Annexes to the regulation on the processing of personal data. Protection of personal information. Regulation on the processing and protection of personal data
Various kinds of information that relates to a specific individual are his personal data. Accordingly, such an individual is referred to as the subject of personal data (clause 1, part 1, article 3 of the Federal Law of July 27, 2006 No. 152-FZ). The subjects of personal data include employees.
The employer, in turn, is engaged in the processing of personal data of his employees, i.e., he collects data, organizes it, stores, updates, transfers, deletes, etc. This, for example, is the passport data of employees, information about their address of residence, information about the education or length of service of employees, about wages or marital status, about business qualities and even hobbies of employees, etc.
When processing the personal data of its employees, the employer must ensure that their rights and freedoms are not violated. In particular, the right to privacy, personal and family secrets. In other words, the employer must ensure reliable protection of personal data.
In order to ensure compliance with the requirements for the processing of personal data of employees and the protection of this information, the employer may develop and approve the Regulations on working with personal data of employees. It can also be called, for example, the Regulation on the processing of personal data of employees, the Regulation on the protection of personal data, or even the Regulation on the personal data of employees.
The employer must carefully approach the development of such a Regulation, and in the future strictly follow the procedure indicated in it, because violation of the legislation on personal data by him is fraught with fines.
So, for example, the processing of personal data in cases not provided for by legislation in the field of personal data, or the processing of personal data that is incompatible with the purposes of collecting personal data, may result in the imposition of a fine on officials of the employer in the amount of 5,000 to 10,000 rubles, and on employer-organization - from 30,000 to 50,000 rubles (part 1 of article 13.11 of the Code of Administrative Offenses of the Russian Federation).
Although it must be borne in mind that the Regulation on Personal Data is also mandatory for employees. An employee can even be fired for disclosing the personal data of another employee that became known to him in the performance of his job duties (clauses “c”, clause 6, article 81 of the Labor Code of the Russian Federation).
We are developing a Regulation on the procedure for processing personal data of employees
The structure and content of the Regulations on the protection of personal data of employees (a sample is given below) the employer determines for himself. At the same time, he is guided, in particular, by the requirements of the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” and Ch. 14 "Protection of personal data of an employee" of the Labor Code of the Russian Federation.
When developing the Regulations on personal data, the employer must take into account, in particular, the following principles for the processing and protection of personal data:
- the processing of personal data of employees is carried out only for the purpose of complying with the legislation of the Russian Federation, assisting employees in finding employment, obtaining education and promotion, ensuring the personal safety of employees, controlling the quantity and quality of work performed and ensuring the safety of property;
- all personal data of employees must be obtained from him. If any personal data of an employee can only be obtained from a third party, the employee must be notified in advance about this, and written consent must be obtained from him;
- the employer must, at his own expense, protect the personal data of employees from their unlawful use or loss;
- the employer must, against signature, familiarize employees with the procedure for processing their personal data, as well as with their rights and obligations in this area.
The regulation on the protection of personal data is approved by the head of the employer as a local regulatory act. It is necessary to acquaint all employees with it against signature when they are employed (part 3 of article 68 of the Labor Code of the Russian Federation).
For the Regulation on personal data of employees 2018, we will give a sample of its filling.
MINISTRY OF COMMUNICATIONS AND MASS COMMUNICATIONS
RUSSIAN FEDERATION
FEDERAL SERVICE FOR SUPERVISION IN THE FIELD OF COMMUNICATIONS,
ON THE APPROVAL OF THE REGULATION
INFORMATION TECHNOLOGIES AND MASS COMMUNICATIONS
In accordance with the Federal Law of July 27, 2006 N 152-FZ "On Personal Data" (Collected Legislation of the Russian Federation, 2006, N 31, Art. 3451; 2009, N 48, Art. 5716; N 52, Art. 6439 ; 2010, N 27, item 3407; N 31, item 4173, item 4196; N 49, item 6409; N 52, item 6974; 2011, N 23, item 3263; N 31, item 4701 ) and subparagraph "b" of paragraph 1 of the List of measures aimed at ensuring the fulfillment of the obligations provided for by the Federal Law "On Personal Data" and the regulatory legal acts adopted in accordance with it, by operators that are state or municipal bodies, approved by Decree of the Government of the Russian Federation dated 21 March 2012 N 211 (Collected Legislation of the Russian Federation, 2012, N 14, Art. 1626), I order:
1. Approve the attached Regulations on the processing and protection of personal data in the central office of the Federal Service for Supervision of Communications, Information Technology and Mass Media.
