Concept and types of confidential information. Types of confidential information

Confidential information in any area is carefully protected by law. Therefore, the duty of employees who have access to it is to protect the data and not allow it to be made public. There are various responsibilities for the disclosure of confidential information. A person can even be convicted under an article from the Criminal Code if he has committed a serious violation. Therefore, it is in the interests of the workers themselves that, through their fault, information does not leak to third parties.

What is confidential information

Confidential information is personal information with limited access. There are different types of such data, but all of them are protected by law. Employees who have access to them are obliged to maintain secrecy and not allow publicity. Moreover, they themselves should not disclose such information even within the family circle.

Types of confidential information:

  1. Personal data of an individual. These include everything related to events and facts of private life.
  2. Official secret. Only government employees holding a specific position have access to it. This may include tax secrets, information about adoption, etc.
  3. Professional secret. It is protected by the Constitution of Russia, and a limited number of people performing their professional duties know about it.
  4. Personal files of those convicted of crimes.
  5. Trade secret. This information must be stored in order to protect the legal entity from competition, or to obtain benefits.
  6. Information about court decisions and their execution within the framework of proceedings.
  7. The secrecy of the investigation and legal proceedings. This can include information about victims and witnesses who need government protection. Information about judges and law enforcement officials is also kept secret.

This information is confidential and is not subject to disclosure. It is necessary to maintain the confidentiality of such information in order to protect the interests of individuals and legal entities. Non-disclosure is necessary because publicity can lead to serious consequences. For example, to the bankruptcy of a company, the public condemnation of a person, the danger that has arisen for witnesses and victims. If an employee allows information to be disseminated, then he has the right to be punished depending on the severity of the violation.

Non-disclosure agreement

To allow an employee access to classified data, you will need to sign a non-disclosure agreement. Because on the basis of this document it will be possible to be held accountable if the employee does not comply with his obligations regarding the safety of data. There is no specific template for the agreement, but all important points must be present, such as the obligations of the parties and responsibility for disclosure.

But you also need to understand that without it you cannot access classified information. In any case, it is worth discussing the current situation personally with your superiors in order to resolve the issue with the contract.

How to prove the disclosure of personal information

Punishment, for example, a fine under a non-disclosure agreement, will be imposed only if the fact of violation can be confirmed. Any evidence will do for this. As a rule, it is not difficult to obtain them if it is possible to identify an unscrupulous employee.

However, first you need to confirm the fact that there really was secret data, and a specific person had access to it.

To do this, you need to use documents, for example, a non-disclosure agreement. Evidence will be required in any case, even for disciplinary action. Moreover, they will be needed for the trial, because to bring someone to justice under the article, compelling reasons and evidence are required.

What responsibilities are provided?

The employee must know what information will be classified and what will be publicly available. Therefore, he cannot make confidential data public simply because he was not aware of the restricted access to it. In most cases, employees deliberately disclose information that will be protected. This is done for personal reasons or for selfish purposes.

The punishment depends on the nature of the violation. Let's consider the types depending on the responsibility to which the guilty person can be held.

  1. What may be the punishment:
  2. Disciplinary punishment. He is appointed by the management of the organization after an internal review and investigation. The employee may be reprimanded, reprimanded, or even fired. The specific solution depends on the situation.
  3. Criminal liability. The elements of crimes are quite diverse and are determined on an individual basis. If the violation is criminal in nature, then they may even be deprived of their freedom.
  4. Civil liability. The victim may recover moral damages.

In Ukraine, approximately the same rules apply regarding punishment for disclosing classified information. Liability can only be avoided in certain cases.

"Kadrovik.ru", 2012, N 7

In any company, there is confidential information that is especially carefully protected from employees who do not have access to it, as well as competitors and suppliers. However, it is quite difficult to determine the degree of data secrecy. As a result, all information related to the activities of the organization begins to be considered confidential. As a result, legal disputes arise both with employees and with other companies.

The list of relevant data is given in several legislative acts, however, the company can independently restrict access to some information. At the same time, the main document that allows you to determine whether information is confidential is Federal Law No. 98-FZ of July 29, 2004 “On Trade Secrets” (hereinafter referred to as Law No. 98-FZ). However, the list contained in this Law is incomplete, and other information about confidential information is contained in other regulatory legal acts.

