Use of other people's personal data. Punishment for violation of the Law “On Personal Data”

Legal protection of personal data is regulated by Federal Law 152 Federal Law. The processing of such information, as well as its storage and disposal, is prescribed. Aspects of providing information at the request of authorities are taken into account, and the use of information systems is regulated to ensure adequate access. The imposition of fines and other penalties for the dissemination of personal information is regulated separately.

What is personal data?

The Federal Law “On Personal Data” was adopted on July 8, 2006, and came into force six months after its official publication. The document was revised and updated, amendments were made to eliminate inaccurate wording and bring legal act in interaction with other laws. Last changes were made on July 29, 2017.

Structurally, the Law “On Personal Data” is divided into the following chapters:

• general provisions, including the purpose of adopting such an act and the scope of its regulation, as well as the basic concepts and place of legal norms in the legislation of the Russian Federation;
• principles and conditions of processing relevant information;
• rights of the subject of personal data– a citizen whose personal information is regulated by Law 152 Federal Law;
• operator's duties– an individual or legal entity collecting and storing information;
• state supervision for the storage and processing of received information, responsibility and imposition of fines.

According to the provisions of Federal Law 152, personal data means any information that directly or indirectly relates to a specific person - the subject. To avoid fines, such information is processed according to the following principles:

• legality and justice;
• clear definition of the purpose within which processing is permitted personal information;
• It is not allowed to combine databases whose purposes and purposes differ from each other;
• the volume of personal information is determined by the purpose of its collection; redundancy of the information received is not allowed, otherwise a fine will be imposed;
• such aspects as accuracy, sufficiency and relevance of information are taken into account;
• The storage period should not exceed the scope of achieving the stated purpose, after which the information must be destroyed or depersonalized.

The law requires the preservation confidentiality of personal data. Their disclosure by operators to third parties, as well as their distribution and use without the consent of the subject is not allowed. IN in some cases processing can only be carried out with the written permission of the citizen. In case of violation, the operator is subject to a penalty - a fine or other liability.

Download Federal Law “On Personal Data” possible by . The document is presented with all changes relevant for 2017.

Violation of legal requirements entails liability. Most often it is expressed in the form of a fine, but in some situations it can entail a more serious punishment.

Punishment for violation of the Law “On Personal Data”

Fines under Federal Law 152 are determined Article 24 on liability for violation of the Federal Law “On Personal Data”. This provision refers to penalties provided for by law. The fines also include moral damages, as well as expenses incurred by the subject in connection with the disclosure of his data.

To determine the legal norms on fines, additional legal documents should be considered. Code of Administrative Offenses determines the amount of the fine at 10 thousand rubles. An individual or official, as well as a company, may be subject to penalties for violating the requirements of Federal Law 152.

However last changes its provisions prescribe a fine up to 75 thousand rubles. The collection procedure has also been simplified.

Fine in 20 and 50 thousand awaits the company in the event that the order of Roskomnadzor or the Labor Inspectorate, respectively, is not complied with. The latter carries out verification in accordance with Chapter 14 of the Labor Code of the Russian Federation, which also protects employees’ personal data from disclosure and prescribes liability for violations.

Article 90 of the Labor Code of the Russian Federation indicates disciplinary, material, civil, administrative or criminal liability. According to this provision penalties against the violator can be applied not only in the form of a fine or dismissal, but also in the form of imprisonment.

The personal data of every citizen of the Russian Federation is protected by Russian legislation. How to prevent the dissemination of information about personal data, what liability exists for violating the requirements of the law - we will talk about this in our article.

Personal Information- this is any information about an individual, in particular, full name, place and date of birth, place of residence and registration, social, property and marital status, profession, education, income, etc. (Clause 1, Article 3 of the Federal Law “On Personal Data” ").

Protection of personal information – legal system, on the basis of which the requirements of the legislation of the Russian Federation regarding the storage, processing and transfer of personal data of citizens are met. The operator of personal data can be a state or municipal body, as well as a legal entity or individual who has the authority to determine the purpose and content, as well as carry out a number of organizational and technical measures related to the protection of personal data from blocking, destruction, copying and other unlawful actions ( Federal Law No. 152 of July 27, 2006 “On Personal Data”, as well as Federal Law No. 261 of July 25, 2011 “On Amendments to the Federal Law “On Personal Data”).

