Legal protection of personal data

Apply for SearchInform DLP TRY NOW

Article 23 of the Constitution of Russia approved the right of citizens to privacy and protection of honor and dignity. And article 24 established that the collection, processing and transfer of personal data of a citizen without his consent are illegal. The World Declaration and the International Covenant on Civil and Political Rights protect people from unauthorized interference with privacy or the disclosure of information from personal correspondence. It is important to know what personal data is, how to prevent their illegal use and what liability for such acts is provided for by law.

Personal data: what is it?

The definition of the concept is given by the Federal Law "On Personal Data". Clause 1 of Article 3 of the said law says that personal data is information that can be used to identify a person or find out details about his life. Such data includes:

  • full date of birth (day, month, year);
  • surname, name, patronymic;
  • residence or registration address;
  • family (social) status;
  • income level;
  • education received;
  • place of work, salary, etc.

The decryption of the employee's personal data is contained in part 1 of article 85 of the Civil Code of Russia. This is information received by the employer in connection with the occurrence of an employment relationship that concerns a specific employee. Thus, the law limits the employer in the amount of employee data processed. He is only entitled to collect data that relates to an employment relationship.

Classification of personal data

In accordance with the legislation of the Russian Federation, there are four categories of personal data subject to legal protection:

  1. Publicly available personal data - information that does not fall under the concept of confidentiality or, in agreement with the citizen, available to a wide range of people (contained in address books or telephone directories). Such data can be removed from the specified sources upon the request of the citizen himself or by a court decision.
  2. Special personal data - information regarding nationality, race, health status, philosophical, religious and political beliefs. The collection, storage and processing of the specified data are allowed only with the consent of the citizen, which is drawn up in writing (a notarized power of attorney is not provided). An exception is the collection and processing of data during operational search activities, other criminal procedural actions, and also when a citizen for health reasons cannot give such permission.
  3. Personal data processed in information systems. Such data is reported by the subject himself on social networks, on dating sites, forums or blogs. However, their veracity is difficult to verify.
  4. Biometric data - information of a personal nature, about the physiological characteristics, allowing you to identify a citizen. These include photographing and filming a citizen. The processing and distribution of this category of personal data is subject to the sanction of Article 11 of the Federal Law "On Personal Data", which provides for the mandatory presence of the consent of the citizen. The right to photo and video recording without such permission is received by the operational officers of the Ministry of Internal Affairs, as well as employees of the penitentiary and state security agencies in the performance of official duties.

Legal protection of personal information

All methods of protecting personal data are conventionally divided into three types:

  • The norms enshrined in civil and labor legislation governing the relationship between citizens and government officials, as well as employees and the employer.
  • List of legal and organizational measures limiting the powers of the employer and government officials.
  • Guaranteeing the right of a person to the security of personal data.

To protect personal data, the legislator provides:

  • unpaid and open access of an individual to his personal data, which provides for the copying of information containing personal data;
  • selection of a physical or legal representative for the protection of personal data;
  • openness of information about the use and dissemination of personal data;
  • a request to amend personal data if an error is found in it;
  • filing a lawsuit in the event of unlawful actions by the employing company or government officials to protect personal data.

Liability for non-compliance with the requirements of the law on the protection of personal information

The legislation of the Russian Federation provides for five types of legal liability for non-observance of the rights of citizens to protect information containing personal data:

  • material;
  • administrative;
  • disciplinary;
  • civil;
  • criminal liability.

At the same time, penalties have been established not only for citizens, but also for legal entities.

Article 150 of the Civil Code of Russia, to non-material rights secured by legal protection, includes the personal inviolability of a citizen and his home, as well as ensuring the preservation of data containing personal confidential information. The Civil Code also introduces the concept of moral damage, which is the result of moral or physical illegal actions, violation of the confidentiality of personal data. This is the basis for the appointment of monetary compensation for the damage caused.

In accordance with the provisions of the Civil Code of the Russian Federation, when calculating the amount of compensation payments, the court draws attention to:
the culpability of the attacker;

  • harm caused by the dissemination of personal data;
  • personal characteristics of a person who has suffered from illegal actions.

The victim has the right to file an application with the court to refute the data that does not correspond to reality, which damage his honor and business reputation, if the defendant does not prove the reliability of such data.

The publication and use of personal data in the form of photo and video images of a citizen, paintings with his image are allowed only after obtaining consent to these actions.

Liability for the disclosure of personal data subject to legal protection is calculated in the amount of damage caused. This norm is enshrined in paragraph 7 of Article 243 of the Labor Code. This case of full compensation for damage caused is an exception to the rule, confirming the overriding importance of personal data protection.

Disciplinary responsibility involves the dismissal of employees who have allowed the dissemination of personal data of other employees or customers of the organization. This rule is valid only in the case when the disclosure of personal data occurred as a result of the violator's professional duties. Disciplinary action for the dissemination of personal data is an employer's right, not an obligation. When imposing this penalty, the following are taken into account:

  • the degree of harm caused by the disclosure of personal data;
  • the circumstances of the commission of this offense.

The following disciplinary sanctions are applied to an employee guilty of unlawful dissemination of personal data:

  • comment;
  • rebuke;
  • dismissal.

Administrative liability for illegal receipt, storage, processing and dissemination of personal data of citizens provides for a verbal warning or a fine for individuals in the amount of 300-500 rubles, for employees - 500-1,000 rubles and for enterprises - 5,000-10,000 rubles. This rule is enshrined in article 13.11 of the Administrative Code of Russia.

For the dissemination of personal data obtained as a result of the performance of labor duties, an administrative fine is established from 500 to 1,000 rubles. When employees are involved in this offense, the amount of the fine is increased - from 4,000 to 5,000 rubles. This sanction is enshrined in Article 13.14 of the Administrative Code.

Criminal liability for violation of personal data protection is enshrined in Article 137 of the Criminal Code of Russia. Unauthorized receipt, storage and transmission of data representing family or personal secrets without the consent of a citizen, the use of this information in public speeches or demonstrations of works of art, publication of such data in the media (mass media) are punishable by a criminal fine of up to 200,000 rubles, public or correctional work or arrest up to 4 months. If this act is committed by an official, the amount of the fine increases to 300,000 rubles, and the duration of the arrest - up to six months.