List of confidential data defined by law

View
confidential
information		List of informationLegislative
norm
Information,
component
commercial
secret		Information of any nature
(production, technical,
economic, organizational and
others), including the results
intellectual activity in scientific
technical field, as well as information about
ways to carry out professional
activities that have
actual or potential
commercial value due to
unknown to third parties		Article 3
Federal
law from
29.07.2004
N 98-ФЗ "О"
commercial
secret"
Banking
secret		Information about transactions, accounts and
deposits of organizations - clients of banks and
correspondents		Article 26
Federal
law from
02.12.1990
N 395-1 "O
banks and
banking
activities"
Advocate
secret,
notarial
secret		Information related to the provision
legal aid lawyer
to the principal; information that became
known to the notary in connection with his
professional activity		Basics
legislation
Russian
Federation about
notary office (approved
RF Armed Forces 02/11/1993
N 4462-1); Art. 8
Federal
law from
31.05.2002
N 63-FZ "On
lawyer
activities and
legal profession
Russian
Federation"
Intelligence,
Related
audit
organizations		Any information and documents received
and (or) compiled by the audit
organization and its employees, as well as
individual auditor and employees,
with whom they have concluded labor agreements
contracts for the provision of services,
provided for by this Federal
by law, with the exception of:
1) information disclosed by the person himself,
to whom the services were provided,
provided for by this Federal
by law or with its consent;
2) information about the conclusion with the auditee
person of the contract for conducting
mandatory audit;
3) information about the amount of payment
audit services		Article 9
Federal
law from
30.12.2008
N 307-FZ "On
audit
activities"

In practice, the confidentiality regime is determined by:

  • a list of information constituting a trade secret; a list of confidential information in the organization;
  • contractual regulation of relations with employees;
  • contractual regulation of relations with counterparties by establishing relevant provisions in the contract;
  • applying restrictive marks and a confidentiality stamp indicating its owner on material media of confidential information.

In addition to these measures, the company may, if necessary, use means and methods of technical protection of confidential information, as well as other measures that do not contradict the legislation of the Russian Federation.

The trade secret regime cannot be established in relation to the following information:

  • contained in the constituent documents of a legal entity and documents confirming the fact of making entries about legal entities in state registers;
  • contained in documents giving the right to carry out entrepreneurial activities;
  • about environmental pollution, the state of fire safety, the sanitary-epidemiological and radiation situation, food safety and other factors that have a negative impact on ensuring the safe operation of production facilities, the safety of each citizen and the safety of the population as a whole;
  • on the number and composition of employees, the remuneration system, working conditions, including labor protection, indicators of industrial injuries and occupational morbidity, and the availability of vacancies;
  • about the debt of employers in payment of wages and other social benefits;
  • about violations of the legislation of the Russian Federation and facts of prosecution for their commission;
  • on the size and structure of income of non-profit organizations, on the size and composition of their property, on their expenses, on the number and remuneration of their employees, on the use of gratuitous labor of citizens in the activities of a non-profit organization;
  • on the list of persons who have the right to act without a power of attorney on behalf of a legal entity;
  • information, the mandatory disclosure of which or the inadmissibility of restricting access to which is established by federal laws before the entry into force of Law No. 98-FZ.

Let's consider the procedure for establishing a list in a specific company.

How to deal with an employee who discloses confidential information?

In many companies, the following measures are taken against an employee who discloses secret information: disciplinary action is imposed, damages are sought in court. Some employers simply fire the offenders, believing that disseminating confidential information is a serious offense. Indeed, such a possibility exists. According to paragraphs. "c" clause 6, part 1, art. 81 of the Labor Code of the Russian Federation, an employment contract can be terminated by the employer even in the case of a one-time disclosure of a trade secret that has become known to the employee in connection with the performance of his job duties.

If a dispute arises about the reinstatement of a person dismissed on the grounds in question, the employer bears the burden of proving all the circumstances of the disclosure of a trade secret. It is necessary to carefully consider all the circumstances of a particular case, analyze whether there are legal grounds for dismissing an employee suspected of disclosing confidential information, and also assess the possible risks if the employee challenges the dismissal.

Let's take the following example: an employee used a flash drive to print a document on a printer. However, the employer considered these actions to be a disclosure of trade secrets, since the ban on the use of a flash drive to transfer confidential information was contained in a local act. However, the organization did not have an exact list of such secret data. As a result, the employee contacted the labor inspectorate, and after an inspection he managed to get the disciplinary sanction lifted.

Thus, when imposing a disciplinary sanction, the employer must:

  • prove that the employee caused material damage to the organization;
  • establish that the employee disclosed confidential data included in the list;
  • confirm the fact of disclosure and familiarization of the employee with the list of confidential information.

If a company wants to recover damages in court (let’s say a manager quit and sold a confidential database to competitors), then it will need to assess material damage. The key condition for forming an evidence base is the availability of a list of confidential information.