2. Recognize invalid the order of the Federal Service for Supervision in the Sphere of Communications, Information Technology and Mass Communications of April 13, 2011 N 246 "On Approval of the Regulations on the Processing of Personal Data in the Central Office of the Federal Service for Supervision in the Sphere of Communications, Information Technologies and Mass Media Communications" (registered by the Ministry of Justice of the Russian Federation on May 17, 2011, registration N 20757).
3. Send this order for state registration to the Ministry of Justice of the Russian Federation.
Supervisor
A.A. ZHAROV
Application
to the order of the Federal Service
on supervision in the field of communications,
information technologies
mass communications
POSITION
ON PROCESSING AND PROTECTION OF PERSONAL DATA IN THE CENTRAL
OFFICE OF THE FEDERAL SERVICE FOR SUPERVISION IN THE FIELD OF COMMUNICATIONS,
INFORMATION TECHNOLOGIES AND MASS COMMUNICATIONS
I. General provisions
1.1. The Regulation on the processing and protection of personal data in the central office of the Federal Service for Supervision of Communications, Information Technology and Mass Media (hereinafter referred to as the Regulation) determines the purposes, content and procedure for processing personal data, measures aimed at protecting personal data, as well as procedures, aimed at identifying and preventing violations of the legislation of the Russian Federation in the field of personal data in the central office of the Federal Service for Supervision of Communications, Information Technology and Mass Communications (hereinafter referred to as Roskomnadzor).
1.2. This Regulation defines the policy of the central office of Roskomnadzor as an operator processing personal data regarding the processing and protection of personal data.
1.3. This Regulation has been developed in accordance with the Labor Code of the Russian Federation (Sobranie Zakonodatelstva Rossiyskoy Federatsii, 2002, N 1, Art. 3; N 30, Art. 3014, 3033; 2003, N 27, Art. 2700; 2004, N 18, Art. 1690; N 35, item 3607; 2005, N 1, item 27; N 19, item 1752; 2006, N 27, item 2878; N 52, item 5498; 2007, N 1, item 34; N 17, item 1930; N 30, item 3808; N 41, item 4844; N 43, item 5084; N 49, item 6070; 2008, N 9, item 812; N 30, item 3613 ; N 30, item 3616; N 52, item 6235, 6236; 2009, N 1, item 17, 21; N 19, item 2270; N 29, item 3604; N 30, item 3732, 3739 ; N 46, item 5419; N 48, item 5717; 2010, N 31, item 4196; N 52, item 7002; 2011, N 1, item 49; N 25, item 3539; N 27, 3880; N 30, items 4586, 4590, 4591, 4596; N 45, items 6333, 6335; N 48, items 6730, 6735; N 49, item 7031; 2012, N 10, item 1164 ; N 14, item 1553; N 18, item 2127; N 31, item 4325) (hereinafter referred to as the Labor Code of the Russian Federation), the Code of the Russian Federation on Administrative Offenses (Collection of Legislation of the Russian Federation editions, 2002, N 1, art. one; No. 18, art. 1721; No. 30, art. 3029; No. 44, Art. 4295, 4298; 2003, N 27, Art. 2700, 2708, 2717; No. 46, art. 4434, 4440; No. 50, art. 4847, 4855; No. 52, art. 5037; 2004, N 19, Art. 1838; No. 30, art. 3095; N 31, art. 3229; No. 34, Art. 3529, 3533; No. 44, Art. 4266; 2005, N 1, art. 9, 13, 37, 40, 45; No. 10, art. 762, 763; No. 13, art. 1077, 1079; No. 17, art. 1484; No. 19, art. 1752; No. 25, art. 2431; No. 27, art. 2719, 2721; No. 30, art. 3104; No. 30, art. 3124, 3131; No. 40, art. 3986; No. 50, Art. 5247; No. 52, Art. 5574, 5596; 2006, N 1, art. 4, 10; N 2, Art. 172, 175; No. 6, art. 636; No. 10, art. 1067; No. 12, art. 1234; No. 17, art. 1776; No. 18, Art. 1907; No. 19, Art. 