

However, the law does not regulate the employer’s actions in the event of an employee’s refusal to provide the necessary data. The vagueness of the wording of the requirements of the Labor Code of the Russian Federation regarding the processing of personal data and the very definition of personal data, on the one hand, allows the employee to object to almost every request that asking about it is illegal. The exception is information that can be obtained from a work book, passport, education document, military ID and insurance certificate. Everything that concerns family, kinship, friendly, everyday, intimate and other personal relationships easily fits into the concept of “private life”. On the other hand, it is quite difficult to reproach an employer for being interested, for example, in the family status of an employee out of idle curiosity, and not in connection with labor relations.

In addition to family circumstances (presence of a family, children, registered or actual marriage), the employer has the right to request information about the state of health, the presence of disability, the employee’s age, actual place of residence, and certain personal qualities demonstrated at the previous place of work. and in other public spheres. Such data may include information about a criminal record or military service, which is information closely related to the public sphere.

If personal data can only be obtained from a third party, then the following conditions must be met:

1) notification of the employee by the employer of the intention to obtain personal data from a third party (indicating the purpose, intended sources and methods of obtaining the data, their nature, the consequences of the employee’s refusal to give written consent to receive them);

2) obtaining the employee’s written consent to obtain his personal data from a third party.

Unfortunately, the legislator does not explain what should be understood by written consent. In this regard, obtaining written consent can be carried out in any form. For example, an employee can write the requested data in his own hand and present it to the employer, who sometimes urgently needs to make sure that the data provided is correct. The norms of the new Labor Code of the Russian Federation need to detail the process of requesting personal data from an employee.

Thus, in world practice, it is considered common practice to request an educational institution to confirm the education received by an employee, the award of a qualification category, his state of health, etc.

The absence in the law of a list of cases when an employer has the right, upon notification of an employee, to request personal data from third parties, gives rise in practice to situations in which the employer, reporting the consequences of an employee’s refusal to give written consent to obtain personal data from third parties, can always “intimidate” employee and obtain such consent, since the law does not guarantee the non-use of “repressive” measures by the employer in case of refusal.

The Labor Code of the Russian Federation establishes a number of restrictions on the processing of certain types of personal data. Thus, the employer does not have the right to receive and process the employee’s personal data about his membership in public associations or his trade union activities, except in cases provided for by federal law (Clause 4 of Article 86 of the Labor Code of the Russian Federation), as well as to communicate the employee’s personal data for commercial purposes without his written consent (paragraph 2 of article 88 of the Labor Code of the Russian Federation). It should also be emphasized that the employer can independently assess a serious and imminent threat to the life and health of an employee, its degree, and in order to prevent such a threat, provide personal information to any third parties (Article 88 of the Labor Code of the Russian Federation).

Currently, in organizations, the following forms of collecting employee personal data can be distinguished:

interview;

survey;

Posted on http://allbest.ru

testing.

The interview is Posted on http://allbest.ru

programming questions to a candidate for the relevant position in such a way that they sufficiently fully identify a predetermined range of criteria necessary for occupying a particular position with a probable degree of reliability and reliability. It is advisable for the organization to develop a special form with a list of basic questions. It should be remembered that there are questions that the law prohibits asking an employee. Thus, Article 64 of the Labor Code of the Russian Federation establishes that unreasonable refusal to conclude an employment contract is prohibited. Any direct or indirect restriction of rights or the establishment of direct or indirect advantages when concluding an employment contract depending on gender, race, skin color, nationality, language, origin, property, social and official status, place of residence (including the presence or lack of registration at the place of residence or stay), as well as other circumstances not related to the business qualities of employees, are not allowed, except in cases provided for by federal law. It is prohibited to refuse to conclude an employment contract to women for reasons related to pregnancy or the presence of children.

Therefore, HR employees should avoid inappropriate questions related to discriminatory characteristics. During the interview, you can clarify how many jobs the employee has changed; duration of work in a particular place; name of the position previously held; previous size wages and so on.

Questioning is the use of a questionnaire, which contains a list of questions that the applicant answers in writing. Most important points, to which personnel workers usually look for answers: address, major discipline at a university, technical school, purpose of applying for a job; time spent at previous places of work, positions; completed educational institutions; health restrictions; military service; assigned titles, etc. Questionnaires should also avoid questions about nationality, origin, social and property status. Questions should be aimed at identifying the business qualities of the future employee. It is undesirable for the applicant to remain convinced that his business qualities fully correspond to the required ones, but he was rejected because his financial situation, for example, the lack of his own apartment, low wages at his previous place of work became the reason for the refusal to conclude an employment contract.

According to parts 5 and 6 of Article 64 of the Labor Code of the Russian Federation, the employer is obliged to provide the reason for the refusal to conclude an employment contract in writing. In this case, the refusal can be appealed in court, and it is possible that the subject of judicial research and study will be the questionnaire, and it is quite acceptable that the employer’s representative in court will have to explain for what purpose certain questions were asked.

According to paragraph 11 of Article 81 of the Labor Code of the Russian Federation, an employment contract can be terminated by the employer in cases where the employee submits forged documents or knowingly false information when concluding an employment contract. Therefore, it is advisable to include in the questionnaire the employee’s note opposite the disclaimer: “I confirm that the information stated above is correct” or: “I am aware that the provision of knowingly false information may subsequently serve as grounds for termination of the employment contract.” However, here it is necessary to take into account the time gap between the applicant filling out the questionnaire and the immediate conclusion of the employment contract.

And finally, let’s touch on testing, which can also become a source of information about a future employee. Depending on the purpose, the following types of tests are usually distinguished when concluding an employment contract: to check the achieved level (knowledge or skills), to test learning abilities, to test interests, and characterological tests. The test can have dual uses: to select applicants who have the greatest chance of success and to screen out applicants. In most cases, the tests are more reliable and reliable in predicting negative results. Therefore, in modern management practice they are used as a tool for initial screening and limiting the range of applicants, while the final selection is made using less formal methods.

2.2 Storage, use and transfer of personal data of employees

The employer must establish a procedure for storing and using personal data of employees in compliance with the requirements of the Labor Code and other federal laws. This provision is contained in Article 87 of the Labor Code of the Russian Federation.

Information about a person’s private life must be stored in such a way that the possibility of its loss or unauthorized access to it by unauthorized (third) parties is excluded. The use of personal data by bodies and persons who have received them legally must be carried out only in accordance with the tasks for which they were collected. As stated in Part 2 of Art. 11 of the Law on Information, personal data cannot be used to cause property and moral harm to citizens, or impede the exercise of the rights and freedoms of Russian citizens. Restriction of the rights of citizens based on the use of information about their social origin, racial, national, linguistic, religious and party affiliation is prohibited and punishable in accordance with the legislation of the Russian Federation. The use of information about a person’s private life for personal gain or other illegal purposes, according to the logic and meaning of the legislative approach, should inevitably entail the application of measures of disciplinary, material, civil, administrative or even criminal (in case of causing significant harm to the rights and legitimate interests of citizens) liability for towards the culprit. In practice, this theoretical position causes the greatest difficulties in implementation.

...

Similar documents

Formation of legislation on the protection of personal data of employees. Main types of personal data of employees. The employer's procedure for processing personal data of employees. Features of liability for violation of the law.

course work, added 03/19/2015


Processing, storage and use of employee personal data. Rights of workers in the field of personal data protection. Disciplinary and administrative liability for violation of the rules governing the processing and protection of employee personal data.

course work, added 03/19/2015


The concept of legal regulation of personal data of employees in accordance with the Labor Code of Russia. Study of labor relations in the field of protection of employee personal data. Features of working with confidential information, compliance with responsibility.

thesis, added 12/07/2010


Concept and features of personal data. Ensuring the security of personal data during their processing. Features of liability for violation of legislation on the protection of personal data. Legal regulation and subject of personal data protection.

course work, added 04/05/2016


Analysis of the main legal acts on the protection of the individual in connection with the automatic processing of personal data. Characteristics of risks of non-compliance with legal requirements. Review of the classification of typical personal data information systems.

presentation, added 03/21/2013


The concept of personal data and its differentiation from other information. Work of the personnel service with personal data. Disciplinary, administrative and criminal liability for violation of rules for working with information. Control of personal data protection.

course work, added 09/21/2014


The problem of security of personal data information systems. Practical aspects of creating means of protecting personal data in LLC Management Company Housing Communal Initiative. Responsibility for violation of requirements for the protection of personal data.

course work, added 05/25/2014


Operator and subject of personal data. Categories of personal data processed in ISPD, liability for processing violations. Life cycle of personal data, processing period. Classes of a typical information system, certification and certification.

abstract, added 04/05/2012


Concept, processing, storage and use of employee personal data. Study of current legislation on this issue. Types of employer liability for violation of rules governing the processing and protection of employee personal data.

test, added 04/10/2016


Concept, essence and legal nature of personal data. Rights and obligations of the information owner. Basic regulatory documents for the protection of confidential information. Federal regulations to ensure the protection of information and personal data.

Title page

GRADUATE WORK

TOPIC: "PROTECTION OF EMPLOYEE'S PERSONAL DATA"

INTRODUCTION 3

CHAPTER I. PERSONAL DATA OF AN EMPLOYEE: CONCEPT AND ESSENCE 6

1.1. Restriction of personal data from other information 16

1.2. Development of legislation on the protection of personal data 26

1.3. General requirements for the processing of employee personal data and guarantee of their confidentiality 33

CHAPTER II. PROCEDURE FOR WORKING WITH CONFIDENTIAL INFORMATION ABOUT AN EMPLOYEE 36

2.1. HR service work with personal data 39

2.2. Main aspects of transferring employee personal data and information protection when working with personal data on a computer 44

2.3. Monitoring the protection of employee personal information 59

CONCLUSION 65

REFERENCES 68

INTRODUCTION

Personal data of the parties to an employment contract, which means information about the employer and employee, is important for each of them. When concluding an employment contract, the employee receives information about the employer, his location, and the nature of his future work. Knowledge of an employee’s personal data is of great importance for the employer, who, when concluding an employment contract, receives information about the employee, his age, profession, specialization, qualifications, health, and marital status.

The regulations contained in the articles of Chapter 14 “Protection of Employee Personal Data”, which concludes Section III “Employment Contract” of the Labor Code of the Russian Federation 1, are devoted to regulating and ensuring the confidentiality of personalized information about employees.

Relevance of the work. The emergence of rules on the protection of employee personal data in Russian labor law is dictated by the need to implement in the labor sphere generally recognized norms and principles of international law, the application of which is guaranteed by the Constitution of the Russian Federation 2, which in Art. 23 and 24 establishes that everyone has the right to privacy, personal and family secrets; collection, storage, use and dissemination of information about a person’s private life without his consent is not permitted.

This constitutional establishment is based on acts of international law, which include the Universal Declaration of Human Rights, adopted on December 10, 1948 by the General Assembly of the United Nations, in Art. 12 of which it is proclaimed: “No one shall be subjected to arbitrary interference in his private or family life, to arbitrary attacks on the inviolability of his home, the privacy of his correspondence or his honor and reputation. Every person has the right to the protection of the law against such interference or attacks.” The same norms are contained in the International Covenant on Civil and Political Rights, adopted on December 16, 1966 by the UN General Assembly and ratified by the Decree of the Presidium of the Supreme Soviet of the USSR of September 18, 1973, which established that no one may be subjected to arbitrary or unlawful interference with his personal and family life, arbitrary or illegal attacks on the inviolability of his home or the secrecy of his correspondence, on his honor and reputation.

The subject of the study is the information field on the protection of personal data of employees of enterprises, government agencies, municipalities and other types of activities.

The object of the study is the personal data of employees and their protection from unlawful interference.

Purpose of the work: to consider the issue of protecting personal data of employees.

To achieve the goal of the work, it is necessary to complete the following tasks:

Consider theoretical basis question: the concept and essence of personal data;

Study the features of personal data and determine their differences from other information;

Monitor the development of legislation in this area;

Identify general requirements for the processing of employee personal data;

Consider the work of the HR service with personal data;

Study the main aspects of the transfer of employee personal data, as well as their protection when working on a computer;

Consider control over the protection of personal data.

The work used methods of comparison and analysis - in the study of Russian legislation in the field of personal data protection, as well as the works and generalization of knowledge of such scientists and researchers as Alaverdov A.R., Markevich A.S., Kibanov A.Ya., Orlovsky Yu. P., Petrovsky S.A., Yankovaya V.F. and others, as well as authors of feature articles - specialists in the field of personnel management and office management.

CHAPTER I. PERSONAL DATA OF AN EMPLOYEE: CONCEPT AND ESSENCE

Personal data of the parties to an employment contract, which means information about the employer and employee, is important for each of them. When concluding an employment contract, the employee receives information about the employer, his location, and the nature of his future work. 3 Knowledge of an employee’s personal data is of great importance for the employer, who, when concluding an employment contract, receives information about the employee, his age, profession, specialization, qualifications, health, and marital status.

After concluding an employment contract, information about the employee is necessary for the employer for the proper fulfillment of his obligations arising not only from labor, but also from civil, family, administrative, and other branches of legislation (for example, to withhold taxes from wages, funds for damages, alimony) , to provide the employee with benefits and advantages, for example, when transferring to another job due to illness, pregnancy, or the presence of children.

By granting the employer the right to receive extensive information about the employee’s personal data, the law obliges him to take all measures to prevent the unauthorized release of this information from the employer’s control, so that the employee’s personal data does not become available to third parties without his knowledge and consent.

The regulations contained in the articles of Chapter 14 “Protection of Employee Personal Data”, which concludes Section III “Employment Contract” of the Labor Code of the Russian Federation, are devoted to regulating and ensuring the confidentiality of personalized information about employees.

These rules have recently appeared in domestic labor law. The Labor Code of the Russian Federation, in force until February 1, 2002, not only did not contain such norms, but also did not use terminology that would cover the concepts of personal data or other information about employees. And only with the adoption of the Labor Code of the Russian Federation, which has a special chapter 14 “Protection of personal data of an employee,” the collection, storage, and use of confidential information about an employee became the subject of legal regulation.

The emergence of rules on the protection of employee personal data in Russian labor law is dictated by the need to implement in the labor sphere generally recognized norms and principles of international law, the application of which is guaranteed by the Constitution of the Russian Federation 4, which in Art. 23 and 24 establishes that everyone has the right to privacy, personal and family secrets; collection, storage, use and dissemination of information about a person’s private life without his consent is not permitted.

This constitutional establishment is based on acts of international law, which include the Universal Declaration of Human Rights, adopted on December 10, 1948 by the General Assembly of the United Nations, in Art. 12 of which it is proclaimed: “No one shall be subjected to arbitrary interference in his private or family life, to arbitrary attacks on the inviolability of his home, the privacy of his correspondence or his honor and reputation. Every person has the right to the protection of the law against such interference or attacks.”1 The same norms are contained in the International Covenant on Civil and Political Rights, adopted on December 16, 1966 by the UN General Assembly and ratified by the Decree of the Presidium of the Supreme Soviet of the USSR of September 18, 1973, which established that no one may be subjected to arbitrary or unlawful interference with his personal and family life, arbitrary or illegal attacks on the inviolability of his home or the secrecy of his correspondence, on his honor and reputation. This legal provision is duplicated in the European Convention for the Protection of Human Rights and Fundamental Freedoms, concluded in Minsk on May 26, 1995, Convention of the Commonwealth of Independent States States “On Human Rights and Fundamental Freedoms”3, which oblige the countries party to the Convention to ensure the right of every person to respect for his personal and family life, inviolability of home and correspondence, and to prevent interference in the exercise of this right by state bodies, with the exception of interference provided for by law and necessary in a democratic society in the interests of national security and public safety, the economic well-being of the country, as well as for the prevention of disorder or crime, to protect health or morals, or to protect the rights and freedoms of others.

Declaring, in accordance with generally recognized norms and principles of international law, the inadmissibility of collecting, storing, using and distributing information about the private life of a person without his consent, the Constitution of the Russian Federation at the same time grants everyone the right to freely seek, receive, transmit, produce and disseminate information by any legal means. way (part 4 of article 29) 5. Each of these rights can be limited exclusively by federal law and only to the extent necessary in order to protect the foundations of the constitutional system, morality, health, rights and legitimate interests of other persons, ensuring the defense of the country and the security of the state.

Regulating these rights, Federal Law No. 149-FZ of July 27, 2006 “On information, information technologies and information protection”1 classifies information about an employee and his personal data as confidential information, the establishment of a procedure for the use and protection of which is under the joint jurisdiction of the Russian Federation. Federation and its subjects.

Further development of legal regulations on the confidentiality of personal information in a legal democratic state was given in Chapter 14 of the Labor Code of the Russian Federation, which consists of six articles:

Article 85 “The concept of employee personal data. Processing of employee personal data”;

Article 86 " General requirements when processing employee personal data and guaranteeing their protection”;

Article 87 “Storage and use of personal data of employees”;

Article 88 “Transfer of employee personal data”;

Article 89 “Rights of employees in order to ensure the protection of personal data stored by the employer;

Article 90 “Responsibility for violation of the rules governing the processing and protection of employee personal data.”

A systematic comparative analysis of the norms contained in these articles makes it possible to identify their certain isolation in the system of labor law, which gives grounds to consider them as an independent institution of labor law, which, although closely related to the employment contract, at the same time goes beyond it framework, acquiring industry-wide significance. 6

Consideration of the protection of an employee’s personal data as an institution of labor law reveals its insufficient development, the lack of necessary connections with a number of important norms and provisions of labor law.

For example, having established in Art. 90 of the Labor Code of the Russian Federation, the legislator did not specify liability for violation of the rules governing the protection of personal data of employees in Art. 22 of the Labor Code of the Russian Federation, among the general obligations of the employer as a party to labor relations, is the obligation to protect the personal data of employees. In order to eliminate this discrepancy, it would be logical to classify the protection of personal data of employees as one of the main responsibilities of the employer by making a corresponding addition to Part 2 of Art. 22 of the Labor Code of the Russian Federation “Basic rights and obligations of the employer” 7.

A similar discrepancy is revealed when comparing Art. 89 “Rights of an employee in order to ensure the protection of personal data stored by the employer” from Art. 21 “Basic rights and obligations of employees”, which does not mention the right to protection of his personal data among the basic rights of an employee.

