Legal regulation of confidential information - SearchInform

Legal regulation of confidential information

 
Apply for SearchInform DLP TRY NOW

Information is data that is regulated by law. There are two types of information: information in the public domain and in limited access. There are fundamental differences between open and confidential information. Dissemination of confidential information poses a threat to economic security and is punished in accordance with applicable law.

Concept and types of confidential information

According to the Federal Law of the Russian Federation "On Information, Information Technologies and Information Protection" No. 149-FZ, information is divided into two types:

  • information for general use. The type of data that is publicly available for all citizens of the Russian Federation;
  • data with closed access. The type of information that is limited by the regulatory legal acts of the Russian Federation and is available only to certain categories of persons who gain access to information in connection with their official powers.

Confidential information concept

In the broad sense of the word, confidential information is information with limited access. In a narrow sense, confidential information is of particular value to individuals in government service or working in an organization.
The legislator discloses the concept of “confidentiality of information” in the Federal Law “On Information” No. 149-FZ. According to Art. 2 of the law, restricted data includes information that cannot be transferred to third parties without the consent of the data owner.

Confidential information is a certain secret, since it is available only to a few categories of persons who have the right and access to work with it. Protection and legal protection of confidential data is guaranteed by the state and enshrined in the Constitution of the Russian Federation. The basic law of the Russian Federation states that a citizen, organization and state have the right to secrecy.

The main sources of legal regulation of confidential information in the Russian Federation are:

  • international treaties and agreements;
  • the constitution of the Russian Federation;
  • federal laws;
  • laws of subjects;
  • local acts.

Types of confidential information

Confidential information is divided into several types depending on the content and in which circle it is used:

1. Service secret.

According to Presidential Decree No. 188 "On Approval of the List of Confidential Information", an official secret is understood as information of particular value, access to which is limited by the state authorities of the Russian Federation in accordance with the current legislation.

Information that is an official secret is also governed by the provisions of the RF Government Decree No. 1233 “On Approval of the Regulation on the Procedure for Handling Official Information of Restricted Distribution in Federal Executive Bodies”.

This Resolution contains legal provisions on working with information constituting an official secret:

  • obligatory affixing of the mark "For official use";
  • transfer to employees of information containing official secrets only against receipt;
  • storage of information "For official use" in safes;
  • destruction of documents containing official secrets only by act;
  • copying of documents with official secrets with the written consent of the head.

2. Trade secret.

In accordance with Art. 3 of the Federal Law “On Commercial Secrets” No. 98-FZ, a commercial secret is understood as a mode of restricting the use, transmission and dissemination of information, which allows its owner to obtain material or non-material benefits.

Possession of someone else's trade secret allows competitors to increase profits, avoid unnecessary expenses, and get privileges in the market for goods and services.

According to Law No. 98-FZ, information constituting a commercial secret can be the results of intellectual activity, scientific and technical information that is of particular commercial value for an organization.

The value of a trade secret lies in the fact that it is known only to a certain circle of persons and is not available to third parties. An example of a trade secret is the production of a product using a unique technology.

The legislator, among other things, indicates which information cannot be recognized as a commercial secret:

  • information from the unified state register of legal entities and individuals, confirming the fact of making an entry in the register;
  • licenses and certificates that give the right to engage in entrepreneurial activity;
  • information about the number of employees and the amount of wages at the enterprise;
  • information regarding arrears or non-payment of wages and any social benefits;
  • information about violation of laws and bringing to legal responsibility;
  • information related to the safety of citizens, society in general and the environment;
  • a list of persons entitled to perform legal actions without a power of attorney;
  • information on holding tenders or auctions for the privatization of state or municipal real estate.

3. Personal data.

Federal Law "On Personal Data" No. 152-FZ explains what can be considered personal data. Based on Art. 3 of the law, personal data is any information relating (directly or indirectly) to the subject of personal data, that is, an individual.

According to the law, the receipt, processing, storage and other actions with the personal data of an individual are carried out only with the consent of the latter.

At the same time, the person who processes personal data does not have the right to disclose the information that the citizen provides to him. In exceptional cases, the transfer of such data is allowed if the individual personally gives consent to this, or this is provided for by the current legislation.

4. Secrecy of criminal proceedings.

The Criminal Procedure Code of the Russian Federation (Criminal Procedure Code of the Russian Federation) contains a provision that prohibits the disclosure of information concerning a criminal case at the stage of preliminary investigation.

The investigator or interrogator is obliged to inform the participants in the criminal proceedings about the inadmissibility of disclosing information in the criminal case, about which a corresponding receipt is drawn up.

