Regulatory framework for personal data protection
The current documents on the protection of personal data (PD), mandatory for use by operators, should be taken into account when developing their own regulatory documents at enterprises and organizations using PD.
One of the fundamental regulations in this area is the Federal Law of the Russian Federation No. 152 "On Personal Data". It was published on July 27, 2006 and defines the basic terms and criteria for processing personal data of individuals, legal entities, as well as requirements for organizing work with this information by the operator and his responsibility for their violation.
Certain information is classified as confidential information. You can get acquainted with their list in Decree No. 188 of the President of the Russian Federation. This normative act was signed and entered into force on 06.03.97.
In relation to civil servants, another Decree was adopted - No. 609 of 05/30/2005, which approved the Regulation on PD for this category of workers.
When using PD without the use of automation tools, one must be guided by the norms of Decree No. 687 dated September 15, 2008, which contains the requirements for processing and storing PD using tangible media. For PD processed in information systems, the requirements for their protection are set out in Resolution No. 1119 dated 01.11.12.