The general concept of an employee’s personal data is given in Article 85 of the Labor Code of the Russian Federation, according to which an employee’s personal data is information necessary for the employer in connection with labor relations and relating to a specific employee. The same article defines the processing of an employee’s personal data, which means the receipt, storage, combination, transfer or any other use of an employee’s personal data.

Given in Art. 85 of the Labor Code of the Russian Federation, the definitions of personal data and their processing are not exhaustive. A number of additional features are contained in other regulatory legal acts intended to regulate the protection of personal data in the field of labor relations, state and municipal services.

Such an act is, for example, the Regulations on personal data of a state civil servant of the Russian Federation and the management of his personal file, approved by Decree of the President of the Russian Federation of May 30, 2005 No. 609. In Article 2, this Regulation establishes that personal data of a civil servant refers to information about the facts, events and circumstances of the life of a civil servant, allowing his identity to be identified and contained in his personal file or to be included in his personal file. Personal data entered into the personal files of civil servants becomes confidential information (with the exception of information that, in cases established by federal laws, may be published in the media), and in cases established by federal laws and other regulatory legal acts of the Russian Federation, information , constituting a state secret 8 .

The range of information related to the employee’s personal data is determined by the employer, taking into account the conditions established by labor legislation in relation to a particular type of employment contract and work activity, as well as taking into account the nature of the work performed. For example, an employer will need special information to conclude an employment contract with an employee to perform work that requires special knowledge or access to state secrets.

Information about the employee is obtained by the employer primarily from the documents presented by the employee when concluding an employment contract in accordance with Art. 65 of the Labor Code of the Russian Federation: from a passport and other identification document, from a work record book, an insurance certificate of state pension insurance, from military registration documents, on education and qualifications and from other documents, the need for presentation of which when concluding an employment contract may be provided for by the Labor Code, other federal laws, presidential decrees and decrees of the Government of the Russian Federation.

Significant information can be gleaned from a citizen’s passport, which is the main document identifying his identity on the territory of the Russian Federation, in which, in accordance with the Regulations on the passport of a citizen of the Russian Federation, approved by Decree of the Government of the Russian Federation of July 8, 1997 No. 8281 (as amended dated January 23, 2004), the following marks are made:

on registration of a citizen at his place of residence and deregistration;

on the attitude towards military service of citizens who have reached the age of 18;

on registration and divorce;

about children under 14 years of age;

about previously issued basic documents identifying the identity of a citizen of the Russian Federation on the territory of the Russian Federation;

on the issuance of basic documents identifying a citizen of the Russian Federation outside the Russian Federation.

At the request of a citizen, notes can be made in the passport about his blood type and Rh factor and about the taxpayer identification number.

The second important source of information about the employee is his work book, which is rightly called a citizen’s labor passport. It contains the full amount of information about the employee’s work activities, as well as other information about him.

So, in accordance with Art. 66 of the Labor Code of the Russian Federation “Work Book” and with the Rules for maintaining and storing work books, producing work book forms and providing them to employers, approved by Decree of the Government of the Russian Federation of April 16, 2003 No. 2251 (as amended on February 6, 2004) in the labor book when registering the book, information about the employee’s last name, first name, patronymic, his date of birth (date, month, year), information about his education, profession, specialty is entered.

Subsequently, at the place of work, information about the work performed, transfers to another permanent job, dismissal, indicating the grounds for termination of the employment contract, information about incentives and awards is entered into the work book. At the request of the employee, information about part-time work is entered into the work book at the place of main work on the basis of a document confirming part-time work.

Entries in the work book about the reasons for termination of the employment contract are made in strict accordance with the wording of the Labor Code or other federal law, with references to their articles. Thus, upon termination of an employment contract with an employee who has been sentenced by a court to punishment in the form of deprivation of the right to hold certain positions or engage in certain activities and has not served this sentence, an entry is made in the work book about on what basis, for what period and what position he deprived of the right to engage in or what activity is deprived of the right to engage in.

In the work books of persons who have served correctional labor without imprisonment, an entry is made at the place of work stating that the time worked during this period is not counted towards continuous work experience. This entry is made in the work books at the end of the actual term of serving the sentence, which is established according to certificates from the internal affairs bodies.

The work book at the place of work also contains entries about the time of military service in accordance with Federal Law of March 28, 1998 No. 53-FZ “On Military Duty and Military Service”, service in internal affairs bodies, tax police bodies, control bodies for the circulation of narcotic drugs and psychotropic substances, in customs and other law enforcement agencies, about the time of training in courses and schools for advanced training, retraining and training.

As you can see, a work book can contain a significant amount of various information about its owner, including information that goes beyond the scope of his work activity.

Sources of information about the employee are other documents provided by him when applying for a job: insurance certificate of state pension insurance, military registration documents, documents on education, qualifications, availability of special knowledge, academic degrees and titles.

Information about the employee related to his personal data is concentrated in unified forms of primary accounting documentation for accounting of labor and its payment, approved by Resolution of the State Committee of the Russian Federation on Statistics dated January 5, 2004 No. 1 “On approval of unified forms of primary accounting documentation for accounting labor and its payment”, agreed with the Ministry of Finance of the Russian Federation, the Ministry of Economic Development and Trade of the Russian Federation, the Ministry of Labor and Social Development of the Russian Federation. 9

The obligation to maintain unified forms of primary accounting documentation for the accounting of labor and its payment is extended to all organizations that use the labor of employees under an employment contract on the territory of the Russian Federation, regardless of their organizational and legal forms and form of ownership. Some exceptions in terms of recording working hours and settlements with personnel for wages are provided only for budgetary institutions and employers - individuals.

In accordance with the above-mentioned resolution, all unified forms of primary accounting documentation for recording labor and its payment are divided into two groups. The first is documents on personnel accounting, the second is documents on recording working hours and settlements with personnel for wages.

Personnel registration documents include an order (instruction) on hiring an employee, a personal card of an employee or a personal card of a state (municipal) employee, an accounting card of a scientific, scientific and pedagogical worker, an order (instruction) on transferring an employee to another job, an order ( order) on granting leave to an employee, vacation schedule, order (instruction) on termination (termination) of an employment contract with an employee, order (instruction) on sending an employee on a business trip, travel certificate and official assignment for sending on a business trip, report on its implementation, order (order) to reward an employee.

Documents for recording working time and settlements with personnel for wages include: time sheets and calculation of wages, payroll or payroll, personal account, note-calculation on granting leave to the employee, note-calculation upon termination (termination) of an employment contract with the employee, an act of acceptance of work performed under a fixed-term employment contract concluded for the duration of a specific job.

Obtaining information about an employee is the right of the employer. He needs it, first of all, for the effective organization of the labor process. But information about the employee may also be required by the employer to fulfill the duties assigned to him by labor legislation. For example, to apply special rules for regulating the labor of workers under the age of 18 (Chapter 41 of the Labor Code of the Russian Federation) or persons with family responsibilities (Chapter 42 of the Labor Code of the Russian Federation), the employer will need information about the employee’s age and whether he has children.

Obtaining information about an employee can be not only the right of the employer, but also his obligation, provided for both by labor law and regulations of other industries.

For example, tax legislation, granting the employer the status of a tax agent and imposing on him the responsibilities for calculating, withholding taxes from the employee as a taxpayer and transferring them to the relevant budgets or extra-budgetary funds, obliges the employer to take into account a whole range of information about the employee.

Federal Law of April 1, 1996 No. 27-FZ imposes similar obligations on collecting information about the employee.

“On individual (personalized) accounting in the compulsory pension insurance system” (effective as amended on May 9, 2005).

As a result of all this, the employer accumulates a significant amount of various information about the employee, the totality of which forms his personal data, the protection of which is among the responsibilities of the employer as the owner of the employee’s personal data, collecting, storing, using, and transferring it to third parties. 10

Limiting personal data from other information

Since the appearance of personal data as a category in Russian legislation in 1995, in the Federal Law “On Information, Informatization and Information Protection,” personal data was immediately classified as confidential information, i.e. restricted information 11 . The subsequently adopted Decree of the President of the Russian Federation “On approval of the List of Confidential Information” 12 also contains their mention as confidential information. The current Federal Law “On Information, information technology and on the protection of information” 13 similarly speaks of personal data in the article on restricting access to information, but does not directly call them confidential information or information of limited access, indicating only the special procedure for access to them provided for by a special law. The Federal Law “On Personal Data” 14, interestingly, also does not characterize personal data in general as confidential information; moreover, along with a simple definition of “personal data”, it contains a definition of “public personal data” - a term that cannot be logically correlated with restricted information.

In Art. 4 of the Law contains a definition of “confidentiality of personal data”, which consists in their non-distribution, i.e. preventing actions aimed at transferring and familiarizing personal data to third parties, publishing them, placing them in the public domain. Confidentiality is not required in the case of processing publicly available personal data and in the case of their anonymization, i.e. loss of any connection with the subject, which apparently does not allow them to be considered as personal data in the future. Consequently, it is hardly possible to consider personal data as a whole as restricted access information; rather, it would be correct to introduce the category of “confidential personal data” into circulation in this case. As a result, from the entire mass of personal data, this would make it possible to identify those that are subject to confidentiality requirements by law. An exception to the rule should be considered the cases mentioned in Part 2 of Art. 1 of the Law - personal data that constitutes a state secret, stored in archives, located in the unified register of individual entrepreneurs and legal entities, processed exclusively for domestic needs. Some of them will be subject to another access restriction regime – the state secret regime. In relation to the other two cases, completely different legal regimes will apply, within which it is completely impossible to talk about limiting access to personal data. The legislation on archival affairs provides for a general ban on access to information about the private life of a person, his personal and family secrets, which can be judged on the basis of paragraph 3 of Art. 25 of the Federal Law “On Archiving in the Russian Federation” 15, given that neither one nor the other definition exists in law. Information from the unified state registers of legal entities and individual entrepreneurs is publicly available by law, with the exception of passport data of individuals (but not in the case of individual entrepreneurs) and information about bank accounts of legal entities and individual entrepreneurs 16 . The last mentioned case of exclusion from the legal regime of confidentiality of personal data, when it comes to their processing for personal household needs, should be considered as quite controversial. Probably, in this case, it is difficult to talk about the confidentiality of such personal data in full, but we can talk about the existence of a general requirement to respect the rights and freedoms of the subject of personal data, primarily the right to respect for private life, personal and family secrets, when processing them , established by the Constitution of the Russian Federation in Art. 23 and 24 17.

Returning, in fact, to the regime of confidentiality of personal data established by the Law, it should be said that its essence, by analogy with other types of restricted information, should be to establish a special procedure for accessing it, using it and distributing it. But the Law (Article 1 9) enshrines only an extremely general requirement - to take organizational and technical measures to protect against unauthorized or accidental access to it, destruction, modification, blocking, copying, distribution of personal data, as well as from other unlawful actions. The technical measures that the operator is required to take can be considered quite specific, since similar regulations apply to the protection of other types of confidential information. Such activities to protect confidential information are carried out through licensing and certification of information protection means by the Federal Service for Technical and Export Control, on the basis of relevant provisions 18. But as far as organizational measures are concerned, there are absolutely no clear indications in this regard. By analogy with other categories of restricted access information, such as state secrets 19 , commercial secrets 20 , official secrets (including on the basis of the draft Federal Law “On Official Secrets” 21, which is currently under consideration in the State Duma of the Russian Federation), such actions Logically it would be appropriate to include:

Establishing a list of personal data.

Establishing the circle of subjects who have access to personal data.

The use of a special stamp and details that allow further identification of information as confidential - “Confidential”.

Accounting (registration) of persons who actually gained access to personal data.

Settlement of relations to protect the confidentiality of information by employees and other persons on the basis of employment and civil law contracts. 22

In all of the listed cases, such actions must be taken in a timely manner (in advance), and a confidentiality/secrecy regime will be established in relation to the information only after all of the listed measures have been taken. With regard to personal data, the legislator refused such clear regulation of the operator’s actions for unclear reasons. In particular, it seems quite possible to create a list of personal data, the processing of which is carried out by a specific operator. Law in Art. 5 indicates that personal data should not be redundant and exceed the volume necessary to achieve pre-stated goals, which means that a specific list of them can and should be generated in advance. The same applies to personal data, the processing of which is permitted by law (personal data of employees) or contained in contracts between the subject of personal data and the operator (processing of personal data of clients, consumers, subscribers, etc.). Although their processing does not require appropriate notification to the body for the protection of the rights of personal data subjects or the latter’s consent, they would also need to be included in the list under consideration. The use of a special stamp would also make it possible to clearly indicate the information that is subject to the regime of confidentiality of personal data established by the Law.

Separately, it is worth considering the problem of protecting the confidentiality of personal data within the framework of labor relations. By analogy with other types of confidential information, such provisions should be included in employment contracts with employees who have access to confidential personal data. The same applies to warning employees about possible liability for the transfer, distribution of personal data, the obligation of employees upon dismissal to transfer all media and other material objects containing personal data to the employer, the obligation of the employee to maintain the confidentiality of personal data that became known to him during the performance of his labor function, after termination of employment contracts, etc. Unfortunately, the Law does not contain any of these provisions and, moreover, in principle does not single out the employee, i.e. an individual who, directly in the performance of his job duties, operates an information system, database/bank of personal data and has direct access to them.

A similar situation has arisen in the issue of access to information systems, databases/banks of personal data of third parties on the basis of civil contracts, in particular agreements/on technical support aimed at ensuring the uninterrupted functioning of information systems, databases/banks of personal data, and other similar cases .

Taking into account these recommendations would allow us to resolve many issues related to bringing perpetrators to legal responsibility and to differentiate it to a greater extent. Since, by analogy with other types of confidential information, most often the subject of liability is a special subject, i.e. a person who has permission/access to it legally and has voluntarily assumed obligations to maintain confidentiality.

Let us note another significant aspect related to protecting the confidentiality of personal data. Based on the Law, the main “confidant” in relation to personal data should be considered the “operator”, and in some cases third parties who have gained access to it. At the same time, the subject of personal data himself, being one of the participants in the relationship to protect their confidentiality, does not bear such an obligation by law. Moreover, he has a number of “exclusive rights” - the right to access his personal data, including the right to demand clarification, and also, most importantly, the right to lift the confidentiality regime at any time - agree to their public availability, communicate them or transfer them to third parties persons, other operators, and generally dispose of them at their own discretion. However, the operator, as a confidant, is presumably obliged to sometimes maintain the confidentiality of personal data that has actually become publicly known. For example, if they became such without the consent of the subject as a result of illegal actions, say, through publication in the media. In such cases, requiring continued confidentiality of information in most cases would simply be illogical, since this information has become publicly available. The public availability of personal data is clearly conditioned by two conditions - the consent of the subject or a direct requirement of the law (for example, the provisions of Article 7 of the Federal Law “On Combating the Legalization (Laundering) of Proceeds from Crime and the Financing of Terrorism” 23, which provides for the identification of a person when committing large transactions and transfer of this information to the relevant government agencies). Therefore, in the absence of the above two conditions in the situation under consideration, the operator would still be obliged to maintain their “confidentiality”, paradoxically. Otherwise, this would be a direct violation of the rights of the subject, who could suffer if information about his private or personal life contained in personal data became the subject of general discussion.

Some of these problems in determining the content of the legal regime for the confidentiality of personal data can be explained by the peculiarities of the nature of personal data, which is closely related to the right to respect for the privacy of an individual, personal and family secrets. Some Russian authors, for example V.N. Lopatin, in this regard, directly point to personal data as an institution for protecting the right to privacy 24. This state of affairs explains the need for a special approach to personal data when processing it, regardless of the existence of a regime limiting access to it, since their use should not violate the general fundamental rights of the individual, such as the right to privacy, personal and family secrets.

Another part of the problems is explained by the fact that personal data, if there is a requirement for their confidentiality, which is reasonably presumed, including on the basis of a consistent analysis of the provisions of the Law, can be classified as “derived” secrets 25 or categories of restricted access information. This, in turn, requires their owner to take unconditional measures to protect their confidentiality, since in this case it is not his rights and interests that are protected, but the rights and interests of other persons, in particular fundamental human rights and freedoms. Therefore, according to the authors, in the absence of a direct interest of the owner in protecting the confidentiality of personal data, there is a need to clearly articulate his responsibilities in this case.

The last thing worth noting when characterizing personal data as confidential information is related to their relationship in this capacity with other categories of information with limited access, which can present some difficulties. On the one hand, personal data is associated with the need to protect the private life of an individual, an area that, according to most modern authors 26, can hardly be clearly defined; on the other hand, almost all definitions, including legislative ones, characterize them as “any information which can be associated with or identified with an individual,” and therefore personal data can cover almost all areas of an individual’s life. It is quite obvious that, due to such a complex nature, they can potentially be protected under other confidentiality/secrecy regimes, in particular under the regime of state secrets, trade secrets, official secrets and many types of professional secrets (medical, notarial, adoption secrets, etc. ). A similar conclusion is prompted by an analysis of a number of provisions of the Law, within the meaning of which personal data simultaneously constitutes: state secrets (Part 2 of Article 1), personal and family secrets, secrets of private life (Articles 2, 12), medical secrets (Clause 3–4, part 2, article 10 and article 12), the secrecy of the investigation (l. 6, part 2, article 10), the secrecy of justice and operational investigative activities (art. 11). It is quite obvious that, with some exceptions, such information will be subject to both the requirements of the legislation on the protection of personal data and other special legislation.

In conclusion, we will express a general judgment about some imperfections of the Russian Law in terms of defining personal data as restricted or confidential information, which has already been noted by other authors, in particular N.I. Petrykina 27. As possible ways to improve the provisions of the legislation, the authors see it advisable to formulate the following proposals and conclusions.

Firstly, it is worth introducing into the legislative matter the concept of “confidential personal data”, i.e. personal data that, in accordance with the law on personal data, is subject to a special legal regime for restricting access to it - the regime of confidentiality of personal data.

Secondly, the law on personal data should highlight the main organizational measures to establish a regime of confidentiality of personal data. These measures include: the operator establishing a list of confidential personal data that he processes, determining the circle of subjects who will have access to it, establishing rules for the use of relevant details on tangible media containing confidential personal data.

Thirdly, indicate in the law on personal data as subjects of relations for protecting the confidentiality of personal data, the “owner” of the information system, database/bank of personal data, and directly the “operator” of the information system, database/bank of personal data, i.e. a person who, on the basis of an employment or civil law contract, operates and maintains such an information system and has access to personal data. Determine the features of their legal status and responsibility.