List of confidential information in a separate organization

Each organization compiles its own list of confidential information. As a rule, it includes:

  • information about production and management;
  • data on employee salary levels;
  • personal data of employees;
  • management decisions, production development plans, investment programs;
  • minutes of meetings;
  • confidential contracts;
  • information about negotiations;
  • information about personnel composition, staffing schedule;
  • cost and prices;
  • accounting reports, primary documentation;
  • information about taxes and fees paid;
  • auditors' reports.
Please note: personal data and confidential information are not equivalent concepts. The latter is broader and may include various financial statements, data on the organization’s personnel and other information that is protected by the company in accordance with the established trade secret regime.

Information constituting a trade secret (production secret) is information of any nature (production, technical, economic, organizational and others), including the results of intellectual activity in the scientific and technical field, as well as information about the methods of carrying out professional activities that have actual or potential commercial value due to their unknownness to third parties, to which third parties do not have free access legally and in respect of which the owner of such information has introduced a trade secret regime. Disclosure of information constituting a trade secret is an action or inaction as a result of which such information in any possible form (oral, written, other, including using technical means) becomes known to third parties without the consent of the owner or contrary to labor or civil law. legal contract (Decision of the Moscow City Court dated November 14, 2011 in case No. 33-36486).

The concept of personal data is established in the Federal Law of July 27, 2006 N 152-FZ “On Personal Data”. This is any information relating to a directly or indirectly identified or identifiable individual (subject of personal data).

That is, if confidential information can relate to both individuals and legal entities, personal data - only to individuals. The list of confidential data classified as such at the legislative level is given in the appendix.

It is necessary to pay attention to the fact that information recognized as confidential by the company may not be classified as such. Accounting documents provided to company participants only for review may be classified as confidential (Resolution of the Federal Antimonopoly Service of the Volga Region dated April 5, 2005 N A12-12462/04-C56). A similar conclusion was made in the Resolution of the Federal Antimonopoly Service of the Far Eastern District dated 05/16/2007, 05/08/2007 N F03-A73/07-1/1090 in case N A73-9822/2006-9, in which the court recognized that neither the norms of the Federal Law dated 21.11 .1996 N 129-FZ “On Accounting”, nor Art. 89 of the Federal Law of December 26, 1995 N 208-FZ “On Joint-Stock Companies” does not provide for the mandatory provision to the shareholder of copies of primary accounting documents, turnover sheets of analytical accounting and an electronic database of the company’s accounting program. At the same time, for example, information about the fulfillment by taxpayers of their obligations to pay taxes is not a tax secret and can be disclosed (Resolution of the Federal Antimonopoly Service of the West Siberian District dated July 27, 2010 in case No. A27-25441/2009).

Thus, the employer must independently compile a list of confidential information and establish it in an administrative document, depending on the importance of this information. However, the recognition of data as confidential may be challenged in court. At the same time, an important point is also not only the establishment of the list of confidential information itself, but also the procedure for its protection.

Procedure for protecting confidential information

In accordance with Art. 10 of Law N 98-FZ, measures to protect the confidentiality of information taken by its owner must include:

  • determination of the list of data constituting a trade secret;
  • restricting access to such information by establishing a procedure for handling it and monitoring compliance with this procedure;
  • accounting of persons who gained access to confidential information and (or) persons to whom it was provided or transferred;
  • regulation of relations regarding the use of data constituting a trade secret by employees on the basis of employment contracts and by counterparties on the basis of civil law contracts;
  • affixing on tangible media containing confidential information, or including in the details of documents containing such information, the stamp “Trade Secret” indicating the owner of such information.

In order to protect the confidentiality of information, the employer is obliged to:

  • familiarize, against signature, an employee who needs access to such information to perform his job duties with a list of information constituting a trade secret owned by the employer and his counterparties;
  • familiarize the employee, against signature, with the trade secret regime established by the employer and with the penalties for violating it;
  • create the necessary conditions for the employee to comply with the established regime (Article 11 of Law No. 98-FZ).

An employment contract with the head of the organization must provide for the obligations of this employee to ensure the protection of the confidentiality of information owned by the organization and its counterparties, and responsibility for appropriate measures.

The recognition of data as confidential can be challenged in court

In this case, the company can take the following actions:

  • implementation of a permit system for accessing performers (users, service personnel) to information and work and documents related to its use;
  • restricting access of personnel and unauthorized persons to protected premises and premises where information and communication means are located, and information storage media are stored;
  • taking notes of meetings;
  • differentiation of access of users and service personnel to information resources, software for processing (transfer) and data protection;
  • accounting and secure storage of paper and computer storage media, keys (key documentation) and their circulation, excluding their theft, substitution and destruction;
  • redundancy of technical means and duplication of arrays and storage media;
  • protection against copying of information, use of certified means of protecting it;
  • use of secure communication channels;
  • cryptographic transformation of data processed and transmitted by means of computer technology and communications.