However, in Art. 161 of the Code of Criminal Procedure of the Russian Federation states that in exceptional cases the data of the preliminary investigation can be made public with the permission of the persons conducting the investigation. Also, the legislator notes that the information that can be disclosed should not contradict the interests of the investigation and participants in criminal proceedings.

At the same time, it is prohibited to disclose information that contains information about the private life of the participants in the criminal case, as well as minors who have not reached the age of 14.

5. Judicial secrets.

There is also confidential information in legal proceedings called judicial secrets. In any branch of law (administrative, civil and criminal), the legislator establishes the principle of its observance.

The essence of this principle is as follows:

  • a judge or a panel of judges makes a decision only in the deliberation room;
  • no one, except judges, has the right to participate in the adoption of a decision, with the exception of a jury;
  • when participating in a trial, jurors do not have the right to divulge court decisions;
  • non-disclosure of information in cases of a special category. Despite the fact that in the Russian Federation one of the principles of legal proceedings is publicity, that is, the openness of the court session, there are a number of cases in which the session must be closed without fail. Such cases, for example, include all cases related to the protection of the rights and interests of minors.

6. Professional secrecy.

There is a professional secret in almost every profession: doctor, lawyer, notary, psychologist. For each specialist there is a special concept of professional secrecy, which is regulated in various legal acts.

For example, lawyers are guided by Federal Law No. 63-FZ "On advocacy and the legal profession in the Russian Federation." In Art. 8 of the law states that the lawyer's secret is information that became known to the lawyer when providing legal assistance to his client. At the same time, it is unacceptable to interrogate a lawyer on the basis of circumstances that became known to him in the course of his professional activities.

Similar legal provisions are laid down for notaries, doctors and other professionals who receive information that is not subject to disclosure. Every employee who gets access to the data signs a nondisclosure document.

Protecting confidential information

In order to prevent leakage of confidential information, it is necessary to take appropriate measures to prevent this. The legislator has enshrined legal provisions on data protection in the Federal Law "On Information, Information Technologies and Information Protection" No. 149.

There are also several legal ways to protect restricted information. Legislative regulation on issues related to the protection of restricted information also consists in securing legal responsibility for the disclosure of such information.

Protection of information

As mentioned above, the provisions governing the protection of confidential information are enshrined in Federal Law No. 149. In accordance with the law, the protection of information means:

  • ensuring the protection of restricted information from unlawful encroachment;
  • compliance with the regime of limited access to limited data;
  • taking measures to implement the right to access limited information.

Legislative coordination of restricted data is also to take measures to protect information:

  • prevention of information leakage;
  • timely detection of attempts to illegally gain access to information;
  • prevention of consequences that arise from unauthorized access to information;
  • constant monitoring of the level of information protection;
  • the ability to recover data that has been destroyed;
  • placement of information of limited access in databases on the territory of the Russian Federation.

The following protections exist to protect sensitive data:

  • Physical. Physical protection consists in storing information in special safes or vaults, access to which is allowed to a narrow circle of people.
  • Hardware. The hardware protection method involves storing information on special computers or servers, which are constantly monitored to prevent unauthorized access to data.
  • Software. Information protection is carried out using software that timely blocks unauthorized user actions and prevents information leakage.
  • Mathematical (cryptographic). Mathematical protection allows you to encrypt data, making it inaccessible to third parties.

Responsibility for offenses in the field of information

According to Art. 17 of the Federal Law No. 149, for violation of the requirements established for confidential information, legal responsibility comes.

Legal norms stipulate the following types of responsibility:

  • Disciplinary. This type of liability applies when an employee has committed a disciplinary offense. For example, he disclosed the personal data of a colleague to third parties.
  • Civil law. This type of liability involves the recovery of moral or material damage for disclosing information of limited access.
  • Administrative. A person who has committed a crime provided for by the Code of Administrative Responsibility is brought to administrative responsibility. For example, disclosure and distribution of information with limited access.
  • Criminal. Criminal liability for information crime can result from an illegal way of obtaining information, such as hacking software.

Legal regulation of confidential information helps to ensure its safety and protection. At the same time, several regulations governing legal issues related to restricted information are the guarantor of protection.

08.12.2020

Subscribe to get helpful articles and white papers. We discuss industry trends and give advice on how to deal with data leaks and cyberincidents.

هل ترغب بالانتقال الى الصفحة الرئيسية,
او التعرف على المزيد عن الخدمات لمنطقة الشرق
الاوسط و شمال افريقيا؟
Do you want to visit main website
or learn more about MSS for MENA market?