home-Shoes-Dissemination of personal information. Personal data: what it is, types and what applies to it by law

Dissemination of personal information. Personal data: what it is, types and what applies to it by law

Disclosure of personal data 137 of the Criminal Code of the Russian Federation - Article of the law qualifies this act as criminal, entailing criminal liability. The essence of the legal concept of personal data, the need to legally protect the confidentiality of a person’s private life, responsibility for the disclosure of personal data - all these issues are discussed in our article.

Types of liability for disclosure of personal data

Every person is endowed by the Constitution of the Russian Federation with the right to maintain the secret of private life (Article 23). The protection of this right is ensured by complying with the provisions of Art. 24 of the Constitution, which declares that the collection and dissemination of information about personal, family life a person without his consent are illegal.

The meaning of the legal term “personal data” is formulated in Federal Law No. 152-FZ dated July 27, 2006. This is any information about various data characterizing the subject: personal, property, social information about an individual. This information has the following criteria:

  • refers to a specific person;
  • or allows you to identify a specific person.

This interpretation requires comment. Important in the interpretation of the criterion “information allowing to identify a specific person” is the interaction of the concepts of “personal data” and “individual”.

Example

There is an individual - Ivanov Ivan Ivanovich. Obviously, the specified personal data will not allow one to unambiguously identify a specific person, because there are probably a lot of people with such “parameters”. However, F.I.O. is the personal data of an individual known to us.

The information “Ivanov Ivan Ivanovich, passport 45 08 No. 123456” allows you to identify (define) a specific person - to select from a large group one with an accurate description.

Personal data includes full name, identity card details, place and date of birth, address, education, marital, property status, insurance certificate number and other similar information relating exclusively to a specific person.

The employer's personnel service, by virtue of its functions, collects documents from employees and compiles their personal files for the purposes of the established procedure for personnel records. An employee’s personal file contains information about family, personal life, position and amount of remuneration for work, identity cards, etc. The documentary composition of personal files is the personal data of employees, and the employer, following the provisions of the law, is obliged to ensure their protection (Article 18.1 of Law No. 152-FZ).

Art. 7 of Law No. 152-FZ establishes the confidentiality status of personal data. This article generally prohibits persons having access to personal information, disclose this information without the consent of its owner.

Failure to comply with this norm will result in liability (Article 24 of Law No. 152-FZ). Its main types are as follows:

  • disciplinary - according to the Labor Code of the Russian Federation;
  • administrative - according to the Code of Administrative Offenses of the Russian Federation;
  • criminal - according to the Criminal Code of the Russian Federation.

Art. 81 (on the disclosure of personal data that became available in connection with the execution job responsibilities) and 90 of the Labor Code of the Russian Federation (on violation of the procedure for receiving, storing, processing information that has characteristics of personal information) as a maximum measure of liability for disclosure personal information called dismissal.

According to Art. 13.11 and 13.14 of the Code of Administrative Offenses of the Russian Federation, disclosure of personal data is punishable by an administrative fine.

Criminal liability under Art. 137 of the Criminal Code of the Russian Federation

Those guilty of failure to comply with the conditions for obtaining, storing and protecting information constituting personal data may also be subject to criminal liability.

Art. 137 of the Criminal Code of the Russian Federation names non-compliance with privacy as a crime. Let's turn to the concept of privacy. Art. 152.2 of the Civil Code of the Russian Federation defines a person’s private life as information about his origin, place of residence, personal, family life, etc. The list of information is open. Comparing the definitions of private life in civil legislation and personal data in Law No. 152-FZ, we can conclude that these concepts are identical.

Deliberate actions, expressed in the illegal collection and dissemination of information about a person’s private life without his consent, are recognized as a crime punishable under Art. 137 of the Criminal Code of the Russian Federation, i.e. entail criminal liability.

The qualifying feature of this crime is the fact of using one’s official position when committing these actions.

Criminal liability is defined as:

  • or a fine;
  • or compulsory, forced or correctional labor;
  • or imprisonment.

Results

Disclosure of a person's personal data without his consent is illegal and entails liability in accordance with labor, administrative, and in the case of intentional actions - criminal law.