It is very important to establish in the local act of the organization not only a list of confidential information, but also the procedure for its use.

In relations with employees, companies usually use two tactics: protecting interests in court, protecting interests in pre-trial proceedings by terminating a contract with an employee. Let's consider the first method. As an example, we can cite the Determination of the Moscow City Court dated December 22, 2011 in case No. 4g/8-10945/11. Resolving the stated claims, guided by Art. 81 of the Labor Code of the Russian Federation, the Federal Law "On Trade Secrets", the court came to the conclusion that the dismissal of the plaintiff is legal and justified, since he disclosed a trade secret. The plaintiff sent documents to a third party by email to which third parties did not have free access and in respect of which the employer introduced a trade secret regime.

In court, the company proved the following facts: familiarization of the employee with the provision “On Trade Secrets”, compliance with the procedure for bringing to disciplinary liability, the fact of sending documents to the deputy general director of a third-party organization - information about contractors, information about the timing and methods of providing services, the amount of remuneration.

But, if confidential information is not transferred to third parties, the fact of copying information without transfer to third parties cannot be regarded as disclosure. Thus, in the Determination dated December 12, 2011 in case No. 4g/8-10961/2011, the Moscow City Court came to the conclusion that the information copied by the plaintiff onto a flash card constituted a trade secret of the company, but there was no evidence that this information was transmitted by her The defendant did not provide information to third parties, and the plaintiff denied committing such actions. The court also did not receive evidence of the plaintiff sending the specified information to the electronic mailboxes of third parties, as well as the facts of posting on the Internet. When inspecting the plaintiff’s home computer and deleting the copied information from it, the defendant did not record any such facts. There were no notes about this in the information deletion act. The employee’s actions, as a result of which the specified information becomes available to other employees monitoring compliance with the trade secret regime in the organization, cannot be qualified under paragraphs. "c" clause 6, part 1, art. 81 Labor Code of the Russian Federation. In such circumstances, when confidential information was not disclosed to third parties, an individual may be reinstated at work with compensation for the period of forced absence.

Dissemination of unclassified information does not constitute disclosure of confidential information. This conclusion follows from the Decision of the Moscow City Court dated November 14, 2011 in case No. 33-36486. The court came to the conclusion that information about the availability of equipment, its cost, and information about distributors do not constitute a trade secret, because placed in price lists, catalogs and booklets. Thus, confidentiality was not violated. A similar conclusion was made by the Moscow City Court in its Ruling dated October 18, 2011 in case No. 33-33741. In resolving the dispute and partially satisfying the claims, the court reasonably proceeded from the fact that the obligation to prove the existence of a legal basis for dismissal and compliance with the established procedure for dismissal rests with the employer. The employer did not provide evidence that the B2B system contained confidential information, nor evidence that the plaintiff disseminated data constituting a trade secret.

Of course, many companies cannot prove their case in court, since the regulatory framework does not contain a specific list of documents that can be used to confirm losses associated with the illegal disclosure of confidential information. In addition, it is very difficult to assess the material component, for example, leaks of information about counterparties or financial indicators, as well as the fact of disclosure itself. After all, disclosure can be made both in writing and orally. In this regard, many companies are forced to use methods of punishing negligent employees such as disciplinary action.

However, sometimes companies prefer not to wash dirty linen in public and part with such employees on good terms. In such situations, it is preferable to formalize the dismissal by agreement of the parties, provided for in Art. 78 Labor Code of the Russian Federation. One of the significant advantages is that it is almost impossible to challenge such dismissal, since there is a mutual agreement between the parties.

In conclusion, it should be noted that the integrity of the trade secret, the protection of the organization’s interests and the possibility of restoring justice in court depend on how clearly the company defines the list of confidential information, as well as the procedure for its protection.