Development of legislation on the protection of personal data

The Institute of Personal Data is a fairly young institution by legal standards. Its formation is closely connected with the development of constitutional rights and freedoms of man and citizen, and first of all, with the right to privacy.

The right to privacy as a legal category originated in the United States. In English, all aspects of private life are designated by a single term “privacy”, which has no literal equivalent in Russian. One of the first attempts to formulate the essence of the concept of “privacy” was made in 1890 by famous American lawyers Samuel Warren and Louis Brandeis, who defined it as “the right to be alone” - the right to be left alone or the right to be left to oneself 28 . In their article "The Right to Privacy" in the Harvard Law Journal, they argued that privacy was being jeopardized by new inventions and business practices, and argued for the need for a special "right of privacy." With the development of scientific and technical progress We are increasingly convinced of the validity of these provisions.

The activities of American courts played a huge role in the formation and formulation of the right to privacy. Thus, in 1965, in the case of Griswold v. Connecticut US Supreme Court Justice Douglas derived the right to privacy from the first five amendments to the US Constitution, recognizing that these amendments “protect various aspects of privacy.” The words he said summarizing the court's decision are widely known: "We are dealing with a right to privacy that is older than the Bill of Rights."

The concept of privacy, formed in the USA, had a great influence on the formation of the modern system of human rights and freedoms. On December 10, 1948, the UN General Assembly approved the Universal Declaration of Human Rights, Article 12 of which established that no one shall be subjected to arbitrary interference in his personal and family life, arbitrary attacks on the inviolability of his home, the privacy of his correspondence or his honor and reputation. ; Every person has the right to the protection of the law from such interference and such attacks 29 .

In 1950, a similar rule was enshrined in Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms in the following wording: “everyone has the right to respect for his private and family life, his home and his correspondence.” Thanks to these documents, the right to privacy has been recognized as an inalienable right of every person.

With the development of information technology, attention and interest in the issue of privacy began to increase significantly. New technologies and tools have emerged for collecting, storing and processing data relating to both the personal lives of individuals and their public activities. In law, the issue of adopting special rules for regulating the collection and processing of personal data as an increasingly popular object of economic turnover has arisen. At this time, the most active development of regulations on the protection of personal data is observed in Europe.

The principles laid down in the European Convention for the Protection of Rights and Fundamental Freedoms are further developed in the special provisions of the Council of Europe Convention 108 for the Protection of the Rights of Individuals with regard to Automatic Processing of Personal Data of 1981, which considers data protection as the protection of the fundamental rights and freedoms of individuals, in particular, their rights to privacy in relation to the processing of personal data.

Subsequently, Directive No. 95/46EC of the European Parliament and of the Council of 24 October 1995 on the protection of the rights of individuals with regard to the processing of personal data and on the free movement of such data laid the foundations for a pan-European system for the protection of personal data. In 2000, the EU Charter of Fundamental Rights established the right to the protection of personal data as a fundamental right in its own right.

These are the main stages in the formation of a regulatory mechanism for the protection of personal data on the European continent. The final stage of its formation was the adoption of national laws of EU member countries aimed at regulating issues of personal data protection.

The world's first special Personal Data Protection Law was adopted by the German state of Hesse in 1970. Before this, there were no such laws anywhere in the world. Over the past 30 years, more than 20 European countries have adopted regulations on the protection of personal data, which established real mechanisms for legal regulation of the circulation of personal data. It should be noted that the creation of regulations in this area proceeded independently along with the development of legislation on the protection of the right to privacy. thirty

In Russia, certain elements of the right to privacy were legislated and analyzed back in the pre-revolutionary period. Thus, the Postal Charter of 1857 and the Telegraph Charter of 1876. secured the secrecy of correspondence, criminal legal protection of this secret was carried out on the basis of the norms of the Code on Criminal and Correctional Punishments of 1845, the Criminal Code of 1903. Thus, in the Criminal Code of 1903. (Articles 162-170) a ban was established on the interference of officials in the personal and family life of a person during the administration of justice.

After the revolution, the approach to the problem of human rights changed significantly. Thus, the Constitution of the RSFSR of 1918, although it contained a section on human rights entitled “Declaration of the Rights of the Working and Exploited People” (the declaration was adopted earlier at the III All-Russian Congress of Soviets), but did not secure even basic rights, a minimum of personal, political, economic, cultural human rights. It included only a ban on exploitation, the right to equal land use, the liberation of the working masses from the yoke of capital, and the right of workers to manage.

In 1924, a new constitution was adopted - the Constitution of the USSR, which no longer contained the Declaration of Rights. Of the human rights, only national freedom, equality, and single union citizenship were proclaimed. Along with this, in the Constitution of the USSR, a separate chapter was devoted to the establishment of the United State Political Administration, which led repressions that violated all human rights, in order to combat political and economic counter-revolution, espionage and banditry.

For the first time, a chapter on the rights and responsibilities of citizens appeared in the Constitution of the USSR, adopted on December 5, 1936. on the eve of the mass repressions of 1937-1938. The Constitution enshrined a wide range of personal rights and freedoms, such as freedom of conscience (Article 124), personal inviolability (Article 127), inviolability of home and privacy of correspondence (Article 128). In theoretical terms, this was a serious achievement of Soviet law, but in practical terms, it was just a formality.

Thus, by order of the NKVD of the USSR dated December 29, 1939, it was ordered to stenograph all international telephone conversations without exception of employees of foreign embassies and foreign correspondents, and also by decision of the decision-making bodies, censorship of all incoming and outgoing international correspondence was introduced.

Not only were international relations controlled by state security agencies, but within the state, “a large place in the control over individuals and society was given to the use of informants.”

Despite the obvious violation of the right to privacy by such practices, such actions are justified by states as necessary security measures.

Already in the 1940s, with the expansion of repressive and punitive policies towards dissidents, with the tightening of the totalitarian regime, the problem of human rights was actually “closed”.

The issue of human rights was raised again only during the political “thaw” of the late 1950s and early 1960s, when the first theoretical studies on political and legal doctrines appeared in the USSR.

In 1977 in connection with the ratification of the International Covenant on Civil and Political Rights of December 16, 1966. The new Constitution of the USSR was adopted. Constitution of the USSR 1977 became the first and only constitution in the entire Soviet period to include in a separate section a standard set of civil, political, economic, social and cultural rights for developed European countries. Articles 54-56 of the USSR Constitution of 1977 citizens were guaranteed the inviolability of personality, home, as well as the protection by law of personal life, the secrecy of correspondence, telephone conversations and telegraph messages. In Art. 57 of the USSR Constitution of 1977 it was stipulated that respect for the individual, protection of the rights and freedoms of citizens is the responsibility of all government bodies, public organizations and officials.

For the first time in Russia, the right to privacy as an independent right was formulated in the Declaration of Rights and Freedoms of Man and Citizen, adopted on the eve of the collapse of the union state by the Supreme Council of the RSFSR on November 22, 1991. It provides for a ban on the collection, storage, use and dissemination of information about a person’s private life without his consent. Subsequently, this norm will be enshrined in the Constitution of the Russian Federation of 1993 31.

In 1995, the Federal Law “On Information, Informatization and Information Protection” dated February 20, 1995. No. 24-FZ for the first time legislated the concept of personal data. According to Article 2 of the said Federal Law, personal data is information about the facts, events and circumstances of a citizen’s life that allows him to be identified. In addition, this law established general principles for the collection and use of information about citizens; according to this law, personal data was classified as confidential information.

It should be noted that the development of a special law on the protection of personal information began in Russia even before the adoption of Directive 95/46/EC of the European Parliament and the Council of Europe on October 24, 1995 “On the protection of the individual in relation to the processing of personal data and the free circulation of this data.” The initial draft law with the working title “On Personal Information” was developed in 1998 by the Committee on Information Policy and Communications of the State Duma of the Russian Federation with the participation of a working group of experts in the field of information legislation. However, this draft law was never considered in the State Duma of the Russian Federation. Then, after more than two years, another working group was formed in the Security Council of the Russian Federation, which prepared the draft of the subsequently adopted Federal Law “On Personal Data” dated July 27, 2006. No. 152-FZ 32.

The fundamental rules governing relations regarding personal data are contained in the Federal Law “On Personal Data”. In accordance with paragraph 1 of Art. 3 of this Law, personal data is any information relating to an individual identified or determined on the basis of such information (subject of personal data), including his last name, first name, patronymic, year, month, date and place of birth, address, family, social , property status, education, profession, income, other information.

In accordance with Part 1 of Art. 85 of the Civil Code of the Russian Federation, personal data of an employee means information necessary for the employer in connection with labor relations and relating to a specific employee. The evaluative nature of this definition reflects only the general approach of the legislator to the category of employee personal data. An employer may collect and process not any information about a person who is his employee, but only that which is directly related to his employment relationship.

General requirements for the processing of employee personal data and guarantee of their confidentiality

The employer's concentration of personalized information (personal data) about an employee presupposes its processing. According to the definition given in Part 2 of Art. 85 of the Labor Code of the Russian Federation, processing of personal data is the receipt, storage, combination, transfer or any other use of an employee’s personal data.

From this definition it follows that the processing of an employee’s personal data covers all stages of working with information about the employee - from receipt to transfer of it to other persons.

General requirements that must be observed when processing an employee’s personal data, as well as guarantees for their protection, are established in order to ensure the rights and freedoms of man and citizen in Art. 86 of the Labor Code of the Russian Federation, which includes nine points, each of which formulates one of the requirements classified as general.

So, paragraph 1 of Art. 86 of the Labor Code of the Russian Federation requires that the processing of an employee’s personal data is carried out solely for the purpose of ensuring compliance with laws and other regulations, assisting employees in employment, training and promotion, ensuring the personal safety of employees, monitoring the quantity and quality of work performed and ensuring the safety of property. The issue of the purposes of collecting personal data in the public service system is resolved in a similar way. Thus, in the Regulations on the personal data of a state civil servant of the Russian Federation and the management of his personal file in this regard, approved by Decree of the President of the Russian Federation of May 30, 2005 No. 609, it is stated that when receiving, processing, storing and transferring personal data of a civil servant, the personnel service of the state the body is obliged to comply with the requirements, the list of which is given in Art. 5 of this Decree.

The first of these requirements states that the processing of personal data of a civil servant is carried out in order to ensure compliance with the Constitution of the Russian Federation, federal laws and other regulatory legal acts of the Russian Federation, to assist the civil servant in passing the state civil service of the Russian Federation, in training and job growth, to ensure personal the safety of a civil servant and his family members, as well as in order to ensure the safety of his property and the property of a state body, recording the results of his performance of official duties. 33

Clause 2 of Art. 86 of the Labor Code of the Russian Federation establishes that when determining the volume and content of an employee’s personal data to be processed, the employer must be guided by the Constitution of the Russian Federation 34, the Labor Code of the Russian Federation and other federal laws.

This requirement should be considered as limiting the right of the employer to determine the volume and nature of information about the employee that it needs to organize effective labor relations with the employee. When collecting information about an employee, the employer must not go beyond the limits established by the Constitution of the Russian Federation, the Labor Code of the Russian Federation and other federal laws.

Thus, the employer must not violate the rights and freedoms of man and citizen guaranteed by the Constitution of the Russian Federation and demand from the employee information that violates his right to privacy, personal and family secrets (Article 23), independently determine and indicate his nationality (Article 26).

In the Labor Code of the Russian Federation, the volume and nature of personal information about the employee that the employer must receive are determined by Art. 65, which establishes a list of documents submitted by a citizen to the employer when applying for a job, and prohibits requiring from a person applying for work other documents other than those provided for by the Labor Code of the Russian Federation, other federal laws, presidential decrees and decrees of the Government of the Russian Federation.

As already noted, from these documents the employer can obtain information about the employee’s last name, first name, patronymic, his age, date and place of birth, place of residence, the presence or absence of children, family responsibilities, work experience, registration in the state pension system insurance, military registration status, education, qualifications, availability of special knowledge, etc.

CHAPTER II. PROCEDURE FOR WORKING WITH CONFIDENTIAL INFORMATION ABOUT AN EMPLOYEE

Confidential documents are those containing information known only to a certain circle of persons, not subject to public disclosure, and access to which is limited.

Confidential documents include documents that have access restrictions: “confidential”, “trade secret”, “for official use”.

The legislation of the Russian Federation provides for liability for unauthorized access, disclosure or sale of information bearing such stamps.

Employees authorized to access confidential documents must undergo training and familiarize themselves with instructions for working with confidential documents.

Organization of office work ensuring the safety and recording of confidential documents provides for:

appointment of an official responsible for their recording, storage and use;

procedure for preparing and reproducing documents;

separate registration of documents;

formation of cases;

organization of issuance and storage of documents;

checking the availability of documents;

archival storage and destruction procedures.

Printed and signed documents are submitted for registration to the official responsible for their registration. Drafts, versions of the document, files are destroyed with confirmation of the fact of destruction by an entry on a copy of the document.

Reproduction of confidential documents is carried out:

with the permission of the enterprise management;

with a limited number of copies;

in a specially designated room;

in the presence of the official responsible for the document;

with immediate destruction of defective copies.

Confidential documents must be recorded separately from other documentation in the Confidential Documents Log.

The sheets of the registration logs are numbered, stitched, sealed, and their total number is indicated (in numbers and in words) on the certification sheet.

All incoming confidential documents are accepted and opened by a specially appointed official.

Upon receipt, the following is checked: the number of sheets; number of copies; availability of attachments to the document.

Confidential documents are formed into a separate file, which must have: an access restriction stamp; a list of employees authorized to use this file; numbering of sheets; internal inventory of documents; certification sheet.

Files with confidential documents are stored in a sealed safe, in a specially designated room equipped with security equipment.

The issuance and return of confidential documents must be reflected in the “Register of Issuance of Confidential Documents.”

When issuing a document, the document number is checked against the number in the journal; the number of sheets is checked; The recipient of the document is signed and dated.

When returning a document, the document number is checked against the number in the journal; the number of sheets is checked; a return mark is placed; The signature of the recipient of the document and the date of return are affixed.

Prohibited:

removal of confidential documents from files;

moving them from one case to another without permission from management and marks in the “Logbook of the issuance of confidential documents”;

unauthorized removal of confidential documents from the office. Confidential document personnel registration index.

The availability of confidential documents is checked to ensure their safety; preventing leakage of confidential information.

When establishing the fact of loss of a confidential document:

The head of the enterprise is informed:

security Service;

measures are being taken to search for the document.

A report is drawn up regarding the lost document, and a corresponding note about the loss is entered in the “Registration Journal of Confidential Documents”.

An expert commission of the enterprise annually selects confidential documents for archival storage or destruction.

Archival storage of confidential documents is carried out in sealed boxes in premises that exclude unauthorized access.

The destruction of confidential documents is carried out with the drawing up of an act approved by the head of the enterprise; in the presence of the commission; using a special machine (shredder) or in any other way that excludes the possibility of restoring the information contained in them.

1. HR service work with personal data

The specificity of the protection of personal data of persons carrying out their professional activities on the basis of an employment contract is manifested in the fact that the fundamental requirements for the processing of personal data are established by federal legislation, and the procedure for carrying out individual operations with an employee’s personal data (collection, storage, use, distribution) may be detailed in local legal acts. In accordance with paragraph. 7 hours 1 tbsp. 22 of the Labor Code of the Russian Federation, employers have the right to adopt local regulations, which may reflect issues of protecting confidential information. 35

One of these local regulations is the Personal Data Regulations. The Regulations define the basic requirements for the procedure for receiving, storing, combining, transferring or any other use of an employee’s personal data in connection with labor relations in the organization.

The development and use of an effective system for ensuring the security of personal data of workers is one of the important parts of the personnel safety management system, the system for protecting the life and health of workers. 36

The main document regulating the relationship between employer and employee is the employment contract, when concluding which the provisions of Federal Law No. 152-FZ of July 27, 2006 “On Personal Data” 37 should be taken into account. It came into force on January 1, 2007 and regulates relations in the field of collection, modification and transfer of information by federal government bodies of the Russian Federation and its constituent entities, as well as legal entities and individuals with and without the use of automation tools. The purpose of this law is to protect human rights and freedoms when processing his personal data, including the rights to privacy, personal and family secrets.

According to Art. 2 of the Law on Personal Data any information relating to an individual identified or determined on the basis of such information (subject of personal data), including: 38

Full Name;

year, month, date and place of birth;

• family, social, property status;

  education;

  profession;

  income and other information are recognized as personal data.

This list is not closed - it can include almost all information about the employee that the employer receives.

In addition to this Art. 10 and 11 of the Personal Data Law establishes special data that is subject to increased protection measures against unauthorized processing and distribution. This is information regarding:

race, nationality;

political views, religious or philosophical beliefs;

state of health, intimate life of an individual, as well as biometric personal data - information characterizing the physiological characteristics of a person. 39

Principles and conditions for information processing

The processing of personal data includes all actions and operations with them, including collection, systematization, accumulation, storage, clarification (updating, changing), use, distribution (transfer), depersonalization, blocking and destruction. According to the law, these are ordinary business operations of the institution, which both the manager and the accounting service often encounter.

In accordance with paragraph 1 of Art. 6 of the Law on Personal Data, data processing is possible only with the consent of the employee. Therefore, when applying for a job, it is necessary to obtain from him a written statement of consent to data processing. In such a statement, the employee must inform:

last name, first name, patronymic, address, identification document number, information about the date of issue and the authority that issued it;

name and address of the institution that received consent to use personal data;

purpose of data processing;

list of personal data to which the employee agrees to be processed;

a list of actions to which consent is given, a general description of the methods of processing information used by the institution;

the period during which the consent is valid, as well as the procedure for its withdrawal (Clause 4 of Article 9 of the Law on Personal Data).

Let's provide a sample employee application (see appendix).

During the course of their work, any employee may face close attention from intruders or competitors - both their own and those of the organization in which they work. The article is devoted to the issues of ensuring personnel safety based on the protection of personal data of employees.

The safety of its own personnel is one of those areas that must be ensured by the organization in the first place.

Personnel safety is the state of protection of workers - the most important resource of the enterprise - from external and internal threats, material, moral or physical harm as a result of accidental or deliberate actions.

Personnel safety management is a complex problem, which represents the management of a set of organizational and technical measures that reduce threats to personnel safety in enterprises. 40

Here is an approximate list of some potential threats to personnel: 41

direct poaching of leading managers and specialists by competitors;

recruitment of employees by competing and criminal structures, and in some cases by law enforcement agencies;

blackmail or direct threats against specific employees in order to induce them to violate trust on the part of the employer (i.e., commit various official violations);

attacks on employees (primarily senior managers) and members of their families.