2066; No. 23, art. 2380, 2385; No. 28, art. 2975; No. 30, art. 3287; N 31, art. 3420, 3432, 3433, 3438, 3452; No. 43, Art. 4412; No. 45, art. 4633, 4634, 4641; No. 50, Art. 5279, 5281; No. 52, art. 5498; 2007, N 1, art. 21, 25, 29, 33; No. 7, art. 840; No. 15, art. 1743; No. 16, art. 1824, 1825; No. 17, Art. 1930; No. 20, art. 2367; No. 21, Art. 2456; No. 26, Art. 3089; No. 30, art. 3755; N 31, art. 4001, 4007, 4008, 4009, 4015; No. 41, Art. 4845; No. 43, Art. 5084; No. 46, art. 5553; No. 49, Art. 6034, 6065; No. 50, Art. 6246; 2008, N 10, art. 896; No. 18, art. 1941; No. 20, art. 2251, 2259; No. 29, art. 3418; No. 30, art. 3582, 3601, 3604; No. 45, art. 5143; No. 49, Art. 5738, 5745, 5748; No. 52, art. 6227, 6235, 6236, 6248; 2009, N 1, art. 17; No. 7, Art. 771, 777; No. 19, Art. 2276; No. 23, art. 2759, 2767, 2776; No. 26, art. 3120, 3122, 3131, 3132; No. 29, art. 3597, 3599, 3635, 3642; No. 30, art. 3735, 3739; No. 45, art. 5265, 5267; No. 48, Art. 5711, 5724, 5755; 2010, N 1, art. one; No. 11, Art. 1169, 1176; No. 15, art. 1743, 1751; No. 18, Art. 2145; No. 19, Art. 2291; No. 21, Art. 2524, 2525, 2526, 2530; No. 23, art. 2790; No. 25, Art. 3070; No. 27, art. 3416, 3429; No. 28, art. 3553; No. 30, art. 4000, 4002, 4005, 4006, 4007; N 31, art. 4155, 4158, 4164, 4191, 4192, 4193, 4195, 4198, 4206, 4207, 4208; No. 32, art. 4298; No. 41, Art. 5192, 5193; No. 46, art. 5918; No. 49, Art. 6409; No. 50, art. 6605; No. 52, art. 6984, 6995, 6996; 2011, N 1, art. 10, 23, 29, 33, 47, 54; No. 7, art. 901; No. 15, art. 2039, 2041; No. 17, art. 2310, 2312; No. 19, Art. 2714, 2715; No. 23, art. 3260, 3267; No. 27, art. 3873, 3881; No. 29, Art. 4289, 4290, 4291, 4298; No. 30, art. 4573, 4574, 4584, 4585, 4590, 4591, 4598, 4600, 4601, 4605; No. 45, Art. 6325, 6326, 6334; No. 46, art. 6406; No. 47, Art. 6601, 6602; No. 48, Art. 6730, 6732; No. 49, Art. 7025, 7042, 7056, 7061; No. 50, Art. 7342, 7345, 7346, 7351, 7352, 7355, 7362, 7366; 2012, N 6, Art. 621; No. 10, art. 1166; No. 15, art. 1723, art. 1724; No. 18, art. 2126, Art. 2128; No. 19, art. 2278; No. 24, Art. 3068, Art. 3069, art. 3082; No. 29, art. 3996; N 31, art. 4320, Art. 4322, Art. 4330; No. 41, Art. 5523), Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" (Sobraniye Zakonodatelstva Rossiyskoy Federatsii, 2006, No. 31, Art. 3451; 2009, No. 48, Art. 5716; No. 52, Art. 6439 ; 2010, N 27, item 3407; N 31, item 4173, item 4196; N 49, item 6409; N 52, item 6974; 2011, N 23, item 3263; N 31, item 4701 ) (hereinafter referred to as the Federal Law "On Personal Data"), Federal Law of July 27, 2006 N 149-FZ "On Information, Information Technologies and Information Protection" (Sobraniye Zakonodatelstva Rossiyskoy Federatsii, 2006, N 31, Art. 3448 ; 2010, N 31, item 4196; 2011, N 15, item 2038; N 30, item 4600; 2012, N 31, item 4328), Federal Law of May 27, 2003 N 58-FZ "On system of the public service of the Russian Federation" (Sobraniye zakonodatelstva Rossiyskoy Federatsii, 2003, No. 22, Art. 2063; No. 46, Art. 4437; 2006, No. 29, Art. 3123; 2007, No. 49, Art. 6070; 2011, No. 1 , Article 31; N 50, Article 7337) (hereinafter referred to as the Federal Law "On the Public Service System of the Russian Federation"), Federal Law dated July 27, 2004 N 79-FZ "On the State Civil Service of the Russian Federation" (Collected Legislation of the Russian Federation, 2004, N 31, art. 3215; 2006, N 6, Art. 636; 2007, N 10, art. 1151; No. 16, Art. 1828; No. 49, Art. 6070; 2008, N 13, Art. 1186; No. 30, art. 3616; No. 52, art. 6235; 2009, N 29, Art. 3597, 3624; No. 48, Art. 5719; No. 51, Art. 6150, 6159; 2010, N 5, art. 