Personal data protection in preschool educational institutions
Kindergartens and related agencies in terms of personal data protection are guided by the same federal laws as secondary education institutions. Federal Law No. 152-FZ, adopted in 2006, applies to all categories of personal data of a citizen. The law is equally relevant for paper media and specialized electronic systems for processing personal information.
The need for the declared actions to protect information
The motive for the adoption of this legislative framework was the factual numerous abuses and information leaks. This issue looks especially sensitive in the aspect of children's educational institutions.
The special legal status of a preschool educational institution - children cannot independently defend their legal rights, therefore, consent to the processing of the child's PD must be given by his parents, guardians or other legal representatives.
According to the basic provisions of Law No. 152-FZ, municipal units such as preschool educational institutions are assigned full responsibility for collecting data from kindergarten personnel, children, their parents, and legal representatives. Kindergartens are operators who independently collect, process, transmit and store confidential information. The preschool institution, as a municipal institution, is included in the Register of Operators, which is published by Roskomnadzor on its website. The main authorized person responsible for the efficiency and procedure for collecting data is the head, director of the preschool educational institution.
Regardless of the staffing of the preschool educational institution, prior to the collection of information, it is necessary to obtain the consent of the parents or guardians to perform these actions. The same consent must be obtained from the employee at the time of his hiring. The operator is obliged to explain the rights, duties and responsibilities for the disclosure of confidential information and provide information on the actions performed with the received personal data.
Legal framework for the protection of personal data in a preschool educational institution
All aspects of working with personal data in preschool educational institutions are based on:
- Law No. 152-FZ;
- Law No. 273-FZ - the basis for all procedural actions in the field of education;
- Art. 85-90 of the Labor Code of the Russian Federation - as regards the personnel of the kindergarten (and, in general, any institutions that have an employment relationship with the operator of personal data);
- profile orders of the FSTEC and the FSB concerning the procedure for collecting information;
- Executive order on the Regulations on the security of processed personal data;
- Civil Code of the Russian Federation;
- The Tax Code of the Russian Federation;
- The charter of a kindergarten or other form of preschool educational institution.
Personal data subject to protection in the preschool educational institution
- Basic identification data in the form of name, age, place of birth, gender.
- Photo cards (actual).
- Insurance policy.
- Conclusion on the state of health of the child (carried out already in the field of personal data protection in medical institutions).
- A set of guardianship documents (if guardians are involved).
- Military ID and other documents regarding the military registration of the pre-school personnel.
- If there are benefits, supporting documents.
- The full-time kindergarten teachers provide documentation on advanced training (if any).
- Data on the availability of specialized education (for personnel).
- Contact information - not only direct phone numbers are required, but also all online contacts, including addresses in instant messengers, email, etc.
Documentation regulating work with PD in a preschool educational institution
Each preschool institution is obliged to develop and implement documentation that regulates activities related to the processing of personal data. The main guiding documents in the preschool educational institution are:
- Regulations on the organization of work with personal data of preschool educational institutions;
- PD processing policy in a preschool institution;
- Written consent to PD processing from employees of the institution, parents, legal representatives;
- Regulations on the service (responsible employee of the preschool educational institution) responsible for information security in the institution;
- Kindergarten Privacy Statement;
- The provision delimiting the rights of access to personal data that are subject to processing by the kindergarten;
- Obligations taken from the employee about non-disclosure of confidential information;
- The consent of the parents (legal representatives) to the processing of personal data;
- The procedure for accounting for electronic media in a preschool educational institution;
- Regulation on work with electronic data carriers.
This list is not exhaustive and may be supplemented by other documents. Preschool educational institutions must have job descriptions containing data on the responsibility, duties of employees in relation to working with personal data. Also, the preschool educational institution must have a journal in which violations of the confidentiality regime are recorded, acts on the destruction of unused PD, acts on identifying violations when working with such information.