Responsibility for violations of 152-FZ is stated in the most different laws. First of all, these are the Code of Administrative Offenses, the Labor Code, the Civil Code and the Criminal Code. Usually the violating company and its employees pay fines, but the punishment is not limited to fines.

Disciplinary responsibility

Chapter 14 of the Labor Code concerns the protection of personal data of workers. They can appeal the employer's actions when processing their personal data in court, and employees guilty of violations may receive a reprimand, reprimand, or be fired. Dismissal at the initiative of the employer is possible for the disclosure of any secret protected by law, including the personal data of another employee. Be careful when telling anyone about your coworkers.

Criminal liability

The Criminal Code warns against the illegal collection or dissemination of information about a person’s private life that constitutes a person’s personal or family secret, without his consent. The punishment may be a fine of up to 300,000 rubles. and above, forced labor, as well as imprisonment for up to 4 years. Isn't that a harsh punishment for invading privacy?

Administrative responsibility

The Code of Administrative Offenses makes it possible to fine an individual or official, individual entrepreneur or company for failure to comply with 152-FZ of 10,000 rubles. A fine can be imposed not only on the company, but also on the employee: the manager or the person responsible for organizing the processing of personal data.

Also, the company may be fined up to 20,000 rubles if it does not comply with Roskomnadzor’s order on time or does not respond to its request. Violations of labor laws, including Chapter 14 Labor Code, are punishable by a fine of up to 50,000 rubles. It may be unpleasant news for the company that not only Roskomnadzor, but also the Labor Inspectorate is interested in how it processes personal data.

Civil liability

The Law “On Personal Data” gives individuals the right to compensation for moral and property damage, as well as losses incurred. The amount of compensation will be determined by the court and is not limited in advance.

The best way to protect yourself and your company from fines and other types of liability is to carefully comply with the requirements of the legislation on personal data. This is very easy to do using our service.

What is personal data from the point of view of the Criminal Code of the Russian Federation

According to paragraph 1 of Art. 3 Federal Law “On Personal Data” dated July 27, 2006 No. 152-FZ, personal data is any information that in one way or another relates to an individual and allows him to be identified. In other words, it can be anything - from a person’s last name to his anthropometric features.

By Decree of the President of the Russian Federation dated March 6, 1997 No. 188, information about the private life of a citizen is classified as confidential information and, therefore, is not subject to disclosure or unauthorized collection.

Criminal legal protection of this type of information is implemented in Art. 137 of the Criminal Code of the Russian Federation. The name of the norm allows it to be extended to all types of information about facts, circumstances and events in the private life of a citizen.

Thus, to the concept “ private life", the inviolability of which is protected by Art. 137 of the Criminal Code of the Russian Federation, the following information about a person can be included:

  • data directly about the person himself, including details of identification documents, information about the place of stay (residence) of the person and his home;
  • information about relatives and other close people;
  • information constituting another secret protected by law (information about deposits and accounts in credit organizations, about adoption, the content of telephone conversations, correspondence (including electronic), telegraph messages, the fact of drawing up and content of a will, etc.).

In addition, this same category includes information classified as tax, lawyer, medical secrets, information received during confession (secret of confession).

Collection of such information, and especially disclosure without the consent of its owner, is possible only in cases expressly provided for by law. For example, as part of an investigation or consideration of a criminal case, during the execution of a court decision, etc.

In other situations, the collection and dissemination of data about private life is a direct violation of Art. 23-24 of the Constitution of the Russian Federation. A person who commits such a violation risks being subject to criminal prosecution.

Important! The disclosure of certain information classified as secret may be subject to other, narrower provisions of the Criminal Code of the Russian Federation. For example, liability for violation of the secrecy of adoption by an official obliged to maintain its confidentiality arises under Art. 155 of the Criminal Code of the Russian Federation.

Signs of a criminal offense under Article 137 of the Criminal Code of the Russian Federation

According to the disposition of Art. 137 of the Criminal Code of the Russian Federation responsibility for disclosure of personal data occurs when the following occur simultaneously:

  • illegality of collection and (or) dissemination of information;
  • lack of consent of its bearer for collection or disclosure.

At the same time, the norm provides for the so-called alternative disposition, recognizing as criminally punishable, in addition to the above actions, also the dissemination of information about a person’s private or family life through the media, in a public speech or a publicly displayed work (including fiction).