459; No. 7, Art. 704; 2011, N 1, art. 31; No. 27, art. 3866; No. 29, Art. 4295; No. 48, Art. 6730; No. 50, Art. 7337) (hereinafter - the Federal Law "On the State Civil Service of the Russian Federation"), Federal Law of December 25, 2008 N 273-FZ "On Combating Corruption" (Sobraniye Zakonodatelstva Rossiyskoy Federatsii, 2008, N 52, Art. 6228; 2011 , N 29, art. 4291; N 48, art. 6730) (hereinafter - the Federal Law "On Combating Corruption"), Federal Law of July 27, 2010 N 210-FZ "On the organization of the provision of state and municipal services" (Meeting Legislation of the Russian Federation, 2010, N 31, item 4179; 2011, N 15, item 2038; N 27, item 3880; N 29, item 4291; N 30, item 4587; N 49, item 7061; 2012, N 31, art. 4322) (hereinafter referred to as the Federal Law "On the organization of the provision of state and municipal services"), Federal Law of September 2, 2006 N 59-FZ "On the procedure for considering applications from citizens of the Russian Federation" (Collection of Legislation of the Russian Federation, 2006, N 19, article 2060; 2010, N 27, article 3410; N 31, article 4196) (hereinafter - the Federal Law "On the Procedure for consideration of applications from citizens of the Russian Federation"), Federal Law of July 7, 2003 N 126-FZ "On Communications" (Collected Legislation of the Russian Federation, 2003, N 28, art. 2895; No. 52, art. 5038; 2004, N 35, art. 3607; No. 45, Art. 4377; 2005, N 19, Art. 1752; 2006, N 6, Art. 636; No. 10, Art. 1069; N 31, art. 3431, Art. 3452; 2007, N 1, art. eight; No. 7, art. 835; 2008, N 18, art. 1941; 2009, N 29, art. 3625; 2010, N 7, art. 705; No. 15, Art. 1737; No. 27, art. 3408; N 31, art. 4190; 2011, N 7, art. 901; No. 9, Art. 1205; No. 25, art. 3535; No. 27, art. 3873, Art. 3880; No. 29, Art. 4284, art. 4291; No. 30, art. 4590; No. 45, art. 6333; No. 49, Art. 7061; No. 50, art. 7351, Art. 7366; 2012, N 31, art. 4328), Federal Law No. 99-FZ of May 4, 2011 "On Licensing Certain Types of Activities" (Sobraniye Zakonodatelstva Rossiyskoy Federatsii, 2011, No. 19, Art. 2716; No. 30, Art. 4590; No. 43, Art. 5971 ; N 48, article 6728; 2012, N 26, article 3446; N 31, article 4322) (hereinafter - the Federal Law "On Licensing Certain Types of Activities"), Law of the Russian Federation of December 27, 1991 N 2124- 1 "On the Mass Media" (Rossiyskaya Gazeta, 1992, February 8, No. 32; Collection of Legislation of the Russian Federation, 1995, No. 3, Art. 169; N 24, Art. 2256; N 30, Art. 2870; 1996, N 1, item 4; 1998, N 10, item 1143; 2000, N 26, item 2737; N 32, item 3333; 2001, N 32, item 3315; 2002, N 12, item 1093; N 30, article 3029, article 3033; 2003, No. 27, article 2708; No. 50, art. 4855; 2004, N 27, art. 2711; No. 35, Art. 3607; No. 45, art. 4377; 2005, N 30, art. 3104; N 31, art. 3452; 2006, N 43, Art. 4412; 2007, N 31, Art. 4008; 2008, N 52, art. 6236; 2009, N 7, Art. 778; 2011, N 25, art. 3535; No. 29, art. 4291; 2012, N 31, Art. 4322) (hereinafter referred to as the Law of the Russian Federation "On the Mass Media"), Decree of the President of the Russian Federation of February 1, 2005 N 112 "On Approval of the Regulations on the Competition for Filling a Vacant Position in the State Civil Service of the Russian Federation" (Collected Legislation of the Russian Federation, 2005, N 6, article 439; 2011, N 4, article 578), Decree of the President of the Russian Federation of May 30, 2005 N 609 "On approval of the Regulations on the personal data of a state civil servant of the Russian Federation and the conduct of his personal file" ( Collection of Legislation of the Russian Federation, 2005, N 