Application

Example list of confidential data List of information classified as confidential (official) information in the central office of the Federal Agency for Railway Transport and its subordinate enterprises and institutions, approved. By Order of the Federal Agency for Railway Transport dated January 24, 2011 N 18

N
p/p		Information classified as confidential (official) information
I. Information on industry management activities
1 Selected materials from meetings of the Federal Railway Agency
transport (hereinafter referred to as Roszheldor) and the information contained therein,
restriction of access to which is established by a decision of the PDTK meeting
Roszheldora
2 Information (information) prepared by Roszheldor on information received from
government bodies, enterprises, institutions and
organizations, regardless of organizational and legal form and form
property marked "For official use", "Commercial
secret", "Confidential" and others in the part that does not contain information,
constituting state secrets
3 Information containing indicators of the state defense order in
part that does not contain information constituting a state secret
4 Information contained in the internal inspection materials
(investigation), before approval of the inspection report (conclusion), and
also if the information obtained as a result of the check
(investigations) can be used in the future for
illegal action (damage)
5 Information about the organization of work, about specific measures or ongoing
activities aimed at ensuring information security
when implementing international cooperation with the participation
representatives of Roszheldor, as well as those contained in the preparatory
or reporting documents (forms) about the meeting
II. Information on administrative and economic activities
6 Information about the personal data of the Roszheldor employee contained in
employee’s personal file, except as otherwise provided
legislation of the Russian Federation
7 Information received upon admission of a citizen to a state
civil service, necessary for obtaining admission to
state secret
8 Information about the employee’s awareness of information constituting
state secret
9 Minutes of meetings of competition commissions for holding competitions for
filling vacant positions in the state civil service
10 Acts of inspection of the activities of territorial departments and
subordinate organizations
11 Information on the staffing table of Roszheldor
12 Information about the location of structural units in the building
13 Minutes of housing commission meetings
14 Minutes of the meetings of the competition commission for holding
qualifying exam and certification
III. Information about the secrecy regime, mobilization preparation,
civil defense, emergency situations and transport security
15 Acts of inspections to ensure access control in the administrative
Roszheldor building
16 Information on the results of assessing the vulnerability of transport facilities
infrastructure and vehicles, except those providing
whose security is carried out exclusively by federal
executive authorities
17 Information contained in transport security plans
transport infrastructure object and vehicle
18 Information that is information resources of the unified state
transport security information system,
prepared by Roszheldor, with the exception of extracts from the register
categorized transport infrastructure facilities and transport
funds
IV. Data protection information
19 Information on the organization of processing of service information on the means
computer technology of Roszheldor
20 Information revealing the organization, information security status, or
information carriers or information process
21 Information about methods, means or effectiveness (state of protection)
confidential information in automated information
systems, computer equipment, other technical
means
22 Generalized information contained in the local computing diagram
network of Roszheldor, indicating organizational and technological
parameters or technical characteristics and locations of its
responsible components, information nodes (defined on
diagram)
23 Information about specific ongoing and (or) planned activities for
information security of confidential information
V. Other information
24 Information about the organization, condition or location of engineering systems
video surveillance, fire or security alarm system of the Roszheldor building
25 Information disclosing the content of plans and specific activities for
protection of the Roszheldor building, premises in which work is carried out,
materials are stored, confidential negotiations are conducted
26 Data from security video surveillance, recording of premises security systems,
electronic building entry system

Every person at least once in his life has come across the concept of “confidential information”. It is a collection of data that is of particular value and known, as a rule, to a very narrow circle of people. Current legislation provides for punishment for the disclosure of such information, that is, a person is responsible for failure to maintain a trade secret.

It can be used at the discretion of the person possessing it, but the chosen method should not contradict legal norms. Due to limited access to data, measures are taken to protect and protect such information from third parties. People often encounter problems in the workplace when they have to use documentation that is of particular importance to the company. Many companies warn their employees that even salary amounts are data that should not be shared.

In order to avoid various incidents and unpleasant situations, managers of enterprises and organizations are recommended to discuss in advance with each employee aspects that are secret. It is best to prepare a list of confidential information approved by governing bodies in advance. All personnel should be familiarized with this document and given free access to study. It is necessary to clearly classify all available data into separate groups, divided into:

  1. Absolutely accessible information. Such information is not limited and is regularly published in specialized publications. An example would be one intended for external users.
  2. Partially limited data, the opportunity to become familiar with which is available only to a specifically designated group of people.
  3. Documents at the disposal of the head of the company or a specialist with appropriate authority. This information can be fully considered confidential.

So, company documentation can be classified depending on its purpose into industrial and commercial. The first contains all the information about the equipment, the special technology for manufacturing the product, the product itself, and so on. And commercial includes all agreements with counterparties, information about the presence of accounts payable and receivable and their amounts, correspondence with business partners. Accordingly, confidential information is also divided into two main groups (commercial and industrial).

