Personal Data Security
What is personal information and why does the state develop entire laws designed to protect such data? Imagine that you are making an order online. In the process of forming the order, you specify such data as contact phone number and address.
It would seem that nothing bad happened, the order was delivered on time and you were satisfied. However, after some time, you begin to receive a lot of advertising letters to your address, strangers call you on your home phone and, calling you by name, offer your services. In addition, you may encounter theft of plastic card data when working with online banking.
Recently, the idea of the so-called e-government has been actively promoting in our country, which will allow users to interact with various government organizations through the World Wide Web. However, can we be sure of the safety of our personal data? How advertising companies and attackers become aware of the details of orders and appeals to seemingly reputable sites. The problem lies in the simple lack of qualifications and dishonesty of workers who did not provide decent protection against hacking.
The problem of personal data protection in the EU
In the EU, personal data has been protected for more than 20 years since the creation of the “Council of Europe Convention on the Protection of the Person in Connection with the Automatic Processing of Personal Data”. The existing legislation in the European Union clearly describes the requirements for the storage and processing of data, as well as the operation of payment systems in general. Such requirements strictly regulate the need to protect all personal information stored in the databases of trading companies. Here is a sample list of requirements for such resources.
Personal information should:
Be received and processed exclusively by law and in good faith.
Stored strictly for certain purposes and not used for illegal operations.
Comply in content with the features of the company and do not include redundant information.
Contain the most accurate data and update as necessary.
Stored in a strictly defined form that does not allow users to be identified for longer than the nature of the company’s activities justifies it.
In addition, everyone should know that their data is included in a particular database. At the first request, the data must be deleted or updated in case of incorrect filling.
EU legislation takes into account not only existing, but also new means of transmitting and storing information, which allows us to adapt this law to rapidly changing conditions.
In practice, this means that when you contact the online store you do not have to enter data such as insurance policy number, passport or other documents that are not necessary for order delivery. Each user is warned about entering their data into the database and ask his permission to do so explicitly. Of course, this significantly complicates the life of the owners of Internet resources, however, it allows you to avoid many unpleasant situations and even prevent criminal actions.
After joining the Council of Europe, our country began the process of gradually bringing legislation into line with generally accepted norms. Part of legislative initiatives has already been framed in the form of the law “On Information, Informatization and Information Protection”. In addition, in 2010 Russia ratified the “Council of Europe Convention on the Protection of the Personality in Connection with the Automatic Processing of Personal Data” and adopted the federal law “On Personal Data”.
What information is personal?
According to existing legislation, the following definition of personal data is used: “any information relating to a natural person defined or determined on the basis of such information, including his last name, first name, middle name, year, month, education, date and place of birth, address, income , marital, social, property status, profession, other information. ”
Also today, on the territory of our country, it is allowed to collect only those data that are necessary for a specific operation and only with the permission of the user. Of course, there are certain exceptions that may be dictated by state security issues or the requirements of federal law. For example, your insurance company may not ask for your consent when selling CTP policies. Also, your data is collected and accumulated without your consent when conducting statistical studies. The only caveat is that in this case, all information should be impersonal.
There is a whole article of federal law that prohibits the use of personal information for advertising purposes and the dissemination of such information without the consent of the user.