Such threats can be implemented in any organization and in relation to any employee in whom, for one reason or another, interest has appeared on the part of attackers. The implementation of such threats is possible due to the attackers’ knowledge of personal information and personal specific data about the employee.

The work of personnel services is always associated with the accumulation, formation, processing and use of significant amounts of information about all categories of employees. This information refers to personal data, which inherently reflects the personal and family secrets of employees, their private life and is included in the range of information that is subject to protection from unauthorized access. Uncontrolled dissemination of personal data can cause significant damage to both the individual - the subject of personal data, and the organization within whose walls confidential information was leaked.

In organizing the protection of personal data at the local level, special attention should be paid to the basic requirements for correct, competent, qualified personnel work, the professional level of training and information and legal culture of personnel department employees. Failure by employees of HR departments to comply with organizational conditions aimed at protecting the personal data of employees may contribute to the formation of channels for the leakage of confidential information.

Main aspects of transferring employee personal data and information protection when working with personal data on a computer

Established in Art. 86 of the Labor Code of the Russian Federation, the general requirements for processing employee personal data are designed to ensure the safe storage and use by the employer of confidential information about employees. The main purpose of these requirements is to ensure compliance with the constitutional rights of employees to the inviolability of personalized information about them. The employer must know and take into account these general requirements, first of all, when developing rules for their receipt, processing, storage, use, and transfer to third parties. 42

By imposing on the employer the obligation to develop and implement these rules, Art. 87 of the Labor Code of the Russian Federation determined that these rules are established by the employer in compliance with the requirements of the Labor Code of the Russian Federation and other federal laws. They must ensure compliance with the law when storing employee personal data and the inaccessibility of this information to persons who do not have permission to work with documents and other sources of information about the employee’s identity.

All documents and materials containing the employee’s personal data together form his personal file. It contains the employee’s application for employment, his application form, copies of documents on education, qualifications, an order (instruction) on hiring, a copy of the employment contract, all standard unified forms of primary accounting documentation for personnel work and labor accounting provided for by regulations and its payment. 43 The file also includes the employee’s resignation letter, the materials that served as the basis for the termination of the employment contract or its termination, and the order (instruction) of the employer that terminated the employment relationship with the employee.

The general procedure for maintaining and storing an employee’s personal file is established by the employer, and it is usually maintained by employees of the HR departments or other services of the employer. For them, the employer establishes special obligations to ensure the safety and confidentiality of information that forms the personal data of employees. These responsibilities must be included in the employment contracts of employees whose job function is to process the employees’ personal data.

When developing and adopting rules for the storage and use of employees’ personal data, the employer must establish storage periods for various documents and materials, both those that form the employee’s personal file and those that are not included in it. 44 At the same time, the employer must take into account that the storage periods for the most important documents containing personal data of employees are determined by various regulations, among which are the List of standard management documents generated in the activities of organizations, indicating their storage periods, approved by the head of the Federal Archival Service of Russia October 6, 2000

In particular, in accordance with this List, personal files (applications, autobiographies, copies of orders and extracts from them, copies of personal documents, characteristics, personnel records sheets, questionnaires, certification sheets, etc.) of the head of the organization, members of management, executive, control organs of the organization, as well as employees with state and other titles, prizes, awards, academic degrees and titles are stored permanently.

Similar documents of other employees are kept for 75 years.

Also, employment contracts, characteristics, personal cards, and other materials (including temporary workers) that are not included in personal files are stored for 75 years.

Work books and duplicate work books that were not received by employees upon dismissal or in the event of the employee’s death were not received by his immediate relatives are stored for two years in the employer’s personnel service separately from other work books. After the specified period, unclaimed work books are stored in the organization’s archives for 50 years, after which they are subject to destruction in the prescribed manner.

Documents of persons not hired (application forms, autobiographies, personnel records, applications, letters of recommendation, resumes, etc.) are stored by the employer for one year. 45

During the validity of the employment contract with the employee, as well as during the storage period of documents containing personal data about the employee, this data is used by the employer, including transferred to other persons, as a result of which information about the employee may become widely disseminated.

According to the general rule enshrined in Art. 88 of the Labor Code of the Russian Federation, the transfer by the employer of the employee’s personal data to other persons is allowed only if there is a voluntary expression of the will of the employee, confirmed by his written statement. Exceptions to this rule may be provided for by the Labor Code of the Russian Federation and other federal laws, for example, to ensure the safety of workers.

In general, Art. 88 of the Labor Code of the Russian Federation “Transfer of personal data of an employee” establishes seven requirements that an employer must comply with when transferring information about an employee to other persons. 46

The first of these requirements prohibits the employer from disclosing the employee’s personal data to a third party without the employee’s written consent, except in cases where this is necessary in order to prevent a threat to the life and health of the employee, as well as in other cases provided for by the Labor Code of the Russian Federation or other federal laws.

It follows that the employer can disclose the employee’s personal data to a third party only with the written consent of the employee. Without such consent, the employer may disclose the employee’s personal data to a third party only in two cases: a) when this is necessary in order to prevent a threat to the life and health of the employee, for example, transferring information about the blood type of a person in serious condition; b) in other cases provided for by federal legislation. 47

Thus, federal laws provide for the mandatory sending by employers of relevant information about their employees to the Social Insurance Fund, the Pension Fund, tax authorities, state supervision and control bodies for compliance with labor legislation, executive authorities and trade unions participating in the investigation of accidents. cases in production, to the court, to the prosecutor, to the preliminary investigation and inquiry authorities.

In accordance with Art. 357 of the Labor Code of the Russian Federation, state labor inspectors, when carrying out supervisory and control activities, have the right to request from employers and receive from them free of charge documents and information necessary to perform supervisory and control functions, including personal data of employees.

According to the instructions contained in Part 2 of Art. 228 of the Labor Code of the Russian Federation, in the event of an industrial accident that causes harm to the health of two or more people or causes death, the employer (his representative) is obliged to send the necessary information about this within 24 hours: to the relevant state labor inspectorate; to the prosecutor's office at the scene of the accident; to the federal executive body according to departmental affiliation and to the executive body of the constituent entity of the Russian Federation; to the organization that sent the employee with whom the accident occurred; to territorial associations of trade union organizations; to the insurer on issues of compulsory social insurance against accidents at work and occupational diseases.

In the event of an accident, this information is sent to the same authorities by any employer - both an organization and an individual. 48

The second requirement contained in Art. 88 of the Labor Code of the Russian Federation, prohibits an employer from disclosing an employee’s personal data for commercial purposes without his written consent.

The importance of an employee’s personal data, like that of any citizen, from the point of view of its commercial and other significance cannot be overestimated. They have always been in demand in the activities of the state, which collected information about its citizens in various information banks, and by creditors and employers, who requested or demanded from citizens a variety of information about them - name, date and place of birth, address of residence, availability family, education, etc.

With the advent of the era of computers and telecommunications technologies, confidential information that forms the personal data of a citizen becomes practically publicly available. Reducing the time and financial resources required to obtain it has made such information an object of business, a profitable type of entrepreneurial activity (not always legal). This is evidenced by the presence in computer markets of a large number of different databases containing personal information about citizens as subscribers of telephone networks, owners of motor vehicles, owners of real estate, and taxpayers. They provide fairly complete information about the person, date and place of birth, place of residence, information about diseases, habits, hobbies, passions, etc. 49

Information about an employee for commercial purposes may be provided by the employer to business partners as their representatives in order to ensure trust in them from the counterparty. The employee must be aware of the volume and nature of such information, since the analyzed norm requires obtaining the written consent of the employee in order to use personal information for commercial purposes.

The third requirement obliges the employer to warn the persons receiving the employee’s personal data from him that this data can only be used for the purposes for which it was communicated, and require these persons to confirm that this rule has been complied with.

Persons receiving the employee’s personal data are required to observe the secrecy (confidentiality) regime for the processing and use of the received information. This provision does not apply to the exchange of personal data of employees in the manner established by the Labor Code of the Russian Federation and other federal laws.

Fourthly, the employer is obliged to ensure the transfer of the employee’s personal data within one organization, from one individual entrepreneur, in accordance with a local regulatory act, with which the employee must be familiarized with his signature.

Such local regulations can be developed as an independent document (regulations, instructions) or as an annex to a collective agreement. They must take into account current legislation, instructions and regulations regarding the access of citizens to information related to state and other types of secrets.

The fifth requirement provided for in Art. 88 of the Labor Code of the Russian Federation, establishes that the employer must allow access to personal data of employees only to specially authorized persons. In this case, these persons should have the right to receive only those personal data of the employee that are necessary to perform specific functions.

Without additional permission, only persons presenting such documents, their executors, employees who endorsed, signed or approved the document, as well as persons indicated or named in the text of the document are allowed to access documents containing personal data of an employee.

The sixth requirement states that the employer does not have the right to request information about the employee’s health status, with the exception of that information about his health that is necessary to consider the issue and make a decision on the possibility of the employee performing a specific job function stipulated by the employment contract.

Information about a citizen’s health status is a medical secret. Transferring it to anyone is permitted only with the consent of the employee or his legal representative. The exception is cases when information about the employee’s health status is transferred to the employer when there is a threat of the spread of infectious diseases, mass poisonings and injuries, or if there are grounds to believe that harm to the citizen’s health was caused as a result of illegal actions. Information about the state of a citizen’s mental health can be transferred to the employer only in cases established by federal laws, for example, the law “On psychiatric care and guarantees of citizens’ rights during its provision.”

The employer is provided with information about the employee’s health status necessary to decide whether he can perform a specific job function in the form of a medical report with a conclusion about the employee’s compliance or non-compliance with the health status of a specific position or type of work.

Finally, the seventh requirement provided for in Art. 88 of the Labor Code of the Russian Federation, states that the employer is obliged to transfer the employee’s personal data to employee representatives in the manner established by the Labor Code and other federal laws, and limit this information only to those employee personal data that are necessary for the said representatives to perform their functions.

Employee representatives, for example, an elected trade union body, are a third party when it comes to obtaining employee personal data. Therefore, the transfer of this information by the employer to them is carried out in accordance with the restrictions and rules established by Art. 88 Labor Code of the Russian Federation. Employee representatives are required to observe the confidentiality regime of the employee’s personal data received by them. 50

The range of information about the employee transmitted to employee representatives is determined by the functions and powers of the representatives. The general function of any employee representative in the field of labor relations is participation in collective negotiations to conclude a collective agreement, in resolving collective labor disputes, and in defending an employee in the process of an individual labor dispute. Therefore, personal information about employees can serve to develop the terms of a collective agreement, resolve a collective conflict, make a decision on an individual labor dispute, ensure the interests of a given employee, and improve working conditions for all or certain categories of employees. 51

An important role in protecting personalized information about an employee is assigned to the employee himself as a party to the employment contract. In order to ensure the protection of personal data stored by the employer, Art. 89 of the Labor Code of the Russian Federation gives employees the right: 52

to full information about their personal data and the processing of this data;

free free access to your personal data, including the right to receive copies of any record containing the employee’s personal data, except in cases provided for by federal law;

identifying your representatives to protect your personal data;

access to medical data relating to them through a medical professional of their choice;

requirement to exclude or correct incorrect or incomplete personal data, as well as data processed in violation of the requirements of this Code or other federal law. If the employer refuses to exclude or correct the employee’s personal data, he has the right to declare in writing to the employer his disagreement with the appropriate justification for such disagreement. The employee has the right to supplement personal data of an evaluative nature with a statement expressing his own point of view;

the requirement that the employer notify all persons who were previously informed of incorrect or incomplete personal data of the employee about all exceptions, corrections or additions made to them;

appealing to the court any unlawful actions or non-actions of the employer in the processing and protection of his personal data.

Providing for the rights and obligations of the parties to an employment contract aimed at protecting the employee’s personal data, Art. 90 of the Labor Code of the Russian Federation “Responsibility for violating the rules governing the processing and protection of an employee’s personal data” The Code establishes that persons guilty of violating the rules regulating the receipt, processing and protection of an employee’s personal data are subject to disciplinary and financial liability in the manner established by the Labor Code and other federal laws, and are also subject to civil, administrative and criminal liability in the manner prescribed by federal laws. 53

As you can see, this norm is of a reference-blanket nature, since it refers to the norms of labor law providing for disciplinary liability, as well as to the norms of other branches of law that establish the rules for obtaining, processing and protecting personal data of an employee, for violation of which administrative, civil penalties are established. -legal or criminal liability.

According to the authors of the Commentary to the Labor Code of the Russian Federation 54, the list of types of legal liability specified in Art. 90 of the Labor Code of the Russian Federation is not exhaustive, since persons guilty of violating the rules for working with an employee’s personal data can also be held financially liable. Moreover, both the employer and the employees who directly process the employees’ personal data can be held liable for financial violation of the rules governing the procedure for obtaining, processing and protecting an employee’s personal data.

Administrative liability in the form of a fine in the amount of 5 to 10 minimum wages for officials, and for legal entities - from 50 to 100 or more minimum wages may occur for the commission of such offenses provided for by the Code of the Russian Federation on Administrative Offenses, such as :

refusal to provide a citizen with information, documents collected in the prescribed manner, materials directly affecting his rights and freedoms, or untimely provision of such documents and materials, failure to provide other information in cases provided for by law, or provision of incomplete or deliberately false information to a citizen (Article 5.39 );

violation of the procedure established by law for the collection, storage, use or dissemination of information about citizens (personal data) (Article 13.11);

violation of information protection rules, with the exception of information constituting a state secret (Article 13.12);

illegal activities in the field of information protection (Article 13.13);

disclosure of information, access to which is limited by federal law (except for cases where disclosure of such information entails criminal liability), by a person who has gained access to such information in connection with the performance of official or professional duties (Article 13.14 of the Code of Administrative Offenses of the Russian Federation).

Subjects of administrative liability for violation of the legally established procedure for collecting, storing, using or distributing information about citizens and for violating information protection rules can be both employers - individuals and employers - legal entities (organizations), their managers and specific employees performing labor duties. functions related to the collection, storage, and use of personal data of employees. 55

Civil liability for violation of the rules governing the receipt, processing and protection of an employee’s personal data occurs if such violation causes damage to inalienable human rights and freedoms and other intangible benefits, which include honor and good name, business reputation, inviolability privacy, personal and family secrets (Article 2, 150 of the Civil Code of the Russian Federation).

Civil liability may be expressed in the imposition of an obligation to compensate for property damage or compensation for moral damage. For example, moral damage to an employee may be caused as a result of the culpable dissemination of the employee’s personal data, in the case of providing third parties with false information about the employee containing information discrediting his honor, dignity, or business reputation.

Compensation for moral damage and protection of honor, dignity and business reputation of an employee is carried out on the grounds established by Art. 151, 152 of the Civil Code of the Russian Federation, in civil proceedings.

Criminal liability for violation of the rules for working with an employee’s personal data may occur provided that this violation contains elements of a crime against the constitutional rights and freedoms of a person.

Among them may be a violation of privacy (Article 137 of the Criminal Code of the Russian Federation), expressed in the illegal collection or dissemination of information about the private life of a person, constituting his personal or family secret, without his consent, or in the dissemination of this information in a public speech, publicly displayed work or the media, if these acts were committed out of selfish or other personal interest and caused harm to the rights and legitimate interests of citizens. This crime is punishable by a fine of up to 200,000 rubles. (Part 1) or a fine of up to 300,000 rubles. (Part 2), if it was committed with the use of official position, or other penalties alternatively provided for in the sanctions of Parts 1 and 2 of Art. 137 of the Criminal Code of the Russian Federation.

Another crime in this area is refusal to provide information to a citizen. In accordance with Art. 140 of the Criminal Code of the Russian Federation, this crime is expressed in the unlawful refusal of an official to provide documents and materials collected in the prescribed manner that directly affect the rights and freedoms of a citizen, or the provision of incomplete or knowingly false information to a citizen if these actions caused harm to the rights and legitimate interests of citizens.

This crime is punishable by a fine of up to 200,000 rubles. or in the amount of wages or other income of the convicted person for a period of up to 18 months, or by deprivation of the right to hold certain positions or engage in certain activities for a period of two to five years.

As noted by A.M. Lushnikov, persons guilty of violating the legislation on the processing of personal data of an employee may also be prosecuted under Art. 129 of the Criminal Code of the Russian Federation for libel, if the employer’s representatives allow, when processing the employee’s personal data, the dissemination of knowingly false information about him, discrediting his honor and dignity or business reputation, as well as under Art. 130 of the Criminal Code of the Russian Federation, if during the processing of an employee’s personal data, his honor and dignity will be humiliated in an indecent form, for example, using obscene language. 56

Unlawful access to computer information protected by law, in an electronic computer, computer system or their network, if this act entailed the destruction, blocking, modification or copying of information, disruption of the operation of the computer, computer system or their network - is punishable by a fine or corrective labor for a term of six months to one year, or imprisonment for a term of up to two years. 57

As is known, the implementation of Federal Law No. 152-FZ has been repeatedly postponed. The fact is that achieving compliance with the Federal Law requires the introduction of new IT products, the adoption of organizational measures and the modernization of the company’s business processes. But the greatest difficulties for Russian specialists are caused by the requirements of the law themselves, or rather, by their vagueness. Fulfilling some requirements has become an almost impossible task, since this requires considerable financial, technical and organizational resources. Thus, according to the calculations made, the protection of personal data in accordance with the law requires an increase in financial resources by 3-5 times.

Technical measures to protect information include: 58

means of protecting information from unauthorized access (NSD) (information access control systems; anti-virus protection; firewalls; means of blocking information input/output devices, cryptographic means, etc.);

means of protecting information from leakage through technical channels (use of shielded cables; installation of high-frequency filters on the communication line; installation active systems noise, etc.).

All information security software must undergo a compliance assessment in accordance with the established procedure.

Consequently, in order to ensure compliance with the requirements of Federal Law No. 152 - FZ, it will be necessary to significantly change the work with information and documentation containing personal data.

Actions to implement the requirements of Federal Law No. 152-FZ include:

1. Conducting an inventory of all systems processing personal data.

2. Availability of consents of subjects to the processing of their personal data.

3. Formation of a list of personal data, assessment of the legality of PD processing.

5. Formation of documents regulating work with personal data.

6. Formation of a threat model containing current threats to the information security of personal data during their processing.