Due to the continuous development of production, the emergence of new equipment and the introduction of technological innovations, security department employees are increasingly having to take measures to strengthen the security system. Currently, the majority of information is stored electronically, and all payments with partners are also carried out non-cash. This increases the number of various types of hacker attacks, sometimes leading to irreparable consequences. That is why technical protection is one of the most important tasks, the implementation of which is the responsibility of the best personnel of the company. Indeed, huge sums are spent on maximizing the protection of firms' internal networks. This is especially true for large corporations, where security is included in the list of strategic goals.

Unfortunately, in the modern world, the hunt for documents representing trade secrets is carried out with particular cruelty. After all, the struggle for power is present both at the state level and at the level of individual economic entities. Confidential information is an expensive commodity that is successfully sold on the market. Thus, managers can be advised to keep up with the times and spare no expense on improving the security system, so that they do not have to deal with the financial fraud of ill-wishers later.

Confidentiality

Confidentiality.(English) confidence- trust) - the need to prevent leakage (disclosure) of any information.

In the Anglo-American tradition, there are two main types of confidentiality: voluntary (privacy) and forced (secrecy). (See Edward Shiles - The Torment of Secrecy: The Background & Consequences Of American Security Policies (Chicago: Dee) In the first case, we mean the prerogatives of the individual, in the second case we mean information for official use, available to a limited circle of company officials , corporation, government agency, public or political organization. Although privacy and secrecy are similar in meaning, in practice they usually contradict each other: increased secrecy leads to a violation and reduction of privacy. In totalitarian and authoritarian states, confidentiality is usually meant. only secret.

Definitions

Confidentiality information - audit principle, which consists in the fact that auditors are obliged to ensure the safety of documents received or compiled by them in the course of auditing activities, and do not have the right to transfer these documents or their copies to any third parties, or disclose information contained in them orally without consent of the owner of the economic entity, except for cases provided for by legislative acts.

Confidentiality information - a mandatory requirement for a person who has gained access to certain information not to transfer such information to third parties without the consent of its owner.

Confidential information- information, access to which is limited in accordance with the legislation of the Russian Federation and constitutes commercial, official or personal secrets protected by its owner.

Official secret- confidential information protected by law, which has become known to state bodies and local self-government bodies only on legal grounds and due to the performance of their official duties by their representatives, as well as official information about the activities of government bodies, access to which is limited by federal law or due to official need. There is no clear definition of the concept of “official secret” in the current legislation of the Russian Federation. Official secret is one of the objects of civil rights under the civil legislation of the Russian Federation. The regime for protecting official secrets is generally similar to the regime for protecting commercial secrets. In a number of cases, the law provides for criminal liability for the disclosure of official secrets (for example, for the disclosure of the secret of adoption, or for the disclosure of information constituting a commercial, tax or banking secret by a person to whom such information became known in the service).

Official secret- information with limited access, with the exception of information classified as state secrets and personal data, contained in state (municipal) information resources, accumulated at the expense of the state (municipal) budget and being the property of the state, the protection of which is carried out in the interests of the state.

Protecting confidentiality is one of the three objectives of information security (along with protecting the integrity and availability of information).

Privacy Relevance

Since the beginning of the use of computer technology in all areas of human activity, many problems have arisen related to the protection of confidentiality. This is mainly due to the processing of documents using computer technology. Many administrative measures to protect the confidentiality of individuals and organizations have lost their force due to the transition of document flow to a completely new environment.

When receiving personal letters, when concluding contracts, during business correspondence, during telephone conversations with acquaintances and strangers, a person used various means of authentication. Personal letters were sent indicating an existing postal address or had a stamp from the exact post offices where such letters were processed. When concluding contracts, forms were used produced in printing houses, on which text was printed using typewriters with unique serial numbers, which was then signed by an official and certified with the seal of the organization. When talking on the phone, it was reliably known that the conversation was being conducted with exactly the person whose voice was previously known. Many hundreds of administrative measures have been aimed at protecting the privacy of people's communications.

With the introduction of computer technology into human life, a lot has changed. When using, for example, e-mail, it became possible to specify a non-existent return address or simulate receiving a letter from a friend. With everyday communication via the Internet, many signs that identify a person in everyday life (gender, age, degree of education) have ceased to be so. The so-called “virtual reality” has appeared.

It is impossible to quickly and effectively solve problems related to privacy protection in computer systems. There is a need for an integrated approach to solving these problems. This approach should include the use of organizational, legal, and software measures that protect confidentiality, integrity, and availability.

Today, organizations have a set of standards to ensure correct work with confidential information. The head of the organization signs a list of confidential information. In the contract signed by the employee and the employer, there is a clause that talks about liability for incorrect work with confidential information, as a result of which, if the rules for working with this information specified in the contract are not followed, there is a legal basis for bringing such employees to administrative or criminal liability . Organizations also have a set of measures aimed at ensuring the protection of confidential information. For example, such measures may include: selection of qualified personnel, forecasting possible threats and taking measures to prevent them, using different levels of personnel access to information with varying secrecy.

