What is the federal law "On Personal Data" (Federal Law No. 152)? What are the main requirements and provisions contained in this project? All these questions will be answered in the article.
General Provisions
What are the objectives of the bill in question? The first and most basic is the regulation of relations associated with the processing of information. We are talking about automation tools, information and telecommunication networks, storage media and file cabinets. The law does not regulate data protection in a specific household, family or personal. The most important area of ββwork of the presented draft law is the protection of the freedoms and rights of citizens through the quality processing of their personal data. This is necessary for the quality of ensuring the inviolability of private, family and personal life.
The Law "On Personal Data" is aimed at protecting the rights of citizens. And what is meant by personal data? In short, this is absolutely any information that is indirectly or directly related to a particular person. The process of processing this data is a series of operations aimed at storing, blocking, deleting or organizing information.
Principles
The Law "On Personal Data" (Federal Law No. 152) contains a number of basic principles on which the entire process of information processing rests. What are these principles? Here we can distinguish the following:
- All actions must be carried out in a fair and lawful manner. The existence of the bill in question confirms this principle.
- A specific, clear goal should be set. Any departure from this goal is unacceptable (the goal is to protect the rights of citizens).
- The accuracy, sufficiency and relevance of the objectives should be ensured. The content must be established (it contains the law on personal data).
- Storage of all necessary data should be carried out in accordance with all terms, requirements and goals.
Thus, the considered normative act contains all the necessary principles on the basis of which information protection activities can be built.
Conditions
The processing of personal data should be carried out not only in accordance with certain principles, but also in strict submission to certain conditions. What are these conditions and how are they grouped? Here are some highlights:
- Mandatory consent of a citizen to the processing of his data is the most important condition that contains the law "On Personal Data" (Federal Law No. 152).
- All data processing is primarily aimed at achieving certain goals regulated by laws and treaties of the Russian Federation.
- The processing of personal data is aimed at administering justice or enforcing any legal acts.
- If obtaining consent from the citizen is not possible, the processing of his data should still be carried out in cases where the life or health of a person is in danger.
It is also worth noting that the processing of all necessary personal data should be carried out by special, authorized operators. The responsibilities of these professionals will be given below.
Categories
The Regulation on the protection of personal data contains certain types and categories of those information elements that must be processed. What exactly is it about? In short, the main categories can be characterized as racial, national, religious or any other beliefs provided for by the relevant bill. Their processing should be carried out only with the direct consent of the citizen and in accordance with all norms, standards and rules.
Itβs very difficult to disclose the main categories of personal data in more detail. But, as a rule, this is confidential information about various kinds of individuals, civil servants, military, etc. Everything that a citizen would not want to publicly disclose should be protected by the state. These are personal passport data, numbers of certificates or rights, ideological beliefs and so on.
Rights of subjects
The Law "On Personal Data" (Federal Law No. 152) stipulates that any citizen whose data is processed has the right to receive at any time all the necessary information about both his data and the level of protection. Each person can make a special request, after which any vacant operator must provide all the necessary data.
In this case, the subject has the right:
- to view all the necessary data;
- to destroy the processed information;
- to make certain changes to the information.
In order to receive all the necessary information, the subject must make a request with the provision of his personal number (identification). Moreover, each citizen has the right to make repeated requests to the necessary authorities.
It is also worth noting that the operator has the right to refuse the subject to view the necessary information. However, this refusal must be motivated. As a rule, the main motives are an incorrectly formatted request, incomplete data processing or the limited legal status of the subject itself.
Operator Responsibilities
Who are the operators? These workers have already been discussed above, but their main functions have not been identified. The relevant provision on the protection of personal data regulates the following here:
- the operator must inform the subject of his position, last name and first name, as well as address;
- should work in strict accordance with the law, on the basis of certain legal acts;
- obligated to inform the subject of all necessary rules for the use of personal information;
- obliged to provide quality record, storage, systematization, accumulation and change of all protected and processed personal data.
It is also worth noting that the operator has the right not to provide the citizen with personal information if they are being actively processed or if the subject himself has not followed all the necessary rules and conditions for obtaining personal data.
Security measures
Above were identified the main functions and responsibilities of operators - workers on the processing of personal data. One of the most important functions of any operator remains ensuring the safe storage of information in relevant resources. The Federal Law of the Russian Federation of July 27, 2006 (No. 152, Federal Law) regulates the basic measures and methods to ensure high-quality security of any personal data. Here is what can be distinguished here:
- effective and quick identification of security threats, their quick elimination;
- clear application of various technical and organizational measures to maintain storage safety;
- compilation of assessments for relevant procedures, analysis of the operation of storage and accumulation;
- high-quality provision of machine carriers, as well as various technical elements;
- quick restoration of access to all personal data in case of leakage or loss.
In addition, some changes in the law also concern the establishment of certain levels of security, according to which it is possible to qualitatively evaluate the work on the processing of personal data.
Authorized body
Finally, it is necessary to talk about the authorized body, the duties of which include control over the personal processing of data of certain citizens. It is easy to guess that the authorized authority is the executive authority. His responsibilities include quality control and supervision of the effective work of processing information. What is the authorized body entitled to do?
Here is what the law No. 152 () "On personal data" regulates:
- Comments of the executive authority in relation to workers' organizations that process information are perceived as requests, requirements or decisions. Thus, the executive body has the right to exercise full control over data processing.
- The authorized body is engaged in the organization, provision and control of the information processing system. He also makes requests for financing the field in question.
- The authorized body maintains a register of operators, initiates the introduction of amendments and changes to work on information processing. In addition, the executive is able to convene a special advisory board.
Thus, the influence of the authorized body on data processing is very large.
Responsibility
The law provides for the introduction of liability for various kinds of violations that may occur in the course of the relevant work. What exactly can be highlighted here?
As you know, it is always necessary to require consent to the processing of certain data. If it started without consent (with the exception of some cases, consent to personal data is not required in the event of certain threats), then operators and other employees of the relevant organizations are required to bear responsibility in accordance with the legislation of the Russian Federation. The same applies to those cases when the subjects suffered moral damage due to work.