In December 2014, the State Duma adopted in the third reading a bill on storing personal data of citizens processed on the Internet on servers in Russia. According to Roman Chuichenko, a member of the information policy committee, the main goal of the bill is to strengthen information security country and its citizens. This measure was taken due to the complication of the international situation. This bill will come into force on September 1, 2015.

The entry into force of the new regulation on the protection of personal data requires that personal data operators provide:

• timely detection of unauthorized access to personal data;
• preventing influence on technical means that carry out automated processing of personal data;
• the ability to promptly respond to the fact of unauthorized access and immediately restore personal data in cases of their destruction or modification;
• constant monitoring of the level of security of personal data.

Categories of personal data

1. Public PD – data that does not have confidentiality conditions, or with the consent of the subject of the Russian Federation, is available to an unlimited number of persons (directories, address books, etc.). They may be excluded from sources at the request of the court or the subject himself.

2. Special categories PDn – data regarding nationality and race, health status, beliefs in philosophy and religion, political views. Processing of this category of personal data is allowed only with the written consent of the subject (not allowed), in cases of public availability of data and the impossibility of obtaining the consent of the subject due to his state of health, as well as in cases of processing personal data for the purposes of operational investigative activities or in accordance with requirements of the criminal-executive legislation of the Russian Federation

3. Categories of personal data , processed in information systems (ISPDn) - regulated by the Order of the FSTEC, FSB and the Ministry information technologies and Communications of the Russian Federation dated February 13, 2008 N 55/86/20 “On approval of the Procedure for classifying personal data information systems” and allows the processing of personal data of the following categories:

• Personal data relating to nationality or race, health status, intimate life, political views, beliefs in the field of religion and philosophy.
• PD, on the basis of which a citizen can be identified in order to obtain additional information about him.
• Anonymized and (or) publicly available PD.

Processing of ISPD can also be carried out according to the parameter “volume of personal data processed”, which assumes the number of subjects processed in the information system and can take the following values:

• simultaneous processing of more than 100 thousand subjects of personal data (performed both within the subject of the Russian Federation and in the Russian Federation as a whole);
• simultaneous processing of personal data from 1 to 100 thousand subjects (performed in a government agency working in the field of the Russian economy);
• simultaneous processing of personal data of less than 1 thousand subjects (performed within a specific organization).

4. Biometric personal data – information about the physiological characteristics of a person that allows one to establish his identity. Biometric PD is processed in accordance with Article 11 of the Federal Law Russian Federation dated July 27, 2006 N 152-FZ “On Personal Data” and with the written consent of the PD subject (except in cases of ensuring justice, performing operational investigative activities related to public service, criminal-executive legislation). Biometric personal data includes photo and video images of subjects.

Employee personal data

1. Guarantees are a set of rules and regulations that govern relations relating to an employee’s personal data.
2. A set of organizational and legal measures aimed at implementing legislative acts in order to express the employer’s policy.
3. Ensuring the employee’s subjective right to protect personal data.

Every employee has the right to protect their personal data (clause 9 of Article 86 of the Labor Code of the Russian Federation).

In accordance with Art. 89 Labor Code of the Russian Federation, each employee can exercise his right to the protection and protection of personal data through the following actions:

• free free access to your personal data, including obtaining a copy of any record containing the employee’s personal data;
• determining a personal representative to protect your personal data;
• receiving complete information about personal data and their processing;
• issuing demands for the exclusion or correction of personal data containing incorrect information or if it was processed in violation of legal requirements;
• appealing in court against the employer’s unlawful actions, as well as his inaction in processing and protecting personal data.