Since it is impossible to study this area in detail in a short time, a direction for training specialists in the field of information security was introduced.

With the help of software and hardware information security tools provided by various manufacturers, higher efficiency indicators can be achieved if they are used in a comprehensive manner. Such tools include equipment for cryptographic protection of speech information, programs for cryptographic protection of text or other information, programs for ensuring the authentication of email messages through an electronic digital signature, programs for providing anti-virus protection, programs for protecting against network intrusions, programs for detecting intrusions, programs for hiding the reverse email sender's address.

Such a list of software and hardware tools, as a rule, is developed by specialists in the field of information security, taking into account many factors, for example, the characteristics of the automated system, the number of users in this system, differences in the access level of these users, etc.

Confidentiality in Russian legislation

Notes

Literature

  • Large legal dictionary. 3rd ed., add. and processed / Ed. prof. A. Ya. Sukhareva. - M.: INFRA-M, 2007. - VI, 858 pp. - (B-k of dictionaries "INFRA-M")

Links

  • Confidential information in Russian legislation

see also


Wikimedia Foundation.

2010.:

Synonyms:

Antonyms

    Secrecy, secrecy, confidentiality, secrecy. Ant. openness, glasnost Dictionary of Russian synonyms. confidentiality see secrecy Dictionary of synonyms of the Russian language. Practical guide. M.: Russian language... Synonym dictionary

    confidentiality- The property of information that it cannot be viewed by unauthorized users and/or processes. Keeping critical information secret; access to it is limited to a narrow circle of users (individuals... ... Technical Translator's Guide

    CONFIDENTIAL [de], aya, oe; flax, linen (book). Secret, confidential. K. conversation. Report confidentially (adv.). Ozhegov's explanatory dictionary. S.I. Ozhegov, N.Yu. Shvedova. 1949 1992 … Ozhegov's Explanatory Dictionary

    Confidentiality- An ethical requirement that applies to both experimental research and psychotherapy. Under this requirement, participants or patients have the right to have information collected during a study or treatment session not... ... Great psychological encyclopedia

    confidentiality- 2.6 confidentiality: The property of information being inaccessible and closed to an unauthorized individual, entity or process. [ISO/IEC 7498-2] Source... Dictionary-reference book of terms of normative and technical documentation

    confidentiality- ▲ limited access to (subject), confidentiality information. confidential not subject to wide publicity; accessible to a narrow circle of people (# conversation). confidentially. trust. confidential (# tone). confidentially. trust (#… … Ideographic Dictionary of the Russian Language

The concept of “confidential information” has become an integral part of Russian legal vocabulary. Currently, it is used in several hundred regulatory legal acts of the Russian Federation. Law enforcers are also keeping up with the legislator: increasingly, entire sections or even separate confidentiality agreements can be found in various agreements. The inclusion of provisions prohibiting the dissemination of confidential information in employment contracts has become widespread.

However, the legislation still does not contain a clear definition of the concept of “confidential information”. Previously, such a definition was contained in Art. 2 of the no longer in force Federal Law “On Information, Informatization and Information Protection”. According to this law, “confidential information is documented information, access to which is limited in accordance with the legislation of the Russian Federation.” This definition, in a slightly modified form, continues to be used in acts of state authorities of the Russian Federation.

The current Federal Law “On Information, Information Technologies and Information Protection” does not contain a definition of the concept of “confidential information”. However, this definition can be obtained based on an analysis of its norms.

According to paragraph 1 of Art. 2 of this law, information is information (messages, data) regardless of the form of its presentation.

Paragraph 7 of the same article states that confidentiality of information is a mandatory requirement for a person who has gained access to certain information not to transfer such information to third parties without the consent of its owner.

Thus, confidential information is information, regardless of the form in which it is provided, that cannot be transferred by the person who has access to this information to third parties without the consent of its copyright holder.

The list of confidential information is contained in Decree of the President of the Russian Federation dated March 6, 1997 No. 188 “On approval of the list of confidential information.” According to this decree, confidential information includes:

· Personal Information;

· information constituting the secret of investigation and legal proceedings, as well as information about protected persons and measures of state protection carried out in accordance with Federal Law of August 20, 2004 No. 119 - Federal Law “On state protection of victims, witnesses and other participants in criminal proceedings” and other regulatory legal acts of the Russian Federation;

· official secret;

· medical, notarial, attorney-client secrecy, secrecy of correspondence, telephone conversations, postal items, telegraphic or other messages;

· trade secret;

· information about the essence of the invention, utility model or industrial design before the official publication of information about them.