In other words, publicity is not a mandatory sign of a crime, it is just a special case of it. To trigger criminal liability, it is sufficient to transfer confidential data to 1 person.

There is a very extensive jurisprudence on this matter. In particular, the appeal ruling of the judicial panel for criminal cases of the Tambov Regional Court dated August 20, 2015 in case No. 33-2375/2015 upheld the conviction under Part 2 of Art. 137 of the Criminal Code of the Russian Federation in relation to a narcologist who provided information about the patient’s diagnosis to a third party.

Qualifying features

Aggravated offenses Art. 137 of the Criminal Code of the Russian Federation are contained in its 2nd and 3rd parts.

Thus, Part 2 provides for liability for the disclosure of confidential information about a person by a person who used his official position for this. As an example, we can again cite a doctor who violated medical confidentiality.

To qualify a crime under Part 2 of Art. 137 of the Criminal Code of the Russian Federation, the content of regulatory legal acts regulating professional activity the culprit. For example, by virtue of the Federal Law “On the protection of the health of citizens in the Russian Federation” dated November 21, 2011 No. 323-FZ, medical confidentiality constitutes absolutely any data about seeking medical help, diagnosis, progress and results of examination and treatment, etc.

Important! All persons who have it in their possession in connection with the performance of their official duties are obliged to keep this information confidential. That is, not only a doctor, but also any other employee of a medical institution, including nursing and junior medical staff, can be punished for illegal disclosure of such information.

Part 3 art. 137 of the Criminal Code of the Russian Federation contains sanctions for the disclosure of data about minors who are under 16 years of age. However, the age of the victim is not the only condition for liability under this part of the rule. Qualification depends on the nature of the disseminated information, the method and consequences of its disclosure.

Thus, as a mandatory feature of Part 3 of Art. 137 of the Criminal Code of the Russian Federation provides for the disclosure of information about a teenager through the media, public speaking, information and telecommunication networks (including the Internet). In this case, the information disseminated must be expressed in a description of the suffering of a minor suffered in connection with the commission of a crime against him, or provide other information on a criminal case in which the teenager is one of the parties.

One more thing required condition: as a result of a violation of privacy, the child suffered physical or moral harm (mental disorder, harm to health) or suffered other serious consequences.

The courts do not have a common position on the wording “other grave consequences”:

  • For example, the Supreme Court of the Republic of Sakha (Yakutia), in its appeal ruling dated December 22, 2015 No. 23-2013, considered the qualification of the defendant’s actions under Part 3 of Art. 137 of the Criminal Code of the Russian Federation in a situation where the consequences of disclosing information about a minor resulted in causing significant damage to his legal representatives.
  • At the same time, the appeal ruling of the Arkhangelsk Regional Court dated November 16, 2015 No. 15-2015 contains a diametrically opposite conclusion regarding an almost similar case. The appellate instance reclassified the actions of the defendant under Part 1 of Art. 137 of the Criminal Code of the Russian Federation.

Punishment for disclosing personal data

Punishment under Art. 137 of the Criminal Code of the Russian Federation ranges from a fine to imprisonment. Committing an unaggravated crime (Part 1 of Article 137 of the Criminal Code of the Russian Federation) faces one of the following penalties:

  • a fine of up to 200,000 rubles. (as an option, in the amount of one and a half year’s salary of the perpetrator);
  • compulsory or corrective labor for up to 360 hours or up to 1 year, respectively;
  • up to 4 months of arrest;
  • up to 2 years of imprisonment.

For persons who disclose confidential personal information in connection with their official position, the punishment will be more severe:

  • the minimum fine in this case will be 100,000 rubles, the maximum - 300,000 rubles;
  • compulsory work in Part 2 of Art. 137 are not provided for, and the forced period is increased to 4 years;
  • the duration of arrest was extended to 5 months, the term of imprisonment - to 5 years.

The most severe consequences await those found guilty of disclosing information about minors:

  • according to Part 3 of Art. 137 of the Criminal Code of the Russian Federation they will have to pay from 150,000 to 350,000 rubles. fine or forced labor for up to 6 years;
  • Alternatively, arrest for up to six months or up to 6 years in prison is possible.