Composition of the employee’s personal data

Based on clause 2 of Article 86 of the Labor Code of the Russian Federation, the volume and content of the employee’s personal data are determined by the employer in accordance with the Constitution of the Russian Federation, the Labor Code and others federal laws. As a rule, the activities of any organization require the employer to use two main types of documents in document flow:

1. Documents provided by the employee upon conclusion employment contract(Article 65 of the Labor Code of the Russian Federation). This category includes documents containing a photograph of the employee, full name, information about place and date of birth, citizenship, marital status, place of registration, education, specialty (passport, insurance certificate of state pension insurance, military ID, etc.).
2. Documents that are generated by the employer independently (primary accounting documentation for recording labor and its payment). This category includes orders or instructions on hiring an employee, terminating an employment contract, rewarding an employee, a personal card, and documents on remuneration.

Protection of personal data, liability for violation of laws

Let us note that some sanctions for violation of certain offenses apply to both individuals and officials, as well as legal entities.

Civil liability has a direct connection with the category of moral harm, that is, if a citizen has suffered moral harm expressed in actions that violate his personal non-property rights, he has the right to make demands on the offender for payment of monetary compensation in court. The amount of compensation for moral damage is determined by the court, taking into account all relevant circumstances. Compensation is carried out in in cash.

In accordance with paragraph 7 of Art. 243 Labor Code of the Russian Federation, material liability employee for disclosing information that is directly related to the personal data of other persons is imposed on the offender in full size damage caused.

An employee who disseminated the personal data of another employee may be liable disciplinary liability in the form of dismissal. Based on Article 192 of the Labor Code of the Russian Federation, the employer has the right to hold an employee who has violated the law accountable. At the same time, depending on the degree and severity of the offense committed, dismissal may be replaced by another disciplinary punishment, for example, in the form of a reprimand or reprimand.

Let us note that the rights and obligations of an employee that are directly related to the personal data of other employees are determined by the terms of the employment contract and the composition of local regulations establishing the employee’s labor functions and the list of his job responsibilities.

Criminal liability for violation of privacy, in particular personal data, is regulated by Art. 137 of the Criminal Code of the Russian Federation and provides for punishment in the form of:

• a fine of 200 thousand rubles, wages or other income of the offender for 18 months; compulsory work for a period of 120 to 180 hours;
• executive works for a period of up to 12 months;
• arrest for up to 4 months.

Violation of privacy, in particular personal data, by a person using his official position is punishable by:

• a fine in the amount of 100 to 300 thousand rubles, wages or other income of the offender for 1-2 years;
• deprivation of the right to hold certain positions for a period of 2 to 5 years;
• arrest for a period of 4 to 6 months.

When hiring, an employee is asked to provide information personal, but Russian legislation does not allow the collection, storage, use and dissemination of information about a person’s private life without his consent. Let's consider what the law says about the disclosure of personal data, what are the qualifying features of this offense and what the punishment is.

What is personal data

According to paragraph 1 of Art. 3 Federal Law No. 152, personal data is all possible information that in any way relates to a person and allows him to be identified. This can be absolutely any information - from last name to anthropometric features. For more information about what is included in personal data, read the article

In Art. 85 of the Labor Code of the Russian Federation explains that personal data of an employee is information directly about himself, which is required by the employer in connection with labor relations. According to the Labor Code of the Russian Federation, an employer who discloses personal data bears disciplinary liability, but the same offense also entails criminal liability.

Decree of the President of the Russian Federation dated March 6, 1997 No. 188

In accordance with Decree of the President of the Russian Federation No. 188, information about the private life of a citizen is confidential. Unauthorized collection and distribution of such information without the consent of its owner is permitted only in cases expressly provided for by law. These are investigations, consideration of criminal cases and implementation of measures in connection with the execution of a court decision, when there is no other way to identify a person. In other situations, the collection and disclosure of personal data is a direct violation of Art. 23-24 of the Constitution of the Russian Federation. The person who commits such an offense is criminally liable.

Which article of the Criminal Code of the Russian Federation protects privacy?

Now let’s figure out what article for the disclosure of personal data is provided for in criminal law. The dissemination of such information is a direct violation of the privacy of personal life, which is guaranteed by the Constitution and protected by Art. 137 of the Criminal Code of the Russian Federation. It is stated here that the illegal collection and dissemination without the consent of a person of any information about his private life that constitutes personal or personal information is subject to criminal prosecution. family secret. Disclosure of such information in the media is also prohibited, within the framework of public speaking or public display.