Attention should be paid to the fact that this list cannot be considered closed. The current Federal Law “On Information” does not require the adoption of regulations by the President or the government for the further development of the concept of “confidential information”. Moreover, the law allows the owner of information to independently decide whether to grant it confidential status. Therefore, the list should be considered as an example.

This conclusion has very important practical significance. The ability to independently determine the status of information allows its owner to develop ways to protect it from unauthorized access, use and distribution, as well as to provide for measures of civil liability in the event of these actions. The above conclusion is of particular importance for business companies. As is known, in accordance with paragraph 2 of Art. 67 of the Civil Code of the Russian Federation, participants in business companies are obliged not to disclose confidential information.

Unfortunately, this norm was not developed in the Federal Law “On Joint-Stock Companies”, which does not mention such a duty of shareholders at all. Therefore, there is still no consensus in science about what kind of confidential information we are talking about. A number of authors believe that the obligation not to disclose confidential information applies only to confidential information that falls under the trade secret regime.

Currently, there is no clear and unified classification of types of confidential information, although the current regulations establish over 30 of its varieties. Certain attempts at such a classification have been made by scientists. A. I. Aleksentsev offers the following grounds for dividing information by type of secret:

§ owners of information (for certain types they may overlap);

§ areas (spheres) of activity in which there may be information constituting this type of secret;

§ who is entrusted with the protection of this type of secret (for some types of secrets, a coincidence is also possible here). (11, P.92)

A.A. Fatyanov classifies information to be protected according to three criteria: by ownership, by the degree of confidentiality (degree of access restriction) and by content. (22, P.254)

By ownership, the owners of the protected information may be government bodies and the structures formed by them (state secrets, official secrets, in certain cases, commercial and banking secrets); legal entities (commercial, banking, lawyer, medical, audit secrets, etc.); citizens (individuals) - in relation to personal and family secrets, notarial, lawyer, medical. It should be noted that the use of the concepts “owner”, “proprietor” in relation to information is contained in the Federal Law “On Information...”, the Law of the Russian Federation “On State Secrets” and a number of other regulations. This use, as well as the recognition of information as an object of real rights and, including property rights, established by the above-mentioned acts, causes great criticism among scientists and to a certain extent contradicts the Civil Code, since according to Art. 128 of the Civil Code, information does not relate to things. This problem has already been covered by the author, and it must be recognized that it is more expedient to refuse to use proprietary rights in relation to information, and therefore it is more correct to talk about the owner, as indicated in Art. 139 of the Civil Code of the Russian Federation, and not the owner, user or owner of the information. In the future, the concepts of “owner”, “user” or “owner” will be used only when citing the law or the opinion of a researcher.

At present, only information constituting a state secret can be classified according to the degree of confidentiality (degree of access restriction). According to Art. 8 of the Law of the Russian Federation “On State Secrets”, three degrees of secrecy of information constituting a state secret are established, and the secrecy stamps corresponding to these degrees for carriers of this information: “special importance”, “top secret” and “secret”. It is interesting that in the United States and a number of NATO countries, the secrecy classifications are similar to those established by domestic legislation - “confidential”, “secret”, “top secret”. For other types of secrets, this classification basis has not yet been developed, however, according to Art. 8 of the Law of the Russian Federation “On State Secrets”, the use of these classifications to classify information not classified as state secrets is not allowed. (21, P.148)

It should be noted that the above classifications are not exhaustive and their development remains to be done by science and legislation. The lack of a clear classification of confidential information and the lack of formalization of their legal regimes in legislation leads to a significant number of contradictions and gaps. Let's consider the most significant of them.

In accordance with Art. 2 of the Law of the Russian Federation “On State Secrets”, state secret is information protected by the state in the field of its military, foreign policy, economic, intelligence, counterintelligence and operational investigative activities, the dissemination of which may harm the security of the Russian Federation. As A.I. Aleksentsev notes, the term “distribution” in this case is too vague. (11, P.96)

Distribution may or may not be unauthorized, it may or may not cause damage. This criterion states the possible consequences of the dissemination of information, i.e., it assumes the opposite, whereas logically, one should rather name the advantages obtained from the fact that the information is kept secret.

Summarizing all of the above, we can state that currently the types of confidential information are state, commercial, personal and family, official and professional secrets, which, in turn, has a number of varieties. At the same time, the legal regime of most of these secrets has not been fully developed, and there are serious contradictions between individual documents that need to be eliminated.