Art. 137 of the Criminal Code of the Russian Federation is one of the most complex norms in terms of qualification of a crime. For her correct interpretation it is necessary to take into account the requirements of related branches of legislation. In particular, one cannot avoid turning to laws regulating the handling of personal data, regulating the activities of various departments and revealing the concept of secrecy.

IN Lately There has been a trend toward intensive collection of information about the private lives of citizens. This is facilitated by the penetration of electronics into all spheres of life; computerization has become an integral element of work, life and leisure.

IN Constitution of the Russian Federation determined that collection, storage, use and dissemination of information about a person’s private life without his consent is not permitted. Public authorities and bodies local government, their officials are obliged to provide everyone with the opportunity to familiarize themselves with documents and materials that directly affect their rights and freedoms, unless otherwise provided by law ( Art.24). The mentioned documents and materials can be considered as sources containing personal data.

The operator carries out its functions within the limits of authority, which are determined by special legal acts.

Yes, by order of the administration Kulebaksky district Nizhny Novgorod region functions for ensuring registration of citizens were transferred LLC "Center-SBK". The prosecutor, in defense of the interests of an indefinite number of persons, filed a petition in court to challenge the actions of the head of local government of the Kulebaksky district, who issued the indicated order in violation of current legislation.

Judicial Collegium for Civil Cases of the Armed Forces of the Russian Federation, considering the dispute by way of supervision, found the prosecutor’s submission to be satisfied and gave the following arguments.

By general rule the processing of personal data can be carried out by the operator with the consent of the subject of personal data. In this case, the obligation to provide evidence of obtaining the consent of the subject of personal data to the processing of his personal data, and in the case of processing publicly available personal data, the obligation to prove that the processed personal data is publicly available rests with the operator. In the event of the death of a citizen, consent to the processing of his personal data is given in writing heirs, if such consent was not given by the subject of personal data during his lifetime ( Clause 7 Article 9). There is also an exhaustive list of grounds on which processing is carried out without consent.

The accumulation of information about the private life of citizens in state, municipal, public and other data banks leads the owners of these funds (banks) to the possibility different forms use.

IN Federal target program "Electronic Russia (2002-2010)" The main task of improving the activities of state authorities and local governments is to increase operational efficiency by ensuring compatibility of standards for information storage and document flow, creating interdepartmental and local information systems and databases.

Implementation provided Concepts for creating a system of personal population registration Russian Federation * (14) , which outlines:

The implementation of the totality of these activities will lead to the assignment of a digital designation (identifier, civil code) to the citizen. It is necessary to decide on which documents this code should be affixed and whether it is possible to use the same citizen code in different data banks. Having the same digital identification of a citizen in different information systems simplifies the possibility of exchanging data and requesting data, which does not correspond to the preservation of privacy. According to the results of a survey of Russian users of the national postal service mail.ru, 60% of respondents object to or are afraid of the creation unified register citizens with number at birth* (15) .

It should also be noted that the stated task of integrating various automated accounting systems does not correspond to those enshrined in Clause 1 Article 5 of the Law “On Personal Data” to the principle of the inadmissibility of processing personal data that is excessive in relation to the purposes stated when collecting personal data, and the principle of the inadmissibility of combining databases of personal data information systems created for mutually incompatible purposes.

The ability to obtain information about the operator, his location, and whether the operator has personal data related to the relevant subject of personal data should be called a guarantee that ensures the reliable content and fate of personal data.

Blocking of personal data by the authorized person himself can be considered as a temporary cessation of the accumulation, use, and dissemination of personal data.

Destruction of personal data can be in the form of destruction of material media of personal data or in the form of erasure of information in the information system.

According to Art.5 Federal Law “On Operational-Investigative Activities” materials obtained as a result of operational-search activities regarding persons whose guilt in committing a crime has not been proven in the manner prescribed by law are stored for one year and then destroyed, unless official interests or justice require otherwise. . Phonograms and other materials obtained as a result of wiretapping telephone and other conversations of persons against whom no criminal case has been initiated are destroyed within six months from the date of termination of wiretapping, and a corresponding protocol is drawn up.

It seems that in order to guarantee these provisions, it is necessary to make additions to the law on what are the grounds for the destruction of information and what is the fate of information during the liquidation and reorganization of the body storing information.

5.

