What information constitutes confidential information

 
Apply for SearchInform DLP TRY NOW

The activity of many organizations and services is associated with the need to store data that is not desirable publicity. The confidentiality of some of them is officially confirmed by legislative acts. There is information that is kept secret at the initiative of the management of enterprises or personal wishes of citizens. To prevent confidential information from getting to unauthorized persons, their protection must be organized. To ensure information security, special methods and computer programs are used.

Information not subject to disclosure

Information that is not subject to publicity is considered not only official or state secrets, but also data available to a limited number of people. Restrictions can be imposed, for example, on reports of emergency events, destructive natural phenomena, and the sanitary and epidemiological situation in the country.

What information is officially considered confidential is stated in the Decree of the President of the Russian Federation (with the latest additions of July 13, 2015, No. 357). These include:

  • personal data and events in the private life of people (with the exception of information that, with their consent, is covered in the media);
  • materials of judicial investigations, advocate secrets, data on people in need of state protection after giving testimony;
  • information constituting an official secret. They relate to the activities of secret organizations, special-purpose laboratories, defense enterprises;
  • medical secrets, telephone conversations, privacy of correspondence;
  • results of audits of financial activities of organizations;
  • trade secrets concerning special technologies or materials that are used in this enterprise. Knowing about technical innovations gives the company an edge over competitors and helps increase revenues. Upon joining the service, employees sign an agreement on non-disclosure of trade secrets and other information of interest to competitors. Violation of the contract threatens the employee with dismissal or a fine;
  • materials on the essence of inventions that have not yet been confirmed by patents and have not been introduced into production;
  • secrets of bank deposits and cash flows of individuals and organizations;
  • state secrets. They can be associated with scientific, economic, political, military activities. Special authorities (the Interdepartmental Commission, the Federal Security Service, and others) are responsible for the preservation of such information.

Information that is not considered confidential

Information is not considered classified information if it is included in the certificate of registration of the company, license or constituent documents.

Confidential information does not include data on the company's property, personnel policy and methods of remuneration. Any data included in catalogs and price lists is also not considered a secret.

The management of the enterprise should not classify information about the presence of harmful production factors. It is responsible for hiding information about non-compliance with environmental and health standards.

Public information is also data on tenders and competitions held at enterprises with the aim of signing contracts and recruiting new employees.

The data on the financial activities of non-profit organizations are not related to classified information.

Why is a list of classified information compiled

The issue of confidentiality of service data is sometimes controversial. Often, due to the uncertainty of the adopted rules, industrial conflicts and legal proceedings arise.

Before dismissing an employee suspected of divulging trade secrets, the employer must justify the reason for such actions. The fired person often does not agree that he has done something illegal. He can file a complaint with the Labor Inspectorate about unfair accusations.

Example 1.

The employee needed to print a service document, for which he transferred the contents to a flash drive. The contract, signed by him upon admission to work, indicated that the employees of the company had no right to divulge trade secrets. But it did not say anything about what information is considered classified information. If the inspection carried out by the labor inspectorate confirms the ambiguity of the wording, the employer will have to cancel the dismissal order.

The transfer of commercial information to a USB flash drive cannot be considered a misdemeanor, unless it is proven that the employee transferred this medium to a third party or placed classified data on a home computer.

Example 2.

An employee who voluntarily quit, shared confidential information about the company's activities with competitors. As a result, the firm incurred losses. The management submits an application to the court and demands that the perpetrator compensate material losses. To assess the fairness of claims and the amount of damage, the court will also need a list of classified information and a justification for the amount of losses.

To avoid this uncertainty, the employer must compile a list of trade secrets. The document must clearly indicate that their disclosure will cause financial damage to the company. It should be noted which of the employees has the right to use confidential information. It is necessary to inform about the procedure for handling such materials and measures taken to maintain confidentiality.

Secret data should be kept under the heading "Trade secret".

Access to documents is provided only to those employees who need them for work. The trustee gives a non-disclosure receipt. Before that, he is introduced to a list of trade secrets and warned of liability for information leakage.

Not only the company's intellectual property needs to be protected, but also customer information. Disclosure of their personal and banking data threatens the company with loss of reputation and trust.

Confidentiality Measures

The management of the company should take measures in advance to protect confidential information. These measures are:

1. Introduction of a permissive system of access to classified works and documents containing important data. The trade secret regime must be respected. The list of trusted persons who are given permission to enter the information system should be clearly stipulated.

2. Restricting the access of unauthorized persons to premises where secret documents or important computer programs are stored.

3. Safe storage of passwords and access keys to valuable information. This will protect them from being stolen, substituted or destroyed.

4. Back up important materials . It allows, if necessary, to prove their authenticity, to reproduce lost data.

All actions taken must be consistent with the legislation of the Russian Federation.

Tools used to ensure the safety of data

To ensure information security, two methods are used: software and hardware protection and the use of secure communication channels.

Software and hardware data protection allows you to control access to classified materials. Let's briefly describe its types.

Identification

To enter the system, a magnetic card is required, work in certain frequency ranges. Access to work with classified information is provided only after the introduction of special logins, passwords or biometric data.

Authentication

This is a technique for additional confirmation of the authenticity of data provided during identification. It becomes clear that a person interested in classified information is really who he claims to be.

Authentication means include personal smart cards, digital signatures, pin codes, usb keys.

After logging into the system, the employee is given access to the information that he needs to perform routine tasks. The rest of the data remains private.

Logging

The information system records those who got access to the materials and the actions that were performed with their use.

Audit

The program issues a report on the actions taken, the duration of access of individual employees to classified materials. When an attempt is made to breach information security, the response system is automatically activated.

Encryption

To create confidentiality, data related to trade secrets is encrypted.

Shielding

When using this technology, information is divided according to the degree of secrecy, as well as availability to individual employees, related organizations or competing companies. This uses "firewalls" - computer programs for monitoring and filtering Internet data.

Using secure communication channels

The transmission of information through public channels is associated with the risk of falling into the wrong hands.

To prevent this from happening, "tunneling" is carried out. This technology is the transmission of classified data through a conventional network in a disguised ("encapsulated") form.

Conclusion

Any citizen, as well as a public or private enterprise, has the right to own information that requires protection from outside attention. It is important that it does not contradict federal laws and is not used to the detriment of state interests.

Leakage of confidential data can result from the introduction of extraneous programs into the computer, damage or theft of electronic media, failure of automatic data processing systems. Actions that lead to the disclosure of classified data are criminal offenses. Such actions are considered illegal entry into the system of classified information, interception of information, replacing it with false data. Unauthorized use of devices containing classified materials is prohibited.

Each organization should have an individual list of confidential information that is prohibited from distribution. Compliance with information security measures plays an important role.

09.12.2020