Analysis of the legal and organizational framework for ensuring the security of personal data
https://doi.org/10.37493/2307-910X.2023.4.33
Abstract
The paper analyzes the features of the application of the legal framework for ensuring the security of PD, as well as reveals the essential organizational aspects of planning a PD protection system in an organization. The authors analyze certain aspects of legal regulation that have a significant impact on the choice of organizational measures to protect PD: setting the limits of the RF legislation in the field of PD; establishment of categories of PD and the main sources of legal regulation corresponding to them; features of legal regulation of the processing of certain categories of PD. Structurally and logically, the work is divided into two main parts: legal measures to ensure the security of PD, organizational measures for planning the protection of PD. In general, the authors of the article analyze legal, organizational and planning measures to ensure the security of personal data that can be implemented in an organization.
About the Authors
E. A. Ovchinnikova
Siberian State University of telecommunications and Information Science
Russian Federation
Russian Federation
Elena A. Ovchinnikova – Associate Professor
86, Kirov St., Novosibirsk
E. A. Semenova
Pyatigorsk Institute (branch), North Caucasus Federal University
Russian Federation
Russian Federation
Elena A. Semenova – Cand. Sci. (Techn.), Associate Professor, Dean of the Faculty of Innovative Engineering and Hospitality Technology
Pyatigorsk
V. V. Tsapleva
Pyatigorsk Institute (branch), North Caucasus Federal University
Russian Federation
Russian Federation
Valentina V. Tsapleva – Cand. Sci. (Techn.), Associate Professor, Head of the Department of Management Systems and Information Technologies
Pyatigorsk
References
1. Bazovaya model' ugroz bezopasnosti personal'nykh dannykh pri ikh obrabotke v informatsionnykh sistemakh personal'nykh dannykh (vypiska): Utverzhdena zamestitelem direktora FSTEHK Rossii 15 fevralya 2008 g. [Ehlektronnyi resurs] FSTEHK Rossii. Available from: https://bdu.fstec.ru/documents/16 [Accessed 25 March 2023].
2. Bank dannykh ugroz bezopasnosti informatsii [Ehlektronnyi resurs] FSTEHK Rossii. Available from: https://bdu.fstec.ru/threat [Accessed 25 March 2023].
3. GOST R ISO/MEHK 27001-2006 ―Informatsionnaya tekhnologiya. Metody i sredstva obespecheniya bezopasnosti [Ehlektronnyi resurs] Sistemy menedzhmenta informatsionnoi bezopasnosti‖: data vvedeniya 2008-02-01 (nedeistvuyushchii). Available from: https://docs.cntd.ru/document/1200058325 [Accessed 24 March 2023].
4. Kodeks Rossiiskoi Federatsii ob administrativnykh pravonarusheniyakh [feder. Zakon: prinyat Gos. Dumoi 20 dekabrya 2001 g.: po sostoyaniyu na 2 oktyabrya 2018 g.]. M.: Sobranie zakonodatel'stva Rossiiskoi Federatsii, 2002. No. 1 (chast' I). St. 1.
5. Konstitutsiya: Osn. Zakon Ros. Federatsii ot 12 dek. 2003 g. [Ehlektronnyi resurs] Konsul'taTPlyus. Available from: http://www.consultant.ru/document/cons_doc_LAW_28399/ [Accessed 5 April 2023].
6. Metodika otsenki ugroz bezopasnosti informatsii: Metodicheskii dokument. utverzhden FSTEHK Rossii 5 fevr. 2021 g. [Ehlektronnyi resurs] FSTEHK Rossii. Rezhim dostupa: https://fstec.ru/tekhnicheskaya-zashchitainformatsii/dokumenty/114-spetsialnye-normativnye-dokumenty/2170-metodicheskij-dokument-utverzhden-fstekrossii-5-fevralya-2021 [Accessed 30 March 2023].
7. Ob advokatskoi deyatel'nosti i advokature v Rossiiskoi Federatsii: feder. zakon prinyat Gos. Dumoi 26 apr. 2002 g. № 63-FZ: po sostoyaniyu na 10 noyab. 2022 g. [Ehlektronnyi resurs] Konsul'tanTPlyus. Available from: http://www.consultant.ru/document/cons_doc_LAW_36945// [Accessed 1 April 2023].
8. Ob Arkhivnom dele v Rossiiskoi Federatsii [feder. zakon: prinyat Gos. Dumoi 1 oktyabrya 2004 g.: po sostoyaniyu na 28 dekabrya 2017 g.]. M.: Sobranie zakonodatel'stva Rossiiskoi Federatsii, 2004. No. 43. St. 4169.
9. Ob informatsii, informatsionnykh tekhnologiyakh i o zashchite informatsii: feder. zakon prinyat Gos. Dumoi 8 iyulya 2006 g. No. 149-FZ: po sostoyaniyu na 27 iyulya 2006 g. [Ehlektronnyi resurs] Konsul'tanTPlyus. Available from: http://www.consultant.ru/document/cons_doc_LAW_61798/ [Accessed 1 April 2023].
10. Ob ispolnitel'nom proizvodstve: feder. zakon prinyat Gos. Dumoi 14 sentyab. 2007 g. No. 229-FZ: po sostoyaniyu na 29 dekab. 2022 g. [Ehlektronnyi resurs] Konsul'tanTPlyus. Available from: https://www.consultant.ru/document/cons_doc_LAW_71450/ [Accessed 1 April 2023].
11. Ob obespechenii dostupa k informatsii o deyatel'nosti sudov v Rossiiskoi Federatsii [feder. zakon: prinyat Gos. Dumoi 10 dekabrya 2008 g.: po sostoyaniyu na 28 dekabrya 2017 g.]. M.: Sobranie zakonodatel'stva Rossiiskoi Federatsii, 2008. No. 32. St. 6217.
