Dom,
Eighteen months ago I did some research into DP and privacy legislation
applicable in Russia. Two federal laws govern DP and privacy; 'On Personal
Data 2006 (No 152-FZ)' and ‘About Information, Information Technologies and
Protection of Information 2006 (No. 149-03)'. They came into effect in early
2007.
“On Personal Data” clearly reflects western European regulations but I was
told by a Russian lawyer that enforcement issue is poor. Personal data is
defined as any information relating to an identified or identifiable individual
including his name, date and place of birth, address, marital and/or social
status, material circumstances, education, profession or income. Unlike the UK
DPA it does not include an expression of opinion about the individual and
neither does it include photographs, email messages and CCTV images. The
law also recognises some forms of data as sensitive personal data.
Key obligations when handling personal data are:
- a requirement to safeguard confidentiality when obtaining and processing
personal data
- obtaining and subsequent processing requires consent of the individual
concerned. It will be for the data controller to show that such consent has
been obtained
- processing for direct marketing requires the prior agreement of the individual
- there is an individual right of access. Other rights are to prevent processing,
to claim damages where there has been a breach of confidentiality or illegal
processing, and to have personal data amended or deleted
- unlawful obtaining or dissemination of personal data may lead to civil or
criminal penalties including fines and imprisonment
- transborder transfers are not restricted to jurisdictions ensuring an adequate
level of protection (adequacy seems to be left to the controller to decide)
Supervision is the responsibility of three separate state authorities: the
Ministry of Information Technologies and Communication, the Federal Security
Service and the Federal Service of Technical and Export Control, but there law
is unclear on how this works in practice.
A number of law firms with international practices (particularly those with
offices in Russia or Eastern Europe) have produced commentaries on the
legislation which may be worth checking out. Try Google.
Hope this assists.
rgds,
Kevin Broadfoot
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|