Regulation on confidential information: list, procedure and sample

The Confidential Information Regulation is a document developed by an organization to regulate the process of working with publicly available, confidential, and personal information. Employees of each enterprise should know the features of the preparation of the document and its content.

Types of information

To consider the features of the provision of confidential information, it is necessary to study what types of information exist.

According to the norms of Russian legislation in the field of information, all information is divided into four types:

• free-form data;
• information provided under an agreement concluded between persons participating in the relevant legal relations;
• information to be distributed or made available in accordance with federal law;
• data in respect of which a ban or restriction on their disclosure applies.

The last group of information is state secret or confidential information. State secret is data from the field of foreign policy, military, intelligence, economic, operative-search or counter-intelligence activities. Their distribution can cause significant damage to the country's security. Aspects of working with such information are recorded in federal law No. 5485-1 of July 21, 1993.

The second type of secret information is confidential information. These include information about a particular person, the dissemination of which may result in harm to a citizen or organization.

Types of Confidential Information

The provisions on confidential information contain various types of information, the dissemination of which is fixed or restricted. They are recorded in Presidential Decree No. 188, which approves the list of confidential data.

According to the provisions of the regulatory legal act, six types of information are distinguished:

1. Information about circumstances, events, facts of personal life of citizens, the knowledge of which allows to identify the person’s identity, with the exception of data that must be disseminated in the media in cases directly specified in regulatory acts of the federal level (personal information). The personal data category, in accordance with the provisions of federal law No. 152 of July 27, 2006, includes any information relating to a particular citizen that allows him to be identified (for example, name, surname, middle name, date, month and year of birth, place of residence and registration, marital status, income, profession, education, other information).
2. Information that makes up the secret of legal proceedings and investigations. The inadmissibility of disclosing information on the progress of the investigation is enshrined in the provisions of the Code of Criminal Procedure of Russia.
3. Official information, access to which is limited by state authorities, in accordance with the provisions of the Civil Code and relevant federal laws (official secrecy). The list of this information is enshrined in Decree of the President of Russia No. 188 of March 6, 1997. According to this normative legal act, official data is information that is restricted to government authorities in accordance with the Civil Code of the Russian Federation and relevant laws of the federal level.
4. Data related to the labor activity of a citizen, if access to this information is limited by the provisions of the Constitution and laws of the federal level (medical, lawyer, notarial secrecy, secrecy of telephone conversations, correspondence, postal items, telegraphic or other messages, etc.) access to the specified information and its use is regulated by regulatory legal acts of the relevant field (for example, federal law No. 63 of May 31, 2002, which examines advocacy).
5. Information related to activities of a commercial nature, access to which is limited by the norms of the Civil Code and relevant laws of the federal level (commercial type secrets). The definition of this concept and the procedure for working with relevant information are fixed in the law of the federal level No. 98 of July 29, 2004.
6. Data on the essence of the model, invention, industrial type sample before the official publication of information about them. The procedure for working with this information is enshrined in Decree of the President of Russia No. 188 of March 6, 1997.

Features of the Confidentiality Non-disclosure Statement

The document developed by enterprises and organizations in order to streamline the process of working with publicly available, confidential and personal information should contain eight points:

• general information about the document, including the purpose of its development;
• trade secret;
• official information;
• banking type information;
• tax data;
• protection of confidential information;
• the procedure for the provision and use of private and secret information;
• final provisions.

Provisions at enterprises are developed in accordance with the norms of the Civil Code, the federal law on informatization, information and its protection, as well as other regulatory legal acts regulating the work of a particular organization to one degree or another.

The company is vested with the exclusive right to use confidential information by any means not prohibited by the laws of the Russian Federation, at its discretion. The organization has an obligation to take measures to protect classified information, including its protection from unauthorized persons.

The purpose of developing the provisions is to ensure the legal and economic security of a particular enterprise. If the organization in the process of gaining access to state secrets, it must take all measures to protect it.

The general situation is developed for all structural units of a particular enterprise, including representative offices and branches.

Secret of commercial type

One of the clauses of the institution’s confidential information clause is trade secret. It includes the following company data:

1. Information contained in the primary accounting documents of the organization.
2. Information on the content of accounting registers.
3. Data on the contents of the accounting internal reporting.
4. The list and content of transactions and contracts concluded or performed by the enterprise (content, subject, price, conditions).
5. Information on settlement and other accounts opened by the organization in credit and financial institutions, the movement of money in accounts and their balances, etc.
6. Secrets of know-how and other information that make up a secret of a production type.