7. Determination of the ISPD class and development of solutions to reduce the class of the information system. The procedure for classifying information systems was approved by the joint Order of the FSTEC of the Russian Federation, the FSB of the Russian Federation and the Ministry of Information Technologies and Communications of the Russian Federation dated February 13, 2008 No. 55/86/20. The purpose of the classification is to establish methods and means of protecting information necessary to ensure the security of personal data.

8. Approval of the classification act.

10. ISPD control.

When performing these actions, the personal data information system will comply with the requirements of the law. 59

Monitoring the protection of employee personal information

Control over compliance with the requirements of the law is entrusted to the Federal Security Service (FSB of Russia), the Federal Service for Technical and Export Control (FSTEC) and the Federal Service for Supervision of Communications, Information Technologies and Mass Communications (Roskomnadzor).

Each of these departments performs its own task. Thus, the FSB of Russia oversees the security of personal data during its processing in information systems, including information protection using encryption tools (cryptography).

The competencies of the FSTEC of Russia are the protection of information using technical means, including confirmation of the absence of undeclared capabilities in the means of protection. Technical means of protecting personal data must be certified.

Roskomnadzor is the main regulator in the field of protecting the rights of individuals whose personal data is processed. Employees of this department have the right:

check the information in the notification submitted by the operator;

take measures to suspend or terminate the processing of personal data carried out in violation of the requirements of the law;

go to court with statements of claim to protect the rights of subjects and represent their interests in court. And also send applications to the authority licensing the operator’s activities to consider taking measures to suspend his license;

send materials to law enforcement agencies to resolve the issue of initiating a criminal case in connection with a violation of the rights of personal data subjects;

bring to administrative responsibility persons guilty of violating the law.

Violation of the procedure established by law for the collection, storage, use or dissemination of information entails the imposition of an administrative fine on citizens from five hundred to one thousand rubles with confiscation of uncertified information security means, on officials - from one to two thousand rubles, and on legal entities - from ten to twenty thousand rubles with confiscation of uncertified funds.

Disclosure of information to which access is limited by federal law (except for cases where disclosure of such information entails criminal liability) by a person who had access to it for official or professional duties shall entail the imposition on officials of an administrative fine - from four thousand to five thousand rubles . 60

Unlawful access to computer information protected by law, in an electronic computer, computer system or their network, if this act entailed the destruction, blocking, modification or copying of information, disruption of the operation of the computer, computer system or their network - is punishable by a fine or corrective labor for a term of six months to one year, or imprisonment for a term of up to two years. 61

As is known, the implementation of Federal Law No. 152-FZ has been repeatedly postponed. The fact is that achieving compliance with the Federal Law requires the introduction of new IT products, the adoption of organizational measures and the modernization of the company’s business processes. But the greatest difficulties for Russian specialists are caused by the requirements of the law themselves, or rather, by their vagueness. Fulfilling some requirements has become an almost impossible task, since this requires considerable financial, technical and organizational resources. Thus, according to the calculations made, the protection of personal data in accordance with the law requires an increase in financial resources by 3-5 times. 62

All this indicates the need to further improve the regulatory framework governing relations regarding the processing of personal data.

In accordance with the current legislation, several types of liability are provided for violation of standards in the field of personal data protection (civil, material, disciplinary, administrative and criminal). For certain offenses, sanctions are established against not only individuals and officials, but also legal entities. Thus, holding certain types of liability is possible for both employees and employers.

Article 150 of the Civil Code of the Russian Federation includes personal integrity, privacy, personal and family secrets among the inalienable and inalienable intangible rights subject to legal protection. Civil liability for violation of privacy is directly related to the category of moral damage. If a citizen has suffered moral harm (physical or moral suffering) by actions that violate his personal non-property rights or encroach on other intangible benefits belonging to the citizen, as well as in other cases provided for by law, the court may impose on the violator the obligation of monetary compensation for the specified harm.

When determining the amount of compensation for moral damage, the court takes into account the degree of guilt of the offender and other circumstances worthy of attention. The court must also take into account the degree of physical and moral suffering associated with the individual characteristics of the person who suffered harm (Article 151 of the Civil Code of the Russian Federation) 63. In addition, a citizen has the right to demand in court a refutation of information discrediting his honor, dignity or business reputation, unless the person who disseminated such information proves that it is true. Disclosure and further use of a citizen’s image (including his photograph, as well as video recordings or works of fine art in which he is depicted) are permitted only with the consent of this citizen (Articles 152 and 153 of the Civil Code of the Russian Federation). Explanations of issues related to the infliction of moral harm are contained in the Resolution of the Plenum of the Supreme Court of the Russian Federation dated December 20, 1994 No. 10 “Some issues of application of legislation on compensation for moral harm.” Compensation for moral damage is carried out in monetary form. The nature of physical and moral suffering is assessed by the court, taking into account the actual circumstances in which moral harm was caused and the individual characteristics of the victim (Article 1101 of the Civil Code of the Russian Federation).

The employee's financial responsibility for the disclosure of information related to the personal data of other employees is assigned to him in the full amount of damage caused (clause 7 of Article 243 of the Labor Code of the Russian Federation). Cases of full financial liability are exceptions to general rule, which confirms the special importance of the institution of protecting personal data of employees in domestic labor law.

Disciplinary liability in the form of dismissal occurs for an employee who discloses a secret protected by law (including personal data of another employee). However, it is necessary that this information becomes known to the employee in connection with the performance of his job duties (go, “in” clause 6 of Article 81 of the Labor Code of the Russian Federation). In accordance with Art. 192 of the Labor Code of the Russian Federation, the involvement of an employee who has committed a disciplinary offense is a right, not an obligation of the employer. When imposing a disciplinary sanction, the employer must take into account the severity of the offense committed and the circumstances under which it was committed. Therefore, instead of dismissal, the employer has the right to impose a penalty on the guilty person in the form of a reprimand or reprimand. The rights and obligations of an employee with respect to access to the personal data of other employees are determined by his job function, other terms of the employment contract, as well as the content of local regulatory legal acts that determine the list of his job responsibilities.

Administrative liability for violation of the procedure established by law for collecting, storing, using or distributing information about citizens (personal data) entails a warning or the imposition of an administrative fine on citizens in the amount of 0.3 thousand to 0.5 thousand rubles; for officials - from 0.5 thousand to 1 thousand rubles; for legal entities - from 5 thousand to 10 thousand rubles. (Article 13.11 of the Code of the Russian Federation on Administrative Offenses (hereinafter referred to as the Code of Administrative Offenses of the Russian Federation)). Disclosure of restricted access information by a person who has gained access to such information in connection with the performance of official or professional duties shall entail the imposition of an administrative fine on citizens in the amount of 0.5 thousand to 1 thousand rubles; for officials - from 4 thousand to 5 thousand rubles. (Article 13.14 of the Code of Administrative Offenses of the Russian Federation).

Criminal liability for violation of privacy is provided for in Art. 137 of the Criminal Code of the Russian Federation 64. Illegal collection or dissemination of information about the private life of a person, constituting his personal or family secret, without his consent, or dissemination of this information in a public speech, publicly displayed work or the media is punishable by a fine of up to 200 thousand rubles. or in the amount of wages or other income of the convicted person for a period of up to 18 months, or compulsory work for a period of 120 to 180 hours, or correctional labor for a period of up to one year, or arrest for a period of up to four months. The same acts committed by a person using his official position are punishable by a fine in the amount of 100 thousand to 300 thousand rubles. or in the amount of wages or other income of the convicted person for a period of one to two years, or by deprivation of the right to hold certain positions or engage in certain activities for a period of two to five years, or by arrest for a period of four to six months.

CONCLUSION

The protection of an employee’s personal data can be considered in several aspects. Firstly, these are the guarantees enshrined in labor law, which is a set of rules governing relations regarding the personal data of an employee. Secondly, it is a system of organizational and legal measures aimed at implementing legislative provisions and expressing the employer’s policy in this area. Thirdly, it is ensuring the subjective right of the employee to protect his personal data.

Information relations arise both between the employee and the employer, and between each of them and third parties. The relationship between employee and employer is the basic information relationship. Therefore, their regulation in labor legislation will be given priority. The employee is not only obliged to provide information about himself, but also has the right to receive reliable information about working conditions and labor protection requirements in the workplace (Article 21 of the Labor Code of the Russian Federation). Each employee has the right to receive from the employer reliable information about labor conditions and safety in the workplace, about the existing risk of damage to health, as well as about measures to protect against exposure to harmful and (or) dangerous production factors (Part 3 of Article 219 of the Labor Code of the Russian Federation ). Article 210 of this Code contains the term “unified labor protection information system”. Receiving information from the employer on issues directly affecting the interests of employees is one of the main forms of employee participation in the management of the organization (Article 53 of the Labor Code of the Russian Federation). The employer is obliged to provide employee representatives with complete and reliable information necessary for concluding a collective agreement, agreement and monitoring their implementation (Article 22 of the Labor Code of the Russian Federation).

Certain norms of the domestic codified labor law regulate relations regarding confidential information. According to Part 3 of Art. 57 of the Labor Code of the Russian Federation, an employment contract may provide for conditions on non-disclosure of secrets protected by law (state, official, commercial and other). The employer has the right to terminate the employment contract in cases of disclosure by the employee of a legally protected secret that has become known to him in connection with the performance of his job duties, termination of access to state secrets, if the work performed requires access to state secrets (subclause “c” of paragraph 6 of Art. 81 Labor Code of the Russian Federation). The employee is held financially liable in the full amount of damage caused in the event of disclosure of information that constitutes a secret protected by law. In accordance with Part 8 of Art. 37 of the Labor Code of the Russian Federation, participants in collective negotiations and other persons associated with the conduct of collective negotiations must not disclose the information received if this information relates to a secret protected by law. Persons who disclosed this information are subject to disciplinary, administrative, civil, and criminal liability in the manner prescribed by law. In accordance with current regulations, personal data of a citizen is classified as confidential information1. Therefore, the provisions of the Labor Code of the Russian Federation regarding secrets protected by law also apply to personal

In market business conditions, the efficiency and effectiveness of the employer's activities are directly related to its timely provision of information resources. The employer’s activities in relation to the employee’s personal data are regulated by imperative norms, which is due to the public component of the field of labor law in general and the institution of protecting the employee’s personal data in particular. The right to protection of personal data is absolute. It is provided to each employee regardless of the size of his contribution to the achievement of the organization's goals. Therefore, according to paragraph 9 of Art. 86 of the Labor Code of the Russian Federation, employees must not waive their rights to preserve and protect secrets.

Employees can exercise their right to protection of personal data by freely accessing their personal data, including the right to receive copies of any record containing the employee’s personal data; by identifying their representatives to protect their personal data; by obtaining complete information about personal data and their processing; by presenting to the employer a requirement to exclude or correct incorrect or incomplete personal data, as well as data processed in violation of legal requirements; by appealing to the court any unlawful actions or inaction of the employer when processing and protecting the employee’s personal data, etc. (Article 89 of the Labor Code of the Russian Federation).

Thus, all the tasks set in the introduction were completed during the writing of the work, and therefore, the goal of the work was achieved.

BIBLIOGRAPHY

Normative legal acts

The United Nations Universal Declaration of Human Rights of December 10, 1948 was adopted by the UN General Assembly on December 10, 1948. // International public law: collection of documents.-M.: BEK, 1996.-T. 1.-S. 460-464.

Law of the Russian Federation of December 27, 1991 No. 2124-1 “On the Mass Media” Electronic resource: [text as ed. dated July 27, 2012] // Consultant Plus - legal reference system. Version 3000.02.12. M.: CJSC “Consultant Plus”, 1992-2006.

Family Code of the Russian Federation dated December 29, 1995 No. 223-F3 Electronic resource: [adopted by the State Duma of the Federal Assembly of the Russian Federation on December 8, 1995: text as amended. dated 06/03/2012] // Consultant Plus legal reference system. Version 3000.02.12.-M.: CJSC “Consultant Plus”, 1992-2006.

Labor Code of the Russian Federation dated December 30, 2001 No. 197-FZ Electronic resource: [adopted by the State Duma of the Federal Assembly of the Russian Federation on December 21, 2001: text as amended. dated June 30, 2012] // Consultant Plus legal reference system. Version 3000.02.12. -M.: CJSC “Consultant Plus”, 1992-2006.

Criminal Code of the Russian Federation dated June 13, 1996 No. 63-F3 Electronic resource: [adopted by the State Duma of the Federal Assembly of the Russian Federation on May 24, 1996: text as amended. dated July 27, 2012] // Consultant Plus legal reference system. Version 3000.02.12. - M.: CJSC “Consultant Plus”, 1992-2006.

Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” Electronic resource: [adopted by the State Duma of the Federal Assembly of the Russian Federation on July 8, 2006] // Consultant Plus reference legal system. Version 3000.02.12. - M.: CJSC “Consultant Plus”, 1992-2012.

Scientific literature

Alaverdov A. R. Organization and security management in credit and financial organizations: Textbook. M.: Moscow State University of Statistics and Informatics, 2004.

Balashkina I.V. Features of constitutional regulation of the right to privacy in the Russian Federation // Law and Politics. 2007. No. 7. pp. 92-105.

Bachilo I.L., Sergienko L.A., Kristalny B.V., Areshev A.G. Personal data in the structure of information resources. Fundamentals of legal regulation. Minsk. 2006. p.473.

Blotsky V.N. Constitutional provision of the human right to privacy in the Russian Federation: Author's abstract. dis. Ph.D. legal Sci. M., 2007. p. 31.

Borisova S. A. General requirements for processing employee personal data and guarantees of their protection // Labor Law. - 2005. - N 11. - P. 30-36.

Glushkova S.I. Human rights in Russia: theory, history, practice: textbook. Benefit. Ekaterinburg. 2008. p.748.

Ishcheynov V. Ya. Personal data in legislative and regulatory documents of the Russian Federation and information systems // Office work. - 2008. - N 3. - P. 87-90.

Kibanov A. Ya. Personnel management of an organization: Textbook. 4th ed., add. and processed M.: Infra-M, 2010. 695 p.

Kuzhukeeva G. The right to private life and the right to freedom of expression: problems of correlation. [Electronic resource]. URL: http://medialaw.asia

Lushnikov A.M. Protection of employee personal data: comparative legal commentary on Chapter 14 of the Labor Code of the Russian Federation // Labor Law. 2009. No. 9. P. 93-101.

Markevich A. S. Organizational and legal protection of personal data in official and labor relations: Author's abstract. dis. for the job application uch. Art. Ph.D. legal Sci. Voronezh, 2006.

Novichkova Yu. V. Personal data - without the right of transfer, or Features of termination of an employment contract for disclosure of personal data // Personnel Directory. - 2007. - N 1. - P. 14-23.

Orlovsky Yu. P., Kuznetsov D. L., Belitskaya I. Ya., Koryakina Yu. S. Personnel records management (legal basis): Practical guide / Ed. Yu. P. Orlovsky. M.: Contract, 2009. 239 p.

Preobrazhensky, E. Insider: the option of sealing the USB port will not help / Personnel management. - 2009. - N 7 (209). - P. 8-15.

Savintseva M. Legal protection of personal information of citizens in Russia // Legislation and practice of mass media. - 2006. - No. 9. [Electronic resource]. URL: http://www.medialaw.ru/publications

Sokolova O. S. Problems of implementing the Federal Law “On Personal Data” // Modern law. - 2006. - N 9. - P. 37-41.

Fedosova, M. A. Protection of employee personal data // Financial and accounting consultations. - 2007. - N 11. - P. 71-74.

Khachaturyan Yu. A. The employee’s right to the protection of personal data // Modern law. - 2006. - N 1. - P. 43-51.

Channov, S. E. Legal regime of personal data in state and municipal service // Russian justice. - 2008. - N 1. - P. 21-23.

Chirkin V.E. Constitutional law of foreign countries: Textbook. 4th ed., revised. and additional - M.: Yurist, 2005. p. 391.

Yankovaya V. F. Regulations on the protection of personal data of employees. M.: LLC "Professional Publishing House" // Secretary-referent. 2008. N 2.

Application

Director of musical theater

located at:
Moscow, st. Unknown, 6,
Ivanov Ivan Ivanovich
from Sidorov Peter Mikhailovich
(passport N 33 00 612745, issued
Leninsky Department of Internal Affairs of Moscow 02.25.2001)

Statement.

I, Sidorov Petr Mikhailovich, give my consent to the collection, systematization, accumulation, storage, clarification (updating, changing), use, distribution (transfer), depersonalization, blocking and destruction of my personal data:

Full Name;

Year, month, date and place of birth;

Family, social, status;

Education;

Profession;

The income received by me in this institution, for transfer to the tax office in form 2-NDFL and the Pension Fund of the Russian Federation, individual information on accrued insurance contributions for compulsory pension insurance and data on work experience.

8 Labor Code of the Russian Federation dated December 30, 2001 No. 197-FZ

9 Bachilo I..L., Sergienko L.A., Kristalny B.V., Areshev A.G. Personal data in the structure of information resources. Fundamentals of legal regulation. Minsk. 2006. p.473.

10 Borisova S. A. General requirements for the processing of employee personal data and guarantees of their protection // Labor Law. - 2005. - N 11. - P. 30-36.

11 On information, informatization and information protection: Federal Law of February 20, 1995 No. 24-FZ, Part 1 of Art. 11 // Russian newspaper. 2003

12 On approval of the List of confidential information: Decree of the President of the Russian Federation of March 6, 1997 No. 188 // Reference legal system “Garant” as of September 1, 2008 URL: http://www.garant.ru

13 On information, information technologies and information protection: federal law of July 27, 2006 No. 149-FZ // Russian newspaper. 2006

14 Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” Electronic resource: [adopted by the State Duma of the Federal Assembly of the Russian Federation on July 8, 2006] // Consultant Plus reference legal system. Version 3000.02.12. - M.: CJSC “Consultant Plus”, 1992-2012.

15 On archival matters: Federal Law No. 125-FZ of October 22, 2004 (as amended by Federal Law No. 202-FZ of December 4, 2006) // Reference legal system “Garant” as of September 1, 2008. URL: http://www.garant.ru

16 On state registration of legal entities and individual entrepreneurs: Federal Law of August 8, 2001 No. 129-FZ, Art. 6 (as amended by Federal Law No. 202-FZ of December 4, 2006) // Legal system “Garant” as of May 1, 2008 URL: http://www.garant.ru

17 Constitution of the Russian Federation. Adopted by popular vote on December 12, 1993. // Russian newspaper. 12/25/1993.