What does the concept of “private life” refer to?

The concept of “personal life” covers all areas of a person’s life. These are any facts, circumstances and events related to his family, everyday communication, religious and political beliefs, hobbies and activities outside of work hours, recreation and other industries that the person himself does not want to make public.

Information that relates to the concept of “personal life” is conventionally divided into 3 categories:

1. Personal information (passport details and other identification documents, information about registration at the place of residence or stay, information about housing, etc.).
2. Information about family members.
3. Information constituting another secret protected by law.

What are the “secrets”

The term “private life” includes secrets protected by law, among which are the following:

1. The Mystery of Adoption. The judges who made the decision on adoption are required to preserve it. officials who carried out the state registration of adoption, as well as all people aware of this fact (Article 139 of the Family Code of the Russian Federation).
2. Medical secrecy. This concept includes information about the facts of seeking medical help and the diagnosis, as well as other information related to examination and treatment. All this data is confidential and is not subject to disclosure without the consent of the person to whom it relates (Article 61 of the legislation of the Russian Federation on protecting the health of citizens).
3. Tax secret. This is information about the taxpayer and the payer of insurance premiums received by the tax or customs authority, the body of the state extra-budgetary fund, investigators, internal organs(Article 102 of the Tax Code of the Russian Federation).
4. Attorney-client privilege. This is any information related to the provision of legal services by a lawyer to his client. Maintaining attorney-client privilege is both a legal duty of a lawyer and one of the fundamental principles of advocacy (Article 8 of the Federal Law “On Advocacy and the Bar of the Russian Federation”).
5. Secret of Confession. A clergyman is not subject to liability if he refuses to testify about the circumstances that he learned during confession (clause 7 of article 3 of Federal Law No. 125).
6. Personal secret. This is any information about facts and events in a person’s life, about the circumstances of his fate, which he seeks to keep secret from other persons.
7. Family secret. This is any information that in any way concerns a person’s family members and which he seeks to hide from other people.

Qualifying signs of violation of Art. 137 of the Criminal Code of the Russian Federation

According to Art. 137 of the Criminal Code of the Russian Federation, disclosure of personal data is classified as a criminal offense if the following conditions are simultaneously met:

• the collection and/or dissemination of information is carried out illegally;
• no consent of the bearer personal information for its collection and distribution.

Publicity is not a necessary sign of an offense. Criminal liability already arises when confidential information is transferred to at least one person.

Punishments under Article 137 of the Criminal Code of the Russian Federation

Article 137 of the Criminal Code of the Russian Federation provides for the disclosure of personal data different types punishments - from fines to imprisonment.

The minimum punishment, if there are no aggravating circumstances, is a fine of up to 200 thousand rubles. or in the amount of salary or other income for a period of up to 1.5 years.

Intermediate punishment is forced labor for up to 360 hours, correctional labor for up to 1 year, forced labor for up to 2 years, or arrest for up to 4 months.

The maximum punishment under Art. 137 of the Criminal Code of the Russian Federation - 2 years of imprisonment.

How to protect personal data - watch the video:

Punishment for persons who made disclosure in connection with their official position

In Part 2 of Art. 137 of the Criminal Code of the Russian Federation provides for punishment for the disclosure of personal data committed by persons using their official position. IN in this case more severe liability is expected. The court has the right to assign to the culprit:

1. Fine in the amount of 100 thousand rubles. up to 300 thousand rubles. or in the amount of salary or other income for 1-2 years.
2. A ban on engaging in a certain type of activity or working in certain positions for 2-5 years.
3. Forced labor for up to 4 years - as an independent punishment or together with an additional punishment from paragraph 2.
4. Arrest for up to six months.
5. Imprisonment for up to 4 years - together with the additional punishment from paragraph 2.

In cases where an additional punishment is imposed (clause 3 and clause 5), it begins to flow only after the main punishment has been served. This is the requirement of Part 4 of Art. 47 of the Criminal Code of the Russian Federation.

A lawyer will advise you in the comments to the article