Violation of the right to privacy and privacy of personal data is manifested either in the disclosure of secrets, communication of this information to third parties without the consent of the authorized person, or in the deletion, modification or blocking of personal data.

Judicial practice in this area depends on the level of democracy of society, real guarantees of the independence of judges, since clashes between the private interest of a citizen and state interest represented by various government departments are most often considered.

Let us present the following case, which reveals one of the ways to protect the right to privacy of personal data. So, in 1974 there was a suspicion that K.M. is a member of the group "Red Army Faction", this information was later refuted, and the investigation into this issue was stopped. However, fingerprints, photographs and other data remained in the data banks associated with Federal Criminal Police Office. According to the claim K.M. Bremen court(Germany) in 1980 made a decision to destroy all information about the plaintiff in the computers of the federal and state criminal police departments* (17) .

In another case, a different method of protection was chosen to ensure the preservation of secrecy. So, Department of Housing and Communal Services of the Tyumen Administration And municipal institution "Tyumen City Property Treasury" entered into a municipal contract with OJSC "Tyumen Settlement and Information Center", by virtue of which the company assumed obligations to store and maintain an archive of apartment cards and registration cards for houses of the municipal housing stock, including accepting documents from citizens for initial processing, checking the correctness of their execution and timely recording.

Since employees of the company cannot appear officials, responsible for registration and deregistration of citizens at the place of residence in the state and municipal housing stock, the court lawfully satisfied the prosecutor’s request to invalidate the municipal contract as not complying with current legislation ( Art. 168 Civil Code of the Russian Federation)* (18) .

A citizen may apply to the court for the restoration of accidentally or intentionally lost (destroyed, erased) personal data in any databases, or for the correction (replacement) of part of the personal data. The employee also has the right to demand from the employer, who made inaccuracy or incompleteness in the processing of personal data, to supplement the dossier (archive, database) with missing information, and to clarify incorrectly processed data.

Author of the article: M.N. Maleina (professor at Moscow State Law Academy)

* (1) Tereshchenko L.K. On the issue of the legal regime of information // Information law. 2008. No. 1.

* (2) See: Naumov V.B. Law and the Internet: essays on theory and practice. M., 2002. P. 132.

* (3) See: Naumov V.B. Decree. Op. P. 136.

* (4) Approved by decree of the Government of the Russian Federation of July 17, 1995.

* (5) See: Determination of the Armed Forces of the Russian Federation of October 22, 2008 No. 9-VPR08-20.

* (6) See: Zaman Shamima Hasmatuz. Civil status individuals in Germany, Italy, France and Russia: abstract. dis. ...cand. legal Sci. M., 2009. P. 7, 20.

* (7) Shakhov N.I. Theoretical and legal foundations of the function of ensuring by the state the right to inviolability of information about private life: abstract of thesis. dis. ...cand. legal Sci. Krasnodar, 2008. P. 8.

* (8) The concepts of “bank secrecy” already enshrined in regulations are formulated in the same way (Article 26 Federal Law“On banks and banking activities”), “medical confidentiality” (Article 61 of the Fundamentals of the legislation of the Russian Federation on the protection of the health of citizens), “advocate confidentiality” (Article 8 of the Federal Law “On advocacy and advocacy”), etc., the regime is determined secrets and stipulates what information does not fall under this regime.

* (9) See: Kalyatin V.O. Personal data on the Internet // Journal Russian law. 2002. №5.

* (10) See: Mikheev V.A. what's in your personal file? // News. 1990. 6 Aug.

* (11) See: Gagin A. Count us in // Russian newspaper. 2004. 27 Jan.

* (12) See: Resolution of the Federal Antimonopoly Service of the East Siberian District dated December 18, 2008 No. A58-558/08-F02-6318/08 in case No. A58-558/08.

* (13) See: Resolution of the Federal Antimonopoly Service of the Ural District dated January 23, 2009 No. Ф09-10531/08-С2 in case No. А07-9726/08.

* (14) Approved by order of the Government of the Russian Federation of June 9, 2005 No. 748-r.

* (15) See: Gagin A. Decree. Op.

* (16) See: Determination of the Constitutional Court of the Russian Federation of January 18, 2005 No. 39-O.