18 Regulations on certification of information security means. Approved by Decree of the Government of the Russian Federation of June 26, 1995 No. 608 (as amended and supplemented by April 23, 1996 No. 509; dated March 29, 1999 No. 342; dated December 17, 2004 No. 808); Regulations on certification of information security tools according to information security requirements. Approved by Order of the Chairman of the State Technical Commission under the President of the Russian Federation dated October 27, 1995 No. 199; Regulations on licensing activities for the technical protection of confidential information. Approved by Decree of the Government of the Russian Federation of August 15, 2006 No. 504

19 On state secrets: Law of the Russian Federation of July 21, 1993 No. 5485-1, section 3 “Classification of information as state secrets and their classification”

20 On trade secrets: Federal Law of July 29, 2004 No. 98-FZ, Art. 10 in ed. Federal Law of February 2, 2006 No. 19-FZ, of December 18, 2006 No. 231-FZ)

21 On official secrets: draft federal law, bill No. 124871-4, Chapter 2 “Classifying information as official secrets and removing restrictions on their dissemination.”

22 Bachilo I..L., Sergienko L.A., Kristalny B.V., Areshev A.G. Personal data in the structure of information resources. Fundamentals of legal regulation. Minsk. 2006. p.473.

23 On combating the legalization (laundering) of proceeds from crime and the financing of terrorism: Federal Law of August 7, 2001 No. 115-FZ // Rossiyskaya Gazeta. 2001

24 Bachilo I.L., Lopatin V.N., Fedotov MA Information law. SPb.: ed. "Legal Center Press", 2005. P. 243.

25 On the classification of confidential information into “primary” and “derived” secrets, see: Volchinskaya E.K. Trade secret in the confidential information system

26 Bachilo I.L., Lopatin V.N., Fedotov M.A. Decree. op. P. 220; Golovkin R.B. Legal and moral regulation of private life in modern Russia: dis. ... Doctor of Law. Sciences: 12.00.01. N. Novgorod / 2005. P. 117; Baranov V.M. Category “private life” // Citizens’ right to information and protection of privacy. N. Novgorod, 1999. pp. 34-37.

27 Petrykina N.I. On the issue of confidentiality of personal data // Legal system “Garant” as of May 1, 2008.

28 Borisova S. A. General requirements for the processing of employee personal data and guarantees of their protection // Labor Law. - 2005. - N 11. - P. 30-36.

29 Borisova S. A. General requirements for the processing of employee personal data and guarantees of their protection // Labor Law. - 2005. - N 11. - P. 30-36.

36 Bachilo I..L., Sergienko L.A., Kristalny B.V., Areshev A.G. Personal data in the structure of information resources. Fundamentals of legal regulation. Minsk. 2006. p.473.

37 Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” Electronic resource: [adopted by the State Duma of the Federal Assembly of the Russian Federation on July 8, 2006] // Consultant Plus reference legal system. Version 3000.02.12. - M.: CJSC “Consultant Plus”, 1992-2012.

38 Kibanov A. Ya. Personnel management of an organization: Textbook. 4th ed., add. and processed M.: Infra-M, 2010. 695 p.

39 Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” Electronic resource: [adopted by the State Duma of the Federal Assembly of the Russian Federation on July 8, 2006] // Consultant Plus legal reference system. Version 3000.02.12. - M.: CJSC “Consultant Plus”, 1992-2012.

40 Bachilo I..L., Sergienko L.A., Kristalny B.V., Areshev A.G. Personal data in the structure of information resources. Fundamentals of legal regulation. Minsk. 2006. p.473.

49 Preobrazhensky, E. Insider: the option of sealing the USB port will not help / Personnel management. - 2009. - N 7 (209). - P. 8-15.

50 Khachaturyan Yu. A. The employee’s right to the protection of personal data // Modern law. - 2006

51 Bachilo I..L., Sergienko L.A., Kristalny B.V., Areshev A.G. Personal data in the structure of information resources. Fundamentals of legal regulation. Minsk. 2006. p.473.

52 Lushnikov A.M. Protection of employee personal data: comparative legal commentary on Chapter 14 of the Labor Code of the Russian Federation // Labor Law. 2009

53 Khachaturyan Yu. A. The employee’s right to the protection of personal data // Modern law. - 2006

54 Lushnikov A.M. Protection of employee personal data: comparative legal commentary on Chapter 14 of the Labor Code of the Russian Federation // Labor Law. 2009

55 Lushnikov A.M. Protection of employee personal data: comparative legal commentary on Chapter 14 of the Labor Code of the Russian Federation // Labor Law. 2009

56 Lushnikov A.M. Protection of employee personal data: comparative legal commentary on Chapter 14 of the Labor Code of the Russian Federation // Labor Law. 2009

57 Preobrazhensky, E. Insider: the option of sealing the USB port will not help / Personnel management. - 2009. - N 7 (209). - P. 8-15.

58 Preobrazhensky, E. Insider: the option of sealing the USB port will not help / Personnel management. - 2009. - N 7 (209).

59 Preobrazhensky, E. Insider: the option of sealing the USB port will not help / Personnel management. - 2009. - N 7 (209).

60 Bachilo I..L., Sergienko L.A., Kristalny B.V., Areshev A.G. Personal data in the structure of information resources. Fundamentals of legal regulation. Minsk. 2006. p.473.

61 Preobrazhensky, E. Insider: the option of sealing the USB port will not help / Personnel management. - 2009. - N 7 (209). - P. 8-15.

62 Borisova S. A. General requirements for processing employee personal data and guarantees of their protection // Labor Law. - 2005. - N 11. - P. 30-36.

63 Lushnikov A.M. Protection of employee personal data: comparative legal commentary on Chapter 14 of the Labor Code of the Russian Federation // Labor Law. 2009

64 Criminal Code of the Russian Federation dated June 13, 1996 No. 63-F3 Electronic resource. [Adopted by the State Duma of the Federal Assembly of the Russian Federation on May 24, 1996: text as amended. dated July 27, 2012] // Consultant Plus legal reference system. Version 3000.02.12. - M.: CJSC “Consultant Plus”, 1992-2006.

The work has quite significant potential.

The survey revealed that 73% of respondents consider outreach work with drug addicts to be effective, which is a very good result.

Of course, the prospects for outreach work in Russia are also determined by the willingness of the population to participate as outreach workers. However, according to the survey results, 54% of respondents did not show such desire, 33% would like to take part, 13% found it difficult to answer. This can be explained by the lack of sufficient information about the activities of outreach workers.

Based on the results of the study, we can conclude that the population has a positive attitude towards outreach work. The majority of respondents consider it necessary to develop this professional activity in Russia, including with drug-addicted young people.

Outreach work, in our opinion, can be used in the work of non-profit organizations whose mission is aimed at the rehabilitation of drug addicts, drug addiction prevention and propaganda healthy image life. But for the effective and full development of outreach work, public organizations will need to work closely with state drug treatment and infectious diseases services, and law enforcement agencies.

Thus, outreach work in Russia, although used only in some regions of Russia, has shown good results as a method of preventing drug addiction among young people and HIV infections among injection drug users. From the current state of affairs with drug-addicted youth, because of the acute problem, it is obvious that there is a need to develop work that would focus specifically on the specifics of this target group, on their problems. Bibliography:

1. Annual report “Doctors for Children” [Electronic resource]. URL: http://www.vd-spb.ru/files/god_otchet_dtc_2011.pdf.

2. Annual report for 2014. Andrey Rylkov Foundation for the Promotion of Health and Social Justice [Electronic resource]. URL: http://rylkov-fond.org/blog/hr-moscow/about-the-project/yearreport/.

3. Minullin I.K., Taisheva L.A., Vafina G.G. Low-threshold service center on the basis of the outpatient department of the dermatovenerological dispensary, as a model for providing comprehensive medical and social services to vulnerable groups of the population // PM. 2013. -№1.- P.91.

4. Report on the activities of the Irkutsk regional branch of the Russian Red Cross for 2015 [Electronic resource]. URL: http://www.redcross-irkutsk.org/userfiles/otchet%202015.pdf.

5. Third sector [Electronic resource]. URL: http://t-sector.narod.ru/MainRoot/proj12.html.

© Bolshakova N.L., 2016

UDC: 004.738.5:004.056

Germanova Valeria Alexandrovna

Assistant, Department of Sociology and Management, MADI

Moscow, Russian Federation E-mail: [email protected] Atabekyan Anait Sargisovna student of the Department of Sociology and Management, MADI

Moscow, Russian Federation E-mail: [email protected]

PROBLEMS OF PROTECTING PERSONAL DATA ON THE INTERNET

annotation

Information has always given an advantage in the struggle for wealth and power, but in modern conditions,

INTERNATIONAL SCIENTIFIC JOURNAL “SYMBOL OF SCIENCE” No. 12-3/2016 ISSN 2410-700Х_

V information age, it became the main weapon. With the development of information technology and accessible means of mass communication, the possibilities of abuse associated with the use of collected and accumulated information about a person have increased. Means for quickly processing personal data have emerged and are being effectively used by attackers, creating a threat to human rights and legitimate interests. The article discusses the problems of protecting personal data on the Internet and offers recommendations for ensuring it.

Keywords Personal data. Internet. Confidentiality.

In the context of globalization, human activity is becoming more and more connected with global network The Internet, over the past decades, the number of its users has increased many times. While working online, a person receives a lot of useful information, but sometimes he does not notice how his personal data is under great threat. The issue of protecting personal data is relevant, especially relevant is the protection of personal data entering the Internet and its information security. Personal data is any information relating to a directly or indirectly identified or identifiable individual (subject of personal data).

Obviously, making extensive use of computers and networks for processing and transmitting information, these industries must be reliably protected from the possibility of unauthorized persons accessing it. Its loss or distortion. According to statistics, more than 80% of companies suffer financial losses due to violations of the integrity and confidentiality of the data used.

The most common source of threats to personal data is the Internet. IN modern world almost every person has Email, sometimes there are several accounts (personal and work email Mailbox), and profiles on various social networks, including professional social networks. In any case, hacking accounts can lead to the loss of personal data published either on the profile page or ever sent using the service, and often via mail and social networks Even passport data and other particularly important information are sent. Any unlawful actions that led to the loss of personal data violate the main law of the country - the Constitution (Article 24). A separate issue of protecting personal data on the Internet arises if you pay attention to e-commerce, because online shopping has become a natural phenomenon for most people.

When performing these transactions, you should especially carefully study the site where the product is purchased for strict compliance with the law and it is not advisable to link your bank card To payment system site, this carries additional risk. Another source of danger for personal data on the Internet can be job search sites and portals of personalized (i.e., intended for a specific citizen and containing his personal data) services to the population.

There is a real problem in the modern world - the Internet. IN Everyday life people leave behind so-called virtual “breadcrumbs”: digital information about: who they call, where they go, what food they prefer, what they buy and where, where they live and other data about their personal life. From these elements of people's lives, you can learn more than they themselves would like to tell about themselves. Digital technologies make it possible to explore the billions of individual interactions in which people exchange ideas, money, goods and rumors.

In the new digital era, we will need to manage society in a new way. We will have to start testing connections in the real world much earlier and much more often than before. It is necessary to create so-called “living laboratories” where ideas for building a society driven by personal data can be tested. Increasing the creative flow of ideas would allow all people to share personal data anonymously and without fear.

In post-industrial society, confidentiality has come to mean that some information available

for some, inaccessible for others. Confidentiality involves the need to prevent the disclosure of personal information, and privacy is the arbiter who decides who has more control. It is very important to maintain a complex balance between privacy and openness; this can be taken care of by users themselves through browser settings or social networks.

Information has always given an advantage in the struggle for wealth and power, but in the information age it has become the main weapon. The possibilities for exchanging information on the Internet today are quite limitless and continue to evolve. The Internet today is a dynamic social environment that unites a huge number of people. For example, Facebook and its competitors encourage their users to be open and transparent, but they keep their users' predictive models deeply secret.

In conclusion, there are several rules for Internet users that should be followed in order to protect their personal data:

1. Monitor what is sent in the message and to whom.

2. Carefully study the agreements on the processing of personal data on various sites, if there are none, do not trust them important information this site.

3. When using e-commerce services, do not link your bank card to the site’s payment system.

4. If violations of legislation in the field of personal data protection are detected, contact the relevant regulatory authorities.

Thus, ensuring the security of personal data is one of the most important problems in the information sphere and relations between the state, legal entities and individuals, requiring certain approaches and solutions. New technologies, on the one hand, have significantly simplified the collection, processing, storage, and transmission of data, and on the other, they have created obvious threats of their illegal trafficking, which leads to violations of individual rights.

List of used literature: 1.Time.PB. Personal data: Volgin I. - Moscow, Vremya, 2014 - 185 p.

2.Economic informatics/ed. V.P. Kosarev and L.V. Eremina. - M.: “Finance and Statistics”, 2013 - 592 p.

3.The Constitution of the Russian Federation - Reference and legal database "ConsultantPlus".

© Germanova V.A., Atabekyan A.S., 2016

Kilsenbaev E.R.

4th year student, Faculty of Philosophy and Sociology, Bashkir State University, Ufa, Russian Federation

POSITION OF DISABLED PEOPLE IN THE LABOR MARKET

annotation

The article examines the situation of disabled people in the labor market. The mechanisms for employing people with disabilities are listed. Statistical data are provided on the violations faced by employed people with disabilities.

Keywords

Disabled person, employed disabled person, violations of the rights of disabled people in the workplace

Personal data - any information relating to a directly or indirectly identified or identifiable individual (subject of personal data). Ensuring the protection of information and personal data is one of the priorities and the most important task in ensuring the information security of any organization. It is impossible to imagine the activities of an organization without processing information about a person. They store and process data about members of management bodies and employees, partners, shareholders (JSC) and persons visiting the organization. All this is personal data (PD).

A violation of confidentiality in ensuring the safety of an organization's personal data base can become a serious information security incident, which can lead to irreparable damage and numerous risks. These are, first of all, financial risks associated with the costs of taking urgent measures to eliminate this problem (conducting an investigation, organizing measures to eliminate this problem), loss of the organization’s reputation, and sometimes a complete stoppage of activities.

It is the need to ensure the security of personal data that has now become an objective reality. This need is caused by the rapid development of modern information technologies, electronic commerce and electronic information exchange between business partners, free access to mass communications, and the ability to copy and distribute information.

Organizations processing personal data took measures to protect them based on their own ideas, enshrined in their internal information security policy. Now the situation has changed. In accordance with the Federal Law of the Russian Federation dated July 27, 2006 No. 152-FZ “On Personal Data” (as amended by No. 261-FZ dated July 25, 2011), the requirements for all private and public companies and organizations, as well as individuals, have increased significantly persons who store, collect, transfer or process personal data (including last name, first name, patronymic). Such companies, organizations and individuals are classified as personal data controllers.

Decree of the Government of the Russian Federation of November 1, 2012 No. 1119 established requirements for the protection of personal data during their processing in information systems, defining the classification of information systems by type of processed data, classification of threats for different types of systems, as well as the necessary levels of security for each type of such systems The security of personal data when processed in an information system is ensured by the operator of this system or the person processing personal data on behalf of the operator on the basis of an agreement concluded with this person. The choice of information security means for the system is carried out by the operator in accordance with the regulatory legal acts of the FSB of Russia and the FSTEC of Russia.

According to Federal Law No. 152 “On Personal Data”, personal data is restricted access information. The purpose of this Federal Law is to ensure the protection of the rights and freedoms of man and citizen when processing his personal data, including the protection of the rights to privacy, personal and family secrets.

Failure to comply with the provisions of Law 152-Federal Law “On Personal Data” provides for civil, criminal, administrative, as well as disciplinary and other types of liability. In certain cases provided for by law, the activities of an organization may be suspended or its license may be revoked. This is one of the reasons that protecting personal data is an integral part of the successful functioning of any enterprise.

Federal Agency for Education
Altai State University
History department
Department of Archival Science and Historical Informatics

Legal protection of personal data in the Russian Federation
(Course work)

Completed by a student
1st year 194 groups
Nikiforova K.A.

________________________

(signature)

Scientific director
Ph.D., Art. Rev. Sarafanov D.E.
________________________

(signature)

Job protected
"____"___________2010

Grade _________________

Barnaul 2010

Introduction………………………………………………………………………………...2

Chapter 1 The concept of “personal data” in domestic legislation and scientific literature………………………………………………………………………………...…………..6

1.1 Definition of the concept of “personal data” in legislation………………6

1.2 Definition of the concept of “personal data” in the scientific literature………….13

Chapter 2 Protection of personal data and liability for violation of work with them.................................................. ........................................................ ............................................17

1.1 Legal measures to protect personal data………………………………17

1.2 Responsibility for violation of work with personal data……….…….24

Conclusion………………………………………………………………………………………....28

List of sources and literature………………………………………………………..30

Introduction

Over time, humanity has more and more new objects that need protection by enshrining appropriate norms in law. The main object today is information. Nowadays, society is entirely dependent on the data received, processed and transmitted. For this reason, data itself becomes highly valuable. And the higher the price of useful information, the higher its safety.

In view of the above, legislative acts, both in Russia and foreign countries, provide for a considerable number of norms aimed at regulating the creation, use, transfer and protection of information in all its forms.

Of particular value is information that contains data about a person’s personal, individual or family life. Article 2 of the Constitution of the Russian Federation enshrines the basic principle of a modern democratic society: “Man, his rights and freedoms are the highest value.” Accordingly, information that directly affects a person’s private interests must be respected and protected by the state.

The purpose of the work is to study the legal protection of personal data in the Russian Federation. To achieve the goal, it is necessary to solve the following tasks:

1. based on analysis scientific works and legislation to study the content of the concept of “personal data”;

2. study various aspects of personal data protection

Historiography.“Personal data” is considered as information (recorded on a tangible medium) about a specific person that is identified or can be identified with him. Personal data includes biographical and identification data, personal characteristics, information about family, social status, education, profession, professional and financial status, health status, and others. In the modern world, increasing demands are placed on the protection of this information, and guarantees for its safety and non-disclosure are taken very seriously.

