Legal methods of ensuring information security
The expansion of the scope of technology application generates information threats. Achieving confidentiality, integrity, and reliability of data is a strategic goal of ensuring information security.
A comprehensive system of existing methods designed to prevent leakage of information through technical channels, as well as to prevent unauthorized access to information carriers, guarantees the integrity of the data.
Let's dwell on the legal safety factor.
Information security concept
Information security is often understood as taking measures to prevent theft of classified information. However, this understanding of the main objectives of data privacy protection is too narrow. In fact, information security is a set of measures that help protect the rights of subjects of information activity.
The degree of protection of classified documents or information from accidental or deliberate influences, as a result of which damage to the owners or users, depends on the technologies used.
Information is divided into several types:
- for a limited number of users with whom organizations conclude appropriate agreements on the non-proliferation of information that has become known in the course of performing labor or official duties;
- publicly available (it can be found in print media and other open sources);
- prohibited from distribution (for example, propagandizing violence).
Data to which a limited number of officials or employees have access are classified as state, commercial banking secrets.
The main task of information security specialists is to prevent the leakage of this information due to unauthorized, planned or unintended exposure.
Measures of protection in information security
There are several methods of ensuring information security:
- legal - development of a regulatory framework governing relations related to the creation, storage, exchange and availability of information, the creation of guidelines, compliance with which will ensure the safety of classified data;
- organizational - measures to prevent informational offenses, bringing to justice those responsible for crimes;
- technical - the use of tools that allow timely identification of devices and programs for intercepting classified materials, data not intended for general viewing during storage, during processing or transmission via communication channels;
- economic - financing the development of programs to ensure the safety of secret documents, the creation of an insurance system for individuals and legal entities against the risks of impact on information sources, theft, harm due to violation of integrity.
Analyzing the main threats of theft and the safety of valuable information, they choose methods that can help avoid or reduce information security risks.
Why do you need a legal framework in information security
Among the information subject to the threat of kidnapping, destruction or use for illegal purposes are:
- personal data of citizens, which can be processed and used only with the personal consent of the owner;
- documents, the information security of which must be ensured by the owners and managers of enterprises with the help of internal acts restricting access to this data;
- classified information representing a state secret, unauthorized access to which can harm the entire population of the country, internal law and order, and international relations.
State policy in the field of information security is aimed at:
- observance of the rights and freedoms of citizens to receive information;
- popularization of technical means of domestic production, improvement of information technologies, the introduction of which will ensure the safety and effective use of information resources;
- prevention of disclosure or leakage of classified information representing state or other secrets.
At the state level, considerable attention is paid to the protection of confidential, classified data from outside encroachments, which is expressed in the improvement of regulatory documents.
The established norms and requirements of the laws, the changes introduced, contribute to the elimination of:
- contradictions between the norms of federal legislation and regulations in force in the constituent entities of the country;
- inconsistencies with international norms and signed agreements.
So, in Russian legislation, for example:
- the penalties for non-compliance with information security requirements were specified;
- the powers of the authorities in the field of measures taken to prevent or eliminate security breaches related to information relations have been delimited;
- defined the legal status of organizations that own information resources;
- information security structures have been formed at the regional level.
Laws and other legal acts to ensure information security
The use of information resources in almost all areas of life requires the creation of an appropriate legislative framework to ensure their protection.
|Laws, other regulations||Regulated issues|
|1. Publicly available information that is in the public domain or must be provided at the request of interested parties|
|Art. 7 of the Law of the Russian Federation 5485-1 "On State Secrets" as amended on 29.07.2018||
Listed information that is not subject to classification:
|Art. 10 Federal Law No. 149-FZ "On Information, Information Technologies and Information Protection" as amended on 03.04.2020||The right to provide and disseminate information by the media, by mail and electronic mail is considered. A ban on dissemination and propaganda of information to incite hatred and enmity has been stipulated.|
|Art. 8 Federal Law No. 395-1 "On Banks and Banking Activities" with amendments that came into force on 01/08/2020||It obliges credit institutions, in addition to reports on financial activities, at the request of an individual or legal entity, to provide a copy of a license to carry out banking operations, other permits.|
|Art. 62 of the Labor Code of the Russian Federation as amended on 12/16/2019||Obligates the employer, upon written request of the employee, within three days to issue the requested documents related to his work activity, duly certified.|
|Art. 237 of the Criminal Code of the Russian Federation, with amendments that came into force on 12.04.||Criminal liability is provided for untimely notification of events that pose a threat to the life and health of people or distortion of facts. This also concerns issues of danger to the environment.|
|2. Secret information included in the category of state secrets|
|Federal Law No. 390 "On Security" as amended on 06.02.2020||
|RF Law 5485-1 "On State Secrets"||The definition of the concept of state secrets, the procedure for obtaining access to classified data is given. Separately, attention is focused on the issues of ensuring the protection of information, responsibility for violation of requirements.|
Decree of the President of the Russian Federation No. 1203 of 30.11.1995
as amended on 08.08.