23, article 2242; 2008, N 43, article 4921), Decree of the Government of the Russian Federation of March 16, 2009 N 228 "On the Federal Service for Supervision in the Sphere of Communications, Information Technology and Mass Media Communications" (Sobraniye zakonodatelstva Rossiyskoy Federatsii, 2009, N 12, item 1431; 2010, N 13, item 1502; N 26, item 3350; 2011, N 3, item 542; N 6, item 888; N 14, item 1935; N 21, item 2 965; No. 40, art. 5548; No. 44, Art. 6272; 2012, No. 20, Art. 2540; No. 39, art. 5270), Decree of the Government of the Russian Federation of November 1, 2012 N 1119 "On approval of requirements for the protection of personal data when they are processed in personal data information systems" (Sobraniye Zakonodatelstva Rossiyskoy Federatsii, 2012, N 45, Art. 6257), Government Decree of the Russian Federation dated July 6, 2008 N 512 "On approval of requirements for material carriers of biometric personal data and technologies for storing such data outside personal data information systems" (Sobraniye Zakonodatelstva Rossiyskoy Federatsii, 2008, N 28, art. 3384), by a decree of the Government of the Russian Federation dated September 15, 2008 N 687 "On approval of the Regulations on the specifics of the processing of personal data carried out without the use of automation tools" (Collected Legislation of the Russian Federation, 2008, N 38, art. 4320), by the Decree of the Government of the Russian Federation of March 21, 2012 . N 211 "On approval of the list of measures aimed at ensuring enforcement of the obligations stipulated by the Federal Law "On Personal Data" and the regulatory legal acts adopted in accordance with it, by operators that are state or municipal bodies "(Sobraniye Zakonodatelstva Rossiyskoy Federatsii, 2012, N 14, art. 1626), Decree of the Government of the Russian Federation of September 10, 2009 N 723 "On the procedure for commissioning finished state information systems" (Sobraniye Zakonodatelstva Rossiyskoy Federatsii, 2009, N 37, art. 4416; 2012, N 27, art. 3753) , Decree of the Government of the Russian Federation of January 27, 2009 N 63 "On the provision of federal state civil servants with a one-time subsidy for the purchase of housing" (Collected Legislation of the Russian Federation, 2009, N 6, art. 739; N 51, art. 6328; 2010 , N 9, art. 963; N 52, art. 7104) (hereinafter referred to as the Decree of the Government of the Russian Federation "On the provision of federal state civil servants with a one-time subsidy for the purchase of housing"), by order of the Government of the Russian Federation of May 26, 2005 N 667 -r on approval of the form of the questionnaire to be submitted to the state body by a citizen of the Russian Federation who has expressed a desire to participate in the competition for filling a vacant position in the state civil service of the Russian Federation (Sobraniye zakonodatelstva Rossiyskoy Federatsii, 2005, No. 22, art. 2192; 2007, N 43, art. 5264), Decree of the Government of the Russian Federation of October 6, 2011 N 1752-r on approval of the list of documents attached by the applicant to the application for registration (re-registration) of the mass media (Sobraniye zakonodatelstva Rossiyskoy Federatsii, 2011, N 41, art. 5789), by order of the FSTEC of Russia, the Federal Security Service of Russia, the Ministry of Information and Communications of Russia dated February 13, 2008 N 55/86/20 "On Approval of the Procedure for Classifying Personal Data Information Systems" (registered by the Ministry of Justice of the Russian Federation on April 3, 2008, registration N 11462).