A.G. Saidov devoted his work to issues of information security, legal regulation and components of the state information security system. The subject of his research is the content and significance of constitutional and legal norms that ensure the creation of an information security system for individuals, Russian society and the state. Abdulmutalib Gasanovich made a significant contribution to the study of the legal protection of personal data and information security in general. According to A.G. Saidov, the main thing that Russian legislation lacks (and what can be learned from foreign experience) is a positive (non-punitive) orientation. Personal data protection is a new area of ​​activity; here it is important to teach, explain, help, and not prohibit and punish.

The author considers it necessary to adopt the Federal Law “On Privacy”, which would establish an exhaustive list of cases of restriction of rights in accordance with constitutional grounds and decisions of the European Court of Human Rights. According to Saidov, the state must create conditions to ensure the protection of personal data of every citizen of the Russian Federation.

In the work of V.Ya. Yarochkina “Information Security”, personal data refers to the type of information that requires legal protection. He considers the need for legal protection of personal data of a person and a citizen, and proves the importance of the safety of personal information. The author lists the types of legal acts focused on the legal protection of information and other means aimed at concealing personal data. In his work one can see threats to confidential information, as well as types of such threats that lead to the unlawful acquisition of protected information. In conclusion, Vladimir Ivanovich listed recommendations for ensuring information security.

In general, we can say that the work of V.I. Yarochkin is aimed at characterizing and fully describing the security of personal data and other types of confidential information.

In the study by V.V. Polyakov and V.A. Mazurov “Problems of legal and technical protection information" we're talking about about the creation and use effective methods and means to ensure information security. A separate important task explored in this collection is the training of information security specialists. The authors note that there is a shortage of qualified information security specialists. This is largely due to the great demands placed on them.

The “Big HR Directory”, authored by N.A. Alimova, discusses the problems of protecting employee personal data (in my opinion, they relate to types of personal data in general). ON THE. Alimova, explains what an employee’s personal data is, why they are needed, how they are protected, what requirements the employer must fulfill when processing employee data when hiring. This work states that the procedure for storing and using personal data of employees is established by the employer in compliance with the requirements of the Labor Code of the Russian Federation and other federal laws. ON THE. Alimova examined in her work the very rules for transferring employee personal data and the requirements necessary for this. An important aspect of the study of this topic in the work is the procedure for bringing to disciplinary liability for failure to fulfill the duties and requirements for storing and ensuring the security of an employee’s personal data, as well as the forms of such liability.

V.A. Mazurov in his work “Criminal Legal Aspects of Information Security” examines the concept and principles of information security, the main directions of development of information legislation, as well as the legal concept and classification of information protected by law. He highlighted various measures to ensure the protection of confidential data, and also revealed the definition and classification possible threats security A special part of his work is the study and description of the criminal legal protection of restricted information. V.A. Mazurov studies and characterizes the object and subject of crimes that infringe on the privacy of private life. Reveals the objective side of crimes that infringe on privacy, explains in what case an offense occurs in the sphere of information security, and lists the forms of liability for violation of confidentiality of personal data, in accordance with the articles of the Criminal Code of the Russian Federation.

In general, we can say that the topic of personal data and its protection has been studied quite well and thoroughly. A large number of works contain information about the classification of information protected by law, about the types of legal acts aimed at maintaining the security of personal data, about methods and means of protection, about types of threats, about types of liability for violation of work with personal data. The abundance of such information helps to increase the degree and quality of personal data protection.

Chapter 1

The concept of “personal data” in domestic legislation and scientific literature.

1.1. Definition of the concept of “personal data” in legislation.

In the modern world, the protection of personal data is taken very seriously. Regulatory acts regulating their safety are provided not only by national legislation, but also by international acts.

The Universal Declaration of Human Rights is one of the most important documents in human history. On December 10, 1948, the United Nations General Assembly adopted the Declaration.

Article 12 of the 1948 Universal Declaration of Human Rights states: “No one shall be subjected to arbitrary interference with his privacy or family life, his home, his correspondence or his honor or reputation. Everyone has the right to the protection of the law against such interference or such encroachments."

The right to respect for private and family life is also contained in the Convention for the Protection of Human Rights and Fundamental Freedoms, which also states that “There shall be no interference by public authorities with the exercise of this right, except in cases where such the interference is prescribed by law and is necessary in a democratic society in the interests of national security or public order, the economic welfare of the country, for the prevention of disorder or crime, for the protection of health or morals or for the protection of the rights and freedoms of others.” The Convention was adopted by the Council of Europe on November 4, 1950 in Rome. The Russian Federation ratified it by adopting Federal Law No. 54-FZ of March 30, 1998.

After some time of consolidation of political human rights, the right to privacy was confirmed by the International Covenant on Civil and Political Rights.

International Covenant on Civil and Political Rights Adopted by resolution 2200 A (XXI) of the General Assembly on December 16, 1966 in New York. The USSR signed the pact on March 18, 1968. Ratified by the Presidium of the Supreme Soviet of the USSR on September 18, 1973 with a statement. The USSR instrument of ratification was deposited with the UN Secretary General on October 16, 1973. Came into force for the USSR on January 3, 1976.

These international legal acts laid the foundation for the creation of national legal systems. In the Russian Federation, along with international legal acts, the safety of personal data is ensured by domestic regulations.

Firstly, this is the Constitution of the Russian Federation. Its provisions recognize not only the right to privacy, personal and family secrets (Part 1 of Article 23), but also additional guarantees that ensure this right. In accordance with Art. 2 of the Constitution, “man, his rights and freedoms are the highest value. Recognition, observance and protection of human and civil rights and freedoms is the duty of the state.” Thus, the Russian Federation not only establishes the right, but also undertakes to protect it; puts the interests of the individual and citizen at a level higher than the interests of the state, society, or public or commercial organizations. Part 1 art. 24 prohibits the collection, storage, use and dissemination of information about a person’s private life without his consent. And finally, according to Art. 46 everyone is guaranteed judicial protection of their rights, including in interstate bodies.

The Constitution of the Russian Federation has the highest legal force, its direct effect is applied throughout the country, any laws applied in the country must not contradict the Constitution. Generally recognized principles and norms of international law and international treaties of the Russian Federation are the main part of its legal system. If an international treaty of the Russian Federation establishes rules other than those provided for by law, then the rules of the international treaty apply.

On July 8, 2006, the State Duma adopted Federal Law of the Russian Federation No. 152-FZ “On Personal Data”. The purpose of this Federal Law is to ensure the protection of the rights and freedoms of man and citizen when processing his personal data, including the protection of the rights to privacy, personal and family secrets. This law defines the concept of “personal data”, as well as other basic concepts used in the Federal Law. Also, the law discusses its scope, principles and conditions for the processing of personal data, the rights of the subject of personal data, the obligations of the operator, control and supervision of the processing of personal data, liability for violation of requirements for violation of this Federal Law.

Following Article 3 of the Federal Law, personal data is any information relating to an individual identified or determined on the basis of such information (subject of personal data), including his last name, first name, patronymic, year, month, date and place of birth, address, family, social, property status, education, profession, income, other information.

On February 20, 1995, Federal Law No. 24-FZ “On Information, Informatization and Protection of Information” was approved, in which, in Part 1 of Art. 11 it was determined that personal data is confidential information, and part 3 of the same article warns of the liability of legal entities and individuals for violating the protection, processing and procedure for using this information. Also in this law, the concept of “personal data” was given; it was defined as “information about the facts, events and circumstances of a citizen’s life, allowing his personality to be identified.” Currently, this law is not in force; it was replaced by the Federal Law “On Information, Information Technologies and Information Protection” dated July 27, 2006 N149-FZ.

Article 2 of the new law on information discusses the basic concepts used in this law, and art. 3 talks about the legal regulation of relations arising in the field of information, information technology and information protection. This article states that restrictions on access to information can only be established by federal law. There is no specific concept of personal data in this law, obviously, because the Federal Law “On Personal Data” was approved.

Article 5 of the Federal Law “On Information, Information Technologies and Information Protection” states: “information, depending on the category of access to it, is divided into publicly available information, as well as information to which access is limited by federal laws (restricted information).”

Public information is information that cannot be hidden from society. An example is information about the state of the environment, about the activities of state authorities and local governments, documents accumulated in open collections of libraries and archives. Also included in this category are normative legal acts affecting the rights, freedoms and responsibilities of individuals and citizens, the legal status of organizations and the powers of state bodies and local governments.

Restricted information is information of value to its owner, access to which is legally restricted. In turn, restricted access information is divided into information constituting a state secret and information the confidentiality of which is established by federal law (confidential information).

On October 22, 2002, Federal Law No. 125-FZ “On Archival Affairs in the Russian Federation” was adopted. This law regulates relations in the field of organizing storage, acquisition, accounting and use of documents from the Archival Fund of our country and other archival documents, regardless of their form of ownership, as well as relations in the field of archival management in the Russian Federation in the interests of citizens, society and the state. This law, in Article 3, considers such concepts as documents on personnel (reflecting the labor relations of the employee with the employer), a particularly valuable document (a document that has enduring cultural, historical and scientific value, of particular importance for society and the state and in respect of which it is established a special regime of accounting, storage and use), a unique document (a particularly valuable document that has no similar ones in terms of the information it contains and (or) its external features, irreplaceable if lost from the point of view of its value and (or) autographicity), etc. d. This law also distinguishes archival documents related to state property, as well as municipal and private property. In Art. 10 explains the peculiarities of the position of archival documents owned by the Russian Federation or municipalities. Chapter 6 focuses on the scope of access to and use of archival documents. The user of archival documents has the right to freely search and receive archival documents for study. But there is also a restriction on access to archival documents, which are discussed in Article 25. This article states that Access to archival documents may be limited in accordance with an international treaty of the Russian Federation, the legislation of the Russian Federation, as well as in accordance with the order of the owner or holder of privately owned archival documents, this article also states that the restriction access to archival documents containing information about the personal and family secrets of a citizen, his private life, as well as information that poses a threat to his safety, is established for a period of 75 years from the date of creation of these documents.

Federal Law of the Russian Federation “On operational investigative activities” dated August 12, 1995 No. 144-FZ provides for restrictions on the constitutional rights of citizens to the secrecy of telephone conversations, correspondence, postal, telegraph and other messages transmitted over electrical and postal communication networks on the basis of a court decision and only when the presence of information about the preparation, commission or completion of an unlawful act or about events or actions that create a threat to the state, military, economic or environmental security of the Russian Federation.

This normative establishes an exhaustive list of operational investigative activities and bodies carrying out operational investigative activities. It allows for operational and technical forces and means to control postal, telegraph and other messages; listening to telephone conversations with connection to stationary equipment of enterprises, institutions and organizations, regardless of their form of ownership, individuals and legal entities providing communication services; removing information from technical channels communications only to the bodies of the FSB and the Ministry of Internal Affairs, which can provide these forces and means on the basis of special agreements or interdepartmental regulations to other bodies carrying out operational investigative activities. But the bodies (officials) carrying out operational investigative activities, when carrying out operational investigative activities, must ensure respect for human and citizen rights to privacy, personal and family secrets, inviolability of home and secrecy of correspondence.

The sphere of relations concerning the employee’s personal data is regulated by Chapter 14 of the Labor Code of the Russian Federation. Where the concept of an employee’s personal data is established, the procedure for working with it is established and the employer’s responsibility for violating relevant standards is established. The Labor Code states that an employee’s personal data is information necessary for the employer in connection with labor relations and relating to a specific employee.

The Criminal Procedure Code of the Russian Federation dated December 5, 2001 also addresses the area of ​​personal data. In Art. 13 talks about the secrecy of correspondence, telephone and other conversations, postal, telegraph and other messages. This article states that the seizure of postal and telegraph items and their seizure in communication institutions, control and recording of telephone and other conversations can only be carried out on the basis of a court decision.

The list of confidential information was published in Decree of the President of the Russian Federation dated March 6, 1997 N 188 “On approval of the list of confidential information.” Types of confidential information include the following:

• Personal data - information about facts, events and circumstances of a citizen’s daily life, allowing his personality to be identified, with the exception of information that is subject to dissemination in the media in cases established by federal laws;
• Secret of investigation and legal proceedings - information constituting the secret of investigation and legal proceedings, as well as information about protected persons and measures of state protection carried out in accordance with the Federal Law of August 20, 2004 No. 119-FZ and other regulatory legal acts of the Russian Federation;
• Official secret - official information, access to which is limited by government authorities in accordance with the Civil Code of the Russian Federation and federal laws;
• Professional secret - information related to professional activities, access to which is limited in accordance with the Constitution of the Russian Federation and federal laws (medical, notarial, lawyer's secret, confidentiality of correspondence, telephone conversations, postal items, telegraphic and other messages, etc.) ;
• Trade secret - information related to commercial activities, access to which is limited in accordance with the Civil Code of the Russian Federation and federal laws;
• Information about the essence of the invention - information about the essence of the invention, utility model or industrial design before the official publication of information about them.

The list of information classified as state secrets is published in Art. 5 of the Law of the Russian Federation N 5485 of July 21, 1993 “On State Secrets”. According to this law, such information includes: information in the military field; in the field of economics, science and technology; in the field of foreign policy and economics; in the field of intelligence, counterintelligence and operational investigative activities. Classification of information as a state secret is carried out in accordance with its industry, departmental or program-target affiliation, as well as in accordance with this Law. In Art. 2 reveals the concept of state secret - “information protected by the state in the field of its military, foreign policy, economic, intelligence, counterintelligence and operational investigative activities, the dissemination of which could harm the security of the Russian Federation.” This law also talks about declassification, protection, and disposal of information related to state secrets.

The Federal Law of the Russian Federation “On Trade Secrets” considers and regulates relations related to the classification of information as a trade secret, the transfer of such information, and the protection of its confidentiality in order to ensure a balance of interests of owners of information constituting a trade secret. According to this law, “a trade secret is the confidentiality of information that allows its owner, under existing or possible circumstances, to increase income, avoid unjustified income, maintain a position in the market for goods, works, services, or obtain other commercial benefits.” The concepts of trade secret regime are also considered; owner of such information; transfer and provision of information constituting a trade secret, etc. In Art. 5 lists data that cannot constitute a trade secret. The Federal Law “On Trade Secrets” also talks about protecting the confidentiality of information and the consequences of failure to take the necessary measures to protect such information.

The Federal Law “On Credit Histories” talks about the creation unified system formation, storage and disclosure of information about the conscientious fulfillment by borrowers of obligations to creditors. The law introduces a legal definition of credit history, regulates its composition, the procedure for its formation, the basis for storing and using credit histories, as well as the range of subjects of these legal relations, which include: borrowers, credit history bureaus, users of credit histories, the Central Catalog of Credit Histories.

On February 2, 2010, Order No. 58 of the Federal Service for Technical and Export Control (FSTEC of Russia) was issued approving the regulations on methods and means of protecting information in personal data information systems . This provision was developed in accordance with the Regulations on ensuring the security of personal data during their processing in personal data information systems, approved by Decree of the Government of the Russian Federation of November 17, 2007 No. 781 (Collected Legislation of the Russian Federation, 2007, No. 48, Art. 6001) . This provision establishes methods and means of information protection used to ensure the security of personal data during their processing in personal data information systems by state bodies, municipal bodies, legal entities or individuals organizing and (or) carrying out the processing of personal data, as well as determining the purposes and content processing of personal data. This Regulation does not address issues of ensuring the security of personal data classified in the prescribed manner as information constituting state secrets, as well as issues of the use of cryptographic methods and methods of protecting information.

1.2. Definition of the concept of “personal data” in scientific literature

The legal literature presents an ambiguous classification of information (information) protected by law.

So, V.A. According to access to information, Kopylov divides it into open and limited access.

He refers to open information as information as an object of civil rights (works, patents, copyright certificates); mass information; information about elections, referendum (data about the preparation of elections, referendum and voting results); official documents (documents adopted by legislative, executive and judicial authorities that are of a mandatory, advisory or informational nature); mandatory submission (control copies of documents submitted to statistical authorities, registration and other such information); scientific, legal and other information.

Restricted information includes information constituting a state secret; know-how, trade secret, personal data (in order to protect personal secrets), other restricted information.

Information about citizens (personal data), according to V.A. Kopylov, is created by citizens themselves in their daily activities, including those related to the implementation of rights and freedoms (rights to work, housing, recreation, medical care, social insurance, pension provision, freedom of speech and much more) and performance of duties (for example, military duty) and is presented as information about oneself (personal data) to various subjects.

I.V. Smolkova gives the following classification:

1. State (including military) secrets.

2. Confidential information.

· Personal secrets (including personal data)

· Family secret

· Professional confidentiality

· Trade secret

In the opinion of V.A. Mazurov information can be classified as follows: information of open access, limited access (confidential information (private life secret, professional secret, official secret, commercial secret) and state secret).

The presence of several points of view regarding the classification of information confirms that in the scientific research literature there is no consensus on issues of personal data. They are being studied more and more deeply, which provides more complete knowledge about restricted information, and the adoption of many legislative acts aimed at protecting various types secrets, provide better protection of personal data. But still, the creation of a legal framework for the protection of various types of information, and personal data in particular, is in its infancy. Despite the fact that the number of regulations regulating certain aspects of various types of information is large. It cannot be said that legal support for the protection of personal data satisfies the needs of modern society.

Chapter 2

Protection of personal information.

2.1. Protection of personal information.

The need to protect and protect personal data is beyond doubt. On this moment Russian legislation makes every effort to prevent violations of the rights of state citizens in the field of personal data. There are a lot of laws ensuring information security, which are updated every year, creating ever greater conditions for maintaining the confidentiality of personal data. In recent years, the Russian Federation has implemented a set of measures to improve its information security. Measures were taken to ensure information security in federal government bodies, government bodies of constituent entities of the Russian Federation, at enterprises, institutions and organizations, regardless of their form of ownership.

International cooperation of the Russian Federation with countries of the world community in the field of ensuring information security contributes to increasing information security. This is an integral component of political, military, economic, cultural and many other types of interaction between countries that are part of the world community.

The state information protection system is a set of bodies and executors, the information protection technology they use, as well as objects of protection, organized and functioning according to the rules established by the relevant legal, organizational, administrative and regulatory documents in the field of information security. It is also an integral part of the national security system of the Russian Federation and is designed to protect the security of the state from external and internal threats in the information sphere.

The state information protection system as a more complex system includes subsystems for licensing the activities of enterprises in the field of information protection, certification of information protection means and certification of informatization objects according to information security requirements.