|A list of information related to state secrets in various fields of activity has been approved.|
|Section X, chapter 29, articles 275, 276, 283, 284 of the Criminal Code of the Russian Federation||
Measures of criminal punishment are provided for:
|3. Personal data|
|Federal Law No. 152 "On Personal Data" as amended on December 31, 2017||The definition of personal data of an individual is given, the principles of their processing, taking into account the requirements of information security.|
|Decree of the President of the Russian Federation No. 188 dated 06.03.1997. Updated version of 07/13/2015||For optimization purposes, a list of confidential information has been approved.|
|Government Decree No. 1119 dated 01.11.2012||The requirements were approved, the observance of which guarantees the protection of personal data during processing.|
|Roskomnadzor Order No. 996 dated 09/05/2013||The methodology for anonymization of personal data was approved.|
|Chapter 14 of the Labor Code of the Russian Federation||For employers, in order to ensure information protection of personal data of subordinates, certain requirements are fixed at the legislative level.|
|Code of Administrative Offenses Art. 13.14||Fines were determined for those guilty for disseminating information of limited access to officials and citizens.|
|4. Professional secrecy|
Art. 8 of the Federal Law "On advocacy and the legal profession in the Russian Federation" version dated 02.12.2019
Art. 16 "Fundamentals of the legislation of the Russian Federation on notaries" with additions that entered into force on 01.01.2020
Art. 41 of the Law of the Russian Federation No. 2124-1 "On the Mass Media" as amended on 03/01/2020
|Attention is focused on the observance of the rule of non-disclosure of information that has become known due to the specifics of the activity.|
|5. Trade secret|
|Federal Law No. 98 "On Commercial Secrets" as amended on 18.04.2018||The definition of the concept of commercial secret is given. Requirements for the establishment or termination of the secrecy regime for valuable information are regulated. The legal ways of ensuring the protection of classified information are described.|
|Art. 183 of the Criminal Code||Penalties for the theft of documents, obtaining by other illegal means of secret data that are valuable for commercial activities have been determined.|
|6. Service secret|
Government Decree No. 1233
as amended on 03/18/2016
|A regulated procedure for handling official information has been introduced for various administrative authorities.|
|Art. 1470 of the Civil Code of the Russian Federation||The definition of the employer's exclusive right to secrets related to production and responsibility for their illegal distribution or transfer to other persons is given.|
|Chapter 72 of the Civil Code of the Russian Federation||
The main provisions related to:
Art. 7.12 Administrative Code of the Russian Federation
Art. 147 of the Criminal Code of the Russian Federation
|There are various measures of administrative or criminal liability for violation of copyright, inventive, patent rights. The severity depends on the circumstances, the severity of the crime and the consequences of causing harm.|
This is an incomplete list of laws that allow you to solve the problems of protecting information by legal methods of ensuring information security. The owner has the right to impose restrictions on access to certain documents, guided by legal requirements. For example, the list of restricted data cannot include constituent documents or licenses confirming the right to engage in specific activities.
However, the law allows you to protect in this way:
- information about production methods and applied technologies, raw materials and materials for the manufacture of goods;
- design documentation with attached diagrams, drawings;
- financial data on the amount of profit, cost of production;
- pricing mechanism;
- planning investment in production and other data that can be used by competitors.
The need to protect various types of information is obvious. At the same time, the applied methods, information security policy must correspond to the interests of the state and society.