12. Ob osnovakh okhrany zdorov'ya grazhdan Rossiiskoi Federatsii: feder. zakon prinyat Gos. Dumoi 1 noyab. 2011 g. No. 323-FZ: po sostoyaniyu na 19 dekab. 2022 g. [Ehlektronnyi resurs] Konsul'tanTPlyus. Available from: https://www.consultant.ru/document/cons_doc_LAW_121895/ [Accessed 1 April 2023].
13. Ob utverzhdenii perechnya svedenii konfidentsial'nogo kharaktera [ukaz Prezidenta: utverzhden Prezidentom 6 mata 1997 g.: po sostoyaniyu na 13 iyulya 2015 g.]. M.: Sobranie zakonodatel'stva Rossiiskoi Federatsii, 1997. № 188. St. 1127.
14. Ob utverzhdenii sostava i soderzhaniya organizatsionnykh i tekhnicheskikh mer po obespecheniyu bezopasnosti personal'nykh dannykh pri ikh obrabotke v informatsionnykh sistemakh personal'nykh dannykh: Prikaz FSTEHK Rossii ot 18 fevr. 2013 g. No. 21. [Ehlektronnyi resurs] Available from: https://fstec.ru/normotvorcheskaya/akty/53-prikazy/691-prikaz-fstek-rossii-ot-18-fevralya-2013-g-n-21 [Accessed 19 March 2023].
15. Ob utverzhdenii trebovanii k zashchite personal'nykh dannykh pri ikh obrabotke v informatsionnykh sistemakh personal'nykh dannykh utv. Postanovleniem Pravitel'stva RF 1 noyab. 2012 g. № 1119. [Ehlektronnyi resurs] Available from: http://www.consultant.ru/document/cons_doc_LAW_137356/ [Accessed 8 April 2023].
16. O gosudarstvennoi zashchite poterpevshikh, svidetelei i inykh uchastnikov ugolovnogo sudoproizvodstva: feder. zakon prinyat Gos. Dumoi 31 iyulya 2004 g. No. 119-FZ: po sostoyaniyu na 1 iyulya 2021 g. – [Ehlektronnyi resurs] Konsul'tanTPlyus. Available from: http://www.consultant.ru/document/cons_doc_LAW_48959/ [Accessed 1 April 2023].
17. O gosudarstvennoi zashchite sudei, dolzhnostnykh lits pravookhranitel'nykh i kontroliruyushchikh organov: feder. zakon prinyat Gos. Dumoi 22 marta 1995 g. No. 45-FZ: po sostoyaniyu na 1 iyulya 2021 g. – [Ehlektronnyi resurs] Konsul'tanTPlyus. Available from: http://www.consultant.ru/document/cons_doc_LAW_6425/ [Accessed 1 April 2023].
18. O gosudarstvennoi taine: zakon RF: prinyat Gos. Dumoi 21 iyulya 1993 g.: po sostoyaniyu na 9 marta 2021 g.]. [Ehlektronnyi resurs] Konsul'tanTPlyus. Available from: http://www.consultant.ru/document/cons_doc_LAW_2481/ [Accessed 21 April 2023].
19. O personal'nykh dannykh [Feder. zakon: prinyat Gos. Dumoi 8 iyulya 2006 g.: po sostoyaniyu na 25 noyabrya 2009 g.]. M.: Sobranie zakonodatel'stva Rossiiskoi Federatsii, 2006. № 31. CH. 1. St. 3451.
20. O svyazi [Feder. zakon: prinyat Gos. Dumoi 18 iyunya 2003 g.: po sostoyaniyu na 3 avgusta 2018 g.]. M.: Sobranie zakonodatel'stva Rossiiskoi Federatsii, 2003. No. 28. St. 2895.
21. Osnovy zakonodatel'stva Rossiiskoi Federatsii o notariate: zakon utv. VS RF 11.02.1993 № 4462-1: po sostoyaniyu na 28 dekab 2022 g. [Ehlektronnyi resurs] Konsul'tanTPlyus. Available from: http://www.consultant.ru/document/cons_doc_LAW_1581/ [Accessed 1 April 2023].
22. Trudovoi kodeks Rossiiskoi Federatsii: feder. zakon ot 30 dekab. 2001 g. № 197-FZ po sost. na 2 iyulya 2021 g. [Ehlektronnyi resurs] Konsul'tant Plyus. Available from: http://www.consultant.ru/document/cons_doc_LAW_75545/ac2912085b2f68971c7dc84be6ccb8a5291f10f5/#dst100106 [Accessed 23 March 2023].
23. Ugolovno-ispolnitel'nyi kodeks Rossiiskoi Federatsii: feder. zakon prinyat Gos. Dumoi 18 dekab. 1996 g. No. 1-FZ po sost. na 29 dekab. 2022 g. [Ehlektronnyi resurs] Konsul'tant Plyus. Available from: http://www.consultant.ru/document/cons_doc_LAW_75545/ac2912085b2f68971c7dc84be6ccb8a5291f10f5/#dst100106 [Accessed 23 March 2023].
24. Ugolovno-protsessual'nyi kodeks Rossiiskoi Federatsii [feder. Zakon: prinyat Gos. Dumoi 22 noyabrya 2001 g.: po sostoyaniyu na 25 noyabrya 2013 g.]. M.: Sobranie zakonodatel'stva Rossiiskoi Federatsii, 2001. No. 52. St. 4921.
Review
For citations:
Ovchinnikova E.A., Semenova E.A., Tsapleva V.V. Analysis of the legal and organizational framework for ensuring the security of personal data. Modern Science and Innovations. 2023;(4):274-284. (In Russ.) https://doi.org/10.37493/2307-910X.2023.4.33
Views:
167
Email this article 