1.4. The processing of personal data in the central office of Roskomnadzor is carried out in compliance with the principles and conditions provided for by this Regulation and the legislation of the Russian Federation in the field of personal data.
II. Conditions and procedure for processing personal data
state civil servants of Roskomnadzor
2.1. Personal data of state civil servants of the central office of Roskomnadzor, heads and deputy heads of territorial bodies of Roskomnadzor (hereinafter - civil servants of Roskomnadzor), citizens applying for positions in the civil service of the central office of Roskomnadzor and heads and deputy heads of territorial bodies of Roskomnadzor (hereinafter - citizens applying for to fill positions in the public service of Roskomnadzor), persons filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, are processed in order to ensure personnel work, including for the purpose of assisting state employees of Roskomnadzor in the course of public service (persons replacing the positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, in order to facilitate the performance of work), the formation of a personnel reserve of the state civil service, training and promotion, accounting for the results of the performance of official duties by civil servants of Roskomnadzor, ensuring the personal safety of civil servants of Roskomnadzor, persons replacing the positions of heads of federal subordinated to Roskomnadzor state unitary enterprises, and members of their families, providing civil servants of Roskomnadzor with working conditions established by the legislation of the Russian Federation, guarantees and compensations, safety of their property, as well as in order to combat corruption.
2.2. For the purposes specified in paragraph 2.1 of this Regulation, the following categories of personal data of civil servants of Roskomnadzor, persons replacing the positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, citizens applying for positions in the public service of Roskomnadzor, as well as citizens applying for positions of managers federal state unitary enterprises subordinate to Roskomnadzor:
2.2.1. surname, name, patronymic (including previous surnames, first names and (or) patronymics, in case of their change);
2.2.2. date, month, year of birth;
2.2.3. Place of Birth;
2.2.4. information about citizenship (including previous citizenships, other citizenships);
2.2.5. type, series, number of the identity document, name of the authority that issued it, date of issue;
2.2.6. address of residence (address of registration, actual residence);
2.2.7. contact phone number or information about other methods of communication;
2.2.8. details of the insurance certificate of state pension insurance;
2.2.9. taxpayer identification number;
2.2.10. details of the compulsory medical insurance policy;
2.2.11. details of the certificate of state registration of acts of civil status;
2.2.12. marital status, family composition and information about close relatives (including former ones);
2.2.13. information about labor activity;
2.2.14. information about military registration and details of military registration documents;
2.2.15. information about education, including postgraduate professional education (name and year of graduation from the educational institution, name and details of the document on education, qualification, specialty according to the document on education);
2.2.16. information about the academic degree;
2.2.17. information about the knowledge of foreign languages, the degree of knowledge;
2.2.18. a medical report in the prescribed form on the absence of a disease in a citizen that prevents entry into the state civil service or its passage;
2.2.19. photo;
2.2.20. information on the passage of the state civil service, including: date, grounds for entering the state civil service and appointment to the position of the state civil service, date, grounds for appointment, transfer, transfer to another position of the state civil service, the name of the substituted positions of the state civil service, indicating structural subdivisions, the amount of the salary, the results of certification for compliance with the position being replaced by the state civil service, as well as information about the previous place of work;
2.2.21. information contained in the service contract, additional agreements to the service contract;
2.2.22. information about your stay abroad;
2.2.23. information about the class rank of the state civil service of the Russian Federation (including diplomatic rank, military or special rank, class rank of law enforcement service, class rank of the civil service of a constituent entity of the Russian Federation), qualification rank of the state civil service (qualification rank or class rank of municipal service);
2.2.24. information about the presence or absence of a criminal record;
2.2.25. information about issued permits to state secrets;
2.2.26. state awards, other awards and distinctions;
2.2.27. information on professional retraining and (or) advanced training;
2.2.28. information on annual paid holidays, study holidays and holidays without pay;
2.2.29. information about income, property and liabilities of a property nature;
2.2.30. current account number;
2.2.31. Bankcard number;
2.2.32. other personal data necessary to achieve the goals provided for in clause 2.1 of this Regulation.