In order for this or that information to be classified as a trade secret, it is not necessary to issue acts on the basis of the current situation in the organization. If, in addition to the specified information, the enterprise wishes to fix other information as secret data, this can be done by decision of the director of the organization.

According to the norms of the law, some information cannot be entered into the provision on confidential information (sample below). These data include the following:

• documents of constituent type, decision to create an organization;
• licenses, registration certificates, patents and other documents that give the right to engage in activities in the field of entrepreneurship;
• papers confirming the solvency of the company;
• data on the composition and number of employees, their salary, working conditions, availability of vacancies;
• tax type documents;
• information on violations of the law in various fields, including court decisions;
• external financial statements;
• Information disclosed by the company itself.

Secret service type

The regulation on the means of protecting confidential information and information of a service type contains a list of data related to this group, including information from official correspondence, telephone conversations, mail, messages.

Employees directly working with this information are required to keep secret information that became known to them in the performance of their duties.

Bank secrecy

According to the regulation on confidential information, information classified as bank secrecy is also not subject to disclosure. They include data on the status of bank accounts and deposits, customer information.

Information of a financial type may be provided only to an enterprise or its representatives. The public authorities and their employees can be provided with access to such data only in cases and in the manner established by the relevant regulatory legal acts.

Secret of tax type

The clause on the protection of confidential information includes clauses on tax secrecy. The data list includes information transferred to the tax service, bodies of extrabudgetary state funds, customs authorities.

The following data cannot be classified as tax type secrets:

1. Information that has been disclosed by the enterprise on its own or with its consent.
2. Information about the individual tax number of the organization.
3. Data on violations of the law on fees and taxes, as well as measures of responsibility for these actions.

Also, the list of non-tax data contained in the provision on confidential information in the company includes information transmitted to law enforcement or tax authorities in other states, if this is established by the rules of international treaties with Russia.

According to federal law, tax secrets are not transferable by tax authorities, extrabudgetary state funds and customs, their employees and specialists (experts), who are invited from outside, except in cases provided for by federal law.

The disclosure of tax type secrets is the transfer to unauthorized persons or the use of confidential information that has become known to officials of the tax service, state extra-budgetary or customs authorities, involved specialists or experts in the process of performing work.

Information that was obtained during the performance of duties by the employees of the relevant bodies has a special access and storage regime, in accordance with the norms of Russian law.

Protecting Confidential Information

The provisions on the protection of confidential information should stipulate the conditions and procedure for the protection of classified information. In particular, protective measures should include actions aimed at restricting free access to secret information to unauthorized persons, identifying various violations of the established regime for protecting classified information, suppressing violations and holding guilty persons accountable.

If during employment the employee is granted access to confidential information to one degree or another, this clause is included in the labor contract or is fixed in a separate agreement. When compiling a restrictive document, an employee is issued a receipt with a notice of responsibility for the disclosure of this information.

Heads of departments must conduct a quarterly briefing on compliance with the regime of commercial and official secrets, and then record the names of past employees.

The provisions on confidential information in the Company also include the features of equipment with protective means of premises in which direct work with classified information takes place (for example, by installing safes, metal boxes for storing papers, etc.)

The organization should include a security service, which is engaged in the implementation of measures to identify cases of violations of the confidential regime in the organization.

The procedure for the provision and use of confidential information in organizations

A document issued on the basis of an order on the status of confidential information should contain the procedure for the provision and use of classified information by company employees.

As a general rule, only employees who gain access to them in connection with the authority they exercise are entitled to use such information. Provide this information to unauthorized persons only with the approval of the head of the enterprise.

Document Summary

The organization’s confidential information provisions indicate the types of sanctions that apply to individuals who violate the confidential information regime.

Perpetrators may be held administratively, criminally, civil, and disciplined in the manner prescribed by law.

If the document developed by the enterprise does not regulate any aspects of the protection of confidential information, the norms of federal law are applied.

The provision on the technical protection of confidential information and its preservation from the infringement of unauthorized persons should be developed in each organization. This is one of the most important components of the successful functioning of any enterprise. The implementation of the provisions on trade secrets and confidential information should be clearly monitored by the direct manager of the enterprise and other authorized persons.