Bodies that regulate the protection of personal data:

· federal Service technical and export control (FSTEK of Russia) and its territorial bodies(regional departments in the constituent entities of the Russian Federation)

· Federal executive authorities, other bodies and organizations of the Russian Federation, whose senior employees are members of the FSTEC board of Russia by position (Ministry of Justice, Ministry of Defense, Ministry of Emergency Situations, Ministry of Internal Affairs, Ministry of Foreign Affairs, Ministry of Industry, Ministry of Economic Development, Ministry of Natural Resources, FSO, FSB, SVR, GUSP, RAS , CBR)

· Structural units for information protection federal bodies executive power, other government bodies and organizations of the Russian Federation

· Enterprises carrying out work using information classified as restricted information, and their information protection departments

· Research organizations on information security issues

· Organizations that develop information security tools, secure technical means and means of monitoring the effectiveness of information security

· Companies providing services in the field of information security

· Organizations of the Federal Agency for Technical Regulation and Metrology (formerly Gosstandart of Russia), performing standardization work in the field of information security

· Bodies of the licensing system for activities in the field of information security

· Bodies of the information security certification system

· Bodies of the certification system for objects of protection according to information security requirements

Legal measures - the activities of legislative bodies to create a legal framework that ensures the proper generation, dissemination and use of information; regulating the activities of entities involved in the creation, transformation and consumption of information; providing for liability for violations in the information sphere, measures to ensure the security and legal protection of information, information infrastructure.

The legal basis for the mechanism for protecting personal data has been formed in two directions: specialized legislation and other legislation that only partially contains legal norms guaranteeing privacy and regulating the scope of personal data protection. Specialized legislation includes such legal acts as: Federal Law “On Personal Data” dated July 27, 2006, Federal Law “On Information, Information Technologies and Information Protection” dated July 27, 2006, Decree of the President of the Russian Federation dated March 6, 1997. No. 188, approving the “List of Confidential Information”, and others.

Legal norms regulating work with personal data are also contained in Chapter 14 of the Labor Code of the Russian Federation “On the Protection of Personal Data of an Employee”, in the Law “On Archiving in the Russian Federation” of October 22, 2004 (Article 25), in the Law “ On operational investigative activities" (Articles 3, 5, 9, 10, 12, 21), in the Law "On the Mass Media" (Articles 41, 43, 46, 51, 57), the Law "On Individual (Personified ) registration in the state pension insurance system”, according to which personal data is contained in the individual personal account of the insured person, the rules on the protection of information obtained during the All-Russian population census (personal data) are contained in the Law “On the All-Russian population census”.

In the European Union, the Council of Europe Convention “On the Protection of Individuals with regard to Automatic Processing of Personal Data”, signed in Strasbourg (France) in 1981, is devoted to the protection of the interests of owners of personal data that have been subjected to electronic processing. The Federal Law on the ratification of the Convention was signed by the President of the Russian Federation on December 19, 2005.

In accordance with Art. 5 of the Convention, personal data subject to automated processing:

a) are collected and processed on a fair and lawful basis;

b) are stored for specified and lawful purposes and are not used in any other way incompatible with those purposes;

c) are adequate, relevant and not excessive for the purposes of their storage;

d) are accurate and updated when necessary;

e) are stored in a form that allows the identification of data subjects for no longer than is required for the purposes of storing this data.

The main Law regulating the protection of personal data in the Russian Federation is the Federal Law “On Personal Data”. The basis of this Law is the basic principles and conditions for the processing of personal data, which were developed in pursuance of the provisions of the Council of Europe Convention on the Protection of Individuals with regard to Automatic Processing of Personal Data, as well as the provisions of Directive of the European Parliament and the Council of Europe 95/46/EC on the Protection of individuals in relation to the processing of personal data and the free circulation of this data" and Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the protection of personal data and the protection of personal data in the electronic communications sector, which replaced the Directive of the European Parliament and Council of Europe 97/66/EC of December 15, 1997, regulating the use of personal data and guaranteeing privacy in the field of telecommunications.

Principles and conditions for the processing of personal data, which are also supplemented by mandatory basic requirements requirements for activities related to the processing of personal data comply with the principles and criteria concerning personal data and the legitimization of their processing established in Articles 6 and 7 of Directive 95/46/EC. Article 5 of the Law “On Personal Data” establishes six principles for the processing of personal data that protect a person’s personal information; These principles are similar to those contained in many European legal acts. First, personal data must be collected and used lawfully and fairly. This provision states that personal data must be collected and used in accordance with the legislation of the Russian Federation and only with the consent of the subject of personal data, but with the exception of cases clearly specified in Part 2 of Article 6 of the Law, when such consent is not required. The subject of personal data must give consent to the processing of his personal data in writing; the content of this document is clearly established in paragraph 4 of Article 9 of the Law. For example, the written consent of the subject must necessarily indicate the purpose of processing personal data and their list, as well as the period during which the consent is valid and the procedure for its revocation.

Secondly, the previously clearly defined purposes for using personal data should not be changed. Personal data cannot be collected and used for other purposes about which the subject who gave written consent to the processing of his data was not informed in advance (clause 2, part 1, article 5).

Thirdly, the volume, nature and methods of processed personal data must correspond to the purposes of processing personal data. This rule is aimed at excluding situations when, when collecting personal data, they try to obtain other personal information that goes beyond the stated purposes.

Fourthly, personal data must be reliable, and the volume of personal information collected must be justified by the purposes of its collection. The amount of personal data collected should not be excessive unless it serves specific and legitimate purposes. Moreover, if it is discovered that errors have been made and personal data is inaccurate, the subject of personal data has the right to make the necessary changes (clause 3, Article 20).

Fifthly, the Law prohibits the consolidation of personal data into a single information system of personal data that was collected by personal data operators for different purposes. This rule is aimed at avoiding a situation where a telecom operator maintains a database of a person’s personal data, and in the event of a leak of such a database, the person will be vulnerable to unauthorized and dishonest use of this information.

And finally, sixthly, the storage of personal data must be carried out in a form that makes it possible to identify the subject of personal data, no longer than required by the purposes of their processing, and they must be destroyed upon achieving the purposes of processing or in the event of the loss of the need to achieve them. This norm corresponds to paragraph “e” of Article 5 of the Convention “On the Protection of Individuals with Automatic Processing of Personal Data” and is also aimed at protecting the subject of personal data from unauthorized use of his personal data. It is worth keeping in mind that this rule does not apply to a person’s personal data contained in archival documents, the storage period of which is established by the Law “On Archiving in the Russian Federation” of 2004.

The Information Security Doctrine of the Russian Federation, approved by the President of the Russian Federation on September 9, 2000. represents a set of official views on the goals, objectives, principles and main directions of ensuring information security of the Russian Federation. The information security doctrine defines 4 main components of the national interests of the Russian Federation in the information sphere, including compliance with the constitutional rights and freedoms of man and citizen in the field of obtaining and using information, as well as protecting information resources from unauthorized access, ensuring the security of information and telecommunication systems.

This doctrine provides the basis for:

· Formation of state policy in the field of ensuring information security of the Russian Federation;

· Preparation of proposals for improving the legal, methodological, scientific, technical and organizational support for information security of the Russian Federation;

· Development of targeted programs to ensure information security of the Russian Federation.

This Doctrine develops the Concept of National Security of the Russian Federation in relation to the information sphere.

Paragraph 2 of the Regulations on ensuring the security of personal data during their processing in personal data information systems states that the security of personal data is achieved by excluding unauthorized, including accidental, access to personal data, which may result in destruction, modification, blocking, copying, distribution of personal data, as well as other unauthorized actions. Paragraph 10 states that the security of personal data during their processing in the information system is ensured by the operator or the person to whom, on the basis of an agreement, the operator entrusts the processing of personal data (hereinafter referred to as the authorized person). When processing personal data in the information system, the following must be ensured:

· carrying out measures aimed at preventing unauthorized access to personal data and (or) transfer to persons who do not have the right to access such information;

· timely detection of facts of unauthorized access to personal data;

· preventing influence on technical means of automated processing of personal data, as a result of which their functioning may be disrupted;

· constant monitoring of ensuring the level of security of personal data.

· the ability to immediately restore personal data modified or destroyed due to unauthorized access to it;

2.2. Responsibility for violation of work with personal data

The law establishes that persons guilty of violating the requirements of this Law bear civil, criminal, administrative, disciplinary and other liability provided for by the legislation of the Russian Federation. In case of violation of the rights of the subject of personal data, he may appeal against actions or inactions to the Authorized Body for the Protection of Personal Data or in court. The authorized body for the protection of the rights of the subject of personal data is a new institution for Russia, whose activities are aimed at exercising control and supervision over the processing of personal data. The authorized body has the right to file claims in court to protect personal data and represent the interests of personal data subjects in court.

Disciplinary liability must be established by the internal rules of the organization (in this case, the operator). In the form of disciplinary liability, an employee who has committed any disciplinary offense in connection with the processing of personal data that does not entail administrative, civil or criminal liability may be given a reprimand, reprimand, or may be dismissed on the appropriate grounds provided for in Article 81. Labor Code of the Russian Federation. The Labor Code of the Russian Federation does not clearly establish the type of disciplinary liability for violating the procedure for processing personal data, but only states that civil, criminal, administrative, and disciplinary liability are also established for violation of the rules for protecting an employee’s personal data.

As for civil liability, the subject of personal data in civil proceedings may demand compensation for losses and (or) compensation for moral damage.

In accordance with Article 13.11 of the Code of the Russian Federation on Administrative Offenses (CAO), administrative liability is provided for violation of the procedure established by the Law “On Personal Data” for the collection, storage, use or dissemination of information about citizens (personal data) in the form of a warning or the imposition of an administrative fine on citizens in in the amount of three to five minimum wages (minimum wages), from five to ten minimum wages for officials and from fifty to one hundred minimum wages for legal entities. Disclosure of information to which access is limited by federal law by a person who has gained access to such information in connection with the performance of official or professional duties entails the imposition of an administrative fine on citizens in the amount of five to ten minimum wages, and on officials in the amount from forty to fifty minimum wage.

Since the protection of a person’s personal data is an integral part of the institution of guarantees of the inviolability of a person’s private life, the norms of a special part of the Criminal Code of the Russian Federation regarding criminal liability for violating the inviolability of a person’s private life also apply to the procedure for protecting personal data. Thus, Article 137 of the Criminal Code of the Russian Federation establishes criminal liability for the illegal collection or dissemination of information about the private life of a person, constituting a personal or family secret, without his consent, or the dissemination of this information in a public speech, publicly displayed work or the media. The specified acts are punishable by a fine in the amount of up to two hundred thousand rubles or in the amount of the wages or other income of the convicted person for a period of up to eighteen months, or by compulsory labor for a term of up to one year, or by arrest for a term of up to four months. The same acts committed by a person using his official position are punishable by a fine in the amount of one hundred thousand to three hundred thousand rubles or in the amount of wages or other income of the convicted person for a period of one to two years, or by deprivation of the right to hold certain positions or engage in certain activities. activities for a period of two to five years, or arrest for a period of four to six months.

Conclusion

Thus, after analyzing the situation regarding the protection of personal data, the following conclusions can be drawn.

There are several points of view regarding the classification of information, but in general, it can be divided into open and restricted access information. Restrictions on access to information can only be established by federal laws. The list of restricted access information is established in the Presidential Decree “On approval of the list of confidential information.” This information also includes personal data.

Following Article 3 of the Federal Law “On Personal Data”, the following definition of the concept “personal data” can be formed - any information relating to an individual identified or determined on the basis of such information (subject of personal data), including his last name, first name, patronymic , year, month, date and place of birth, address, family, social, property status, education, profession, income and other information.

Also, thanks to regulations and research work, it becomes clear that personal data is confidential information and that legal liability arises for violation of work with it.

Regarding the protection of personal data, it should be noted that the security of personal information is at a high level. This is facilitated by both the legal framework and numerous technical controls. The legislation of European countries and the Russian Federation provides for almost all the necessary norms to protect this category of legal relations. The main law regulating work with personal data is the Federal Law “On Personal Data”. It describes the basic principles and conditions for the processing and protection of such information.

The law establishes that persons guilty of violating the requirements of this law bear civil, criminal, administrative, disciplinary and other liability provided for by the legislation of the Russian Federation.

The abundance of regulations governing relations in the field of personal data ensures reliable protection security of restricted access information, but it should be noted that it is necessary to further improve the mechanisms for protecting personal data at the disposal of federal government bodies, government bodies of constituent entities of the Russian Federation, local governments, etc.

List of sources and literature

Sources

1. The Constitution of the Russian Federation was adopted by popular vote on December 12, 1993 – M., 2002.

2. Universal Declaration of Human Rights (adopted at the third session of the UN General Assembly by resolution 217 A (III) of December 10, 1948)//SPS Consultant Plus, 2009

3. Convention for the Protection of Human Rights and Fundamental Freedoms (Rome, November 4, 1950) (as amended September 21, 1970, December 20, 1971, January 1, November 6, 1990, May 11, 1994) //SPS Consultant Plus, 2009

4. International Covenant on Civil and Political Rights (New York, December 19, 1966) // SPS Consultant Plus, 2009

5. Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data of January 28, 1981 (ratified by the Russian Federation on December 19, 2005) // SPS Consultant Plus, 2009

6. Federal Law of the Russian Federation of July 27, 2006 N 152-FZ “On Personal Data”//SPS Consultant Plus, 2009

7. Federal Law of the Russian Federation of July 27, 2006 N 149-FZ “On information, information technologies and information protection” // SPS Consultant Plus, 2009

8. Federal Law of the Russian Federation of August 12, 1995 No. 144-FZ “On operational investigative activities” // SPS Consultant Plus, 2009.

10. List of confidential information (approved by Decree of the President of the Russian Federation of March 6, 1997 N 188) // SPS Consultant Plus, 2009.

11. Civil Code of the Russian Federation of November 30, 1994 N 51-FZ (with amendments and additions that entered into force on January 11, 2009) // SPS Consultant Plus, 2009.

12. Criminal Code of the Russian Federation of June 13, 1996 No. 63-FZ (as amended on December 30, 2008) // SPS Consultant Plus, 2009.

13. Code of the Russian Federation on Administrative Offenses of December 20, 2001 N 195-FZ (as amended on December 30, 2008) // SPS Consultant Plus, 2009

14. Labor Code of the Russian Federation of December 30, 2001 N 197-FZ (as amended on July 24, 25, 2002, June 30, 2003) // SPS Consultant Plus, 2009

15. Regulations on ensuring the security of personal data during their processing in personal data information systems dated November 17, 2007. N-781 (approved by Decree of the Government of the Russian Federation) // SPS Consultant Plus, 2009.

Bibliography

1. Alimova N.A. Large personnel directory. - M.: Publishing and trading corporation "Dashkov and K", 2007. - 536 p.

2. Kopylov V.A. Information law. M.: Yurist, 2005. – 512 p.

3. Magnitskaya E.V. Jurisprudence: textbook, E.V. Magnitskaya, E.P. Evstigneev: Peter, 2003. - 512 p.

4. Mazurov V.A. Criminal legal aspects of information security: tutorial– Barnaul: Alt Publishing House. Univ., 2004. – 288 p.

5. Polyakov V.V., Mazurov V.A. Problems of legal and technical protection: collection. scientific Art. / Altai State University, 2008. – 179 p.

6. Saidov A.G. Constitutional and legal foundations for ensuring information security of the Russian Federation: abstract: Makhachkala, 2004. – 26 p.

7. Smolkova I.V. Problems of legally protected secrets in criminal proceedings. – M.: 1999. – 346 p.

8. Theory of operational-search activity: textbook. Ed. – comp. K.K. Goryainov, V.S. Ovchinsky, G.K. Sinilov - M.: List New, 2008. - 842 p.

9. Yarochkin V.I. Information security: a textbook for universities. - M.: Gaudeamus, 2004. - 544 p.

The Constitution of the Russian Federation, adopted in a national referendum on December 12, 1993 // SPS Consultant Plus, 2009.

Magnitskaya E.V. Jurisprudence: textbook, E.V. Magnitskaya, E.P. Evstigneev: Peter, 2003. – P. 346.

Saidov A.G. Constitutional and legal foundations for ensuring information security of the Russian Federation: Makhachkala, 2004. – P. 24.

Yarochkin V.I. Information Security. – M.: Gaudeamus, 2004. – P.31-49, 99-117.

Polyakov V.V., Mazurov V.A. Problems of legal and technical protection: collection. scientific Art. / Altai State University, 2008. – pp. 73-76.

Alimova N.A. Large personnel directory. - M.: Publishing and trading corporation "Dashkov and K", 2007. - P. 126-129, 192-196.

Mazurov V.A. Criminal legal aspects of information security: Altai University Publishing House, 2004. – pp. 12-16.

Universal Declaration of Human Rights (adopted at the third session of the UN General Assembly by resolution 217 A (III) of December 10, 1948) // SPS Consultant Plus, 2009.

Convention for the Protection of Human Rights and Fundamental Freedoms (Rome, November 4, 1950) (as amended September 21, 1970, December 20, 1971, January 1, November 6, 1990, May 11, 1994) // SPS Consultant Plus, 2009 Art. 8.

International Covenant on Civil and Political Rights (New York, December 19, 1966) // SPS Consultant Plus, 2009. Art. 17.

Constitution of the Russian Federation of December 12, 1993//SPS Consultant Plus, 2009, Art. 15

Federal Law No. 152-FZo “personal data” // SPS Consultant Plus, 2009. Chapter 1 Article 2

Federal Law No. 152-FZ on “personal data” Chapter 1 Article 3: operator - a state body, municipal body, legal entity or individual that organizes and (or) carries out the processing of personal data, as well as determining the purposes and content of the processing of personal data ;

Federal Law N24-FZ “On Information, Informatization and Information Protection” dated February 20, 1995 // SPS Consultant Plus, 2009. Art.

Mazurov V.A. Criminal legal aspects of information security: textbook - Barnaul: Alt Publishing House. Univ., 2004. – P. 244.

Regulations on ensuring the security of personal data during their processing in personal data information systems dated November 17, 2007. N-781 // SPS Consultant Plus, 2009, paragraph 11.

Federal Law of the Russian Federation of July 27, 2006 N 152-FZ “On Personal Data” // SPS Consultant Plus, 2009, Art. 24.

Labor Code of the Russian Federation of December 30, 2001 N 197-FZ (as amended on July 24, 25, 2002, June 30, 2003) // SPS Consultant Plus, 2009, Art. 13.14.