2.3. The processing of personal data and biometric personal data of civil servants of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor, persons filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, is carried out without the consent of these persons within the framework of the purposes determined by clause 2.1 of this Regulation, in accordance with clause 2 of part 1 of Article 6 and part 2 of Article 11 of the Federal Law "On Personal Data" and the provisions of the Federal Law "On the Public Service System of the Russian Federation", the Federal Law "On the State Civil Service of the Russian Federation", the Federal Law "On Combating Corruption", the Labor Code of the Russian Federation.
2.4. Processing of special categories of personal data of civil servants of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor, persons filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, is carried out without consent of these persons within the framework of the purposes determined by paragraph 2.1 of this Regulation, in accordance with subparagraph 2.3 of paragraph 2 of part 2 of Article 10 of the Federal Law "On Personal Data" and the provisions of the Labor Code of the Russian Federation, except for cases when personal data of an employee is obtained from a third party (in accordance with paragraph 3 of Article 86 of the Labor Code of the Russian Federation requires the written consent of the heads of federal state unitary enterprises subordinate to Roskomnadzor and civil en, applying for the specified position).
2.5. The processing of personal data of civil servants of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor, persons filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, is subject to obtaining consent specified persons in the following cases:
2.5.1. when transferring (distributing, providing) personal data to third parties in cases not provided for by the current legislation of the Russian Federation on the civil service;
2.5.2. in case of cross-border transfer of personal data;
2.5.3. when making decisions that give rise to legal consequences in relation to these persons or otherwise affect their rights and legitimate interests, based solely on the automated processing of their personal data.
2.6. In the cases provided for in paragraph 2.5 of this Regulation, the consent of the subject of personal data is made in writing, unless otherwise provided by the Federal Law "On Personal Data".
2.7. The processing of personal data of civil servants of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor, persons filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, is carried out by the Department of Civil Service and personnel of the Department of organizational work of Roskomnadzor (hereinafter referred to as the personnel division of Roskomnadzor) and includes the following actions: collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization , blocking, deletion, destruction of personal data.
2.8. Collection, recording, systematization, accumulation and clarification (update, change) of personal data of civil servants of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor, persons filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for positions heads of federal state unitary enterprises subordinate to Roskomnadzor, is carried out by:
2.8.1. obtaining the originals of the necessary documents (application, work book, autobiography, other documents submitted to the personnel division of Roskomnadzor);
2.8.2. copying original documents;
2.8.3. entering information into accounting forms (on paper and electronic media);
2.8.4. formation of personal data in the course of personnel work;
2.8.5. entering personal data into the information systems of Roskomnadzor used by the personnel division of Roskomnadzor.
2.9. Collection, recording, systematization, accumulation and clarification (updating, changing) of personal data is carried out by obtaining personal data directly from civil servants of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor, persons replacing the positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, and as well as citizens applying for positions of heads of federal state unitary enterprises subordinate to Roskomnadzor