* (17) See: Gessner R., Herzog U. Behind the Facade of Law: Methods of the New Secret Police. M., 1990. P. 204.

* (18) See: Resolution of the Federal Antimonopoly Service of the West Siberian District dated September 28, 2006 No. F04-6235/2006(26736-A70-13), F04-6235/2006(26681-A70-13) in case No. A70-13852/26 -05.

Federal Law is constantly being improved and changed so that our freedom and rights, as well as our privacy, are always protected, and all access to personal data is protected by a thousand locks. But what is this - personal data? What is in the public domain and who has the right to request it? Is there a law regulating the non-disclosure of personal data?

Dear readers! Our articles talk about typical ways to resolve legal issues, but each case is unique.

If you want to know how to solve exactly your problem - contact the online consultant on the right or call free consultation:

What is personal data?

Individual

PD of ordinary citizens includes:

  • information about place and date of birth;
  • residence;
  • data contained in the passport;
  • SNILS;
  • benefits for individuals.

Employee

Employee PD includes information that is important for the employer in connection with employment.

It is also worth noting that the issue that concerns the management of employees’ personal files has not yet been regulated at the legislative level, so most often in practice the employer in them full details included.

Namely:

  • data specified in the passport;
  • SNILS;
  • military registration;
  • existing education;
  • a completed application form, which is given to the employee upon employment;
  • employment contract.

Physiological PD, which allow the operator to determine the identity of their owner.

Foreign distribution of PD. This type of information dissemination can be divided into three types:

  1. countries belonging to the Council of Europe Convention (CCE);
  2. countries that are not members of the CSE, but are implementing a set of measures aimed at protecting personal data rights;
  3. countries belonging to the CSE do not implement a set of measures aimed at protecting personal data rights.

If data is transferred last group, then a legal pretext, supported by law, or the consent of the owner, or a serious reason for preserving the interests of the owner himself is necessary.

Transfer of personal data to state information systems and municipal information systems. Here the processing takes place in accordance with the functioning Federal Laws.

Processing PD during political speeches or when promoting any goods, services or works. Restrictions controlled by the Federal Law: despite the acquisition of information from sources that are public, an indication of the owner’s agreement is required, the presentation of which may not be in writing.

Special categories

According to Federal Law dated July 27, 2006 N 152-FZ(as amended on February 22, 2017) “On personal data”, the PD categories are divided into four groups:

  • It is not permitted to process data that in one way or another touch on the topic of religion, political views, personal life, nationality, not counting those individual points indicated in paragraph 2.
  • Processing of the PD listed in paragraph 1 is permitted.

    • But provided that:

  1. written permission has been received from their owner for processing personal data;
  2. they are publicly available;
  3. PD is related to information related to the health of its owner, and access to it is currently necessary to preserve its vital functions;
  4. it is necessary when implementing judicial measures;
  5. it occurs due to the entry into force of the legislation of the Russian Federation on security and investigative activities.
  • Processing of PD about a criminal record can be carried out by state or municipal authorities in accordance with the Federal Law of the Russian Federation.
  • The processing of personal data, which is specified in paragraphs 2 and 3, must be immediately suspended when the reasons for which it was carried out cease to exist.


    • Which ones are public?

    The very fact of including PD into the category of “public” is possible only after the written agreement of its owner.

    Public access data may include (subject to paragraph 1) the following:

    • Year and place of birth;
    • place of residence, etc.

    If the individuality of personal data is lost, there is no need for permission from their owner to enter information into public access. All information PD is removed from public access at the request of the owner himself or by decision of the court, as well as other government agencies.

    Personal data information system and operator - what is it?

    Personal data information system (IS) is a system that is a connection of personal data located in a database and various types equipment, thanks to which PD processing using automation tools becomes a reality.

    A very important concept is “operator”. According to Federal Law-152, an operator is a state or municipal body, a legal entity or an individual who, alone or collectively with other persons processes PD, he also determines its purpose, necessity and composition.

    All procedures carried out to establish the protection of personal data during their processing in the information system should be carried out only by those people or companies that are members of the list previously created by the operator. And only they can have permission allowing them to access the data.

    It is also necessary to take preventive measures to help avoid prohibited access to information.

    For these purposes, all views and activity are recorded and reflected in electronic magazine, which is the responsibility of the operator to check.

    Constant monitoring of how PD is processed by operators, verification and control, and the procedure for protecting documentation is carried out by Roskomnadzor.

    Means of protection and protection of personal data

    Reliability PD is provided by:

    • establishing risks when processing personal data in the information system;
    • constant use of technical and organizational measures to establish security in accordance with the security levels established by the Government of the Russian Federation;
    • procedure for improving the means and effectiveness of protection;
    • constant review of machine PD media;
    • instant detection of unauthorized entry;
    • recovery of personal data that was infected with a virus or destroyed during a database hack;
    • recording and accounting of all actions that are performed in the information system;
    • cooperation with private security is used;
    • the database is protected by passwords known only to people who have access rights;

    Sample consent to provide personal data

    Providing PD is an action of a certain nature through which PD is disclosed to any person or group of persons.

    If you need to create consent to provide your personal data, then you must indicate in writing the following:

    • Full name, place of residence, data stated in the passport;
    • Full name and place of residence of the representative of the PD owner, data contained in the passport, power of attorney;
    • name or full name of the operator who receives consent;
    • the purposes for which PD is processed;
    • list of PD to which you consent to access;
    • the name or full name and address of the person who, as designated by the operator, will process the data;
    • the period during which permission to access the owner’s information will be valid;
    • signature of the PD owner.


    Refusal to provide to third parties

    Federal Law-N152 “On Personal Data” started operating in 2006., but a full report on their PD had to be provided since 2010, when Federal Law No. 210 “On the organization of the provision of state and municipal services” was adopted.

    And if now you receive calls from banks and collectors who will not leave not only you, but also your relatives and colleagues in peace, then it’s time to revoke your consent to process personal data. Of course, they have already been transferred to these organizations, but this step will help you scare away the ransomware.

    Keep in mind that the application must be sent not only to the actual address of the bank branch where you took out the loan, but also to the legal address.

    Send your application by registered mail: this way you will have notification of receipt. Indicate the address that you registered when concluding the loan agreement.

    Attach yours to the refusal copy of passport and loan agreement: This will help your organization quickly find your documents and make changes accordingly.

    But do not forget that each situation requires individual measures. Some of them require cooperation with relevant authorities, such as the police.

    According to Article 24 of Federal Law N 261-FZ, persons who are guilty of causing moral harm to the owner of personal data in violation of the law of processing and storing them are obliged bear criminal liability for disclosure and distribution, namely to compensate for moral damage, in addition to property, as well as losses suffered by the owner of the personal data.

    Download a sample application for revocation of personal data.

    Changing an employee's personal data

    Employee's application for amendments to documents

    An employee whose PD has been modified needs to draw up a document in free form, in which he needs to indicate the reason for the changes that have occurred, and tell about the adjustments that must be made to the existing documents.

    If you change your last name, then the application must be submitted under your old last name, because you are still listed under that name in the organization.

    You must attach copies of relevant documents to your application that will confirm the changes that have occurred.

    Order to amend documents

    The need for the employer to draw up a change in the employee’s personal data is not supported by Labor legislation. But this necessity is chosen to convey information to all interested parties (HR officers and accountants).

    The date of the completed order must be identical to the date on which the employee submitted the application with all proposed copies of documents.
    The order must be signed by the employee as a sign that he is familiar with it.


    Notice about the processing of personal data

    Very common mistake operators to provide notification of PD processing when this could not have been done. And if you still decide to notify Roskomnadzor, here are some recommendations:

    • Read very carefully Part 2 of Article 22 of the Federal Law of the Russian Federation dated July 27, 2006. N 152-FZ “On personal data”.
    • Look at the data that is processed for you. Some cases will require you to make adjustments with PD carriers.

    One of the reasons why you may not notify about the processing of PD is indicated in clause 2, part 2, article 22 of the Federal Law and looks like this:

    Let's take the example of establishing business relations with an individual to perform the service. To make it clear that everything is ready and you didn’t have to just drive several tens of kilometers, the foreman prudently took your phone number to announce the good news. And in this case, the contract must stipulate “The workshop undertakes to notify the client by phone **** about the completion of the service.”

    Learn how to protect your personal data from the video:

    Do you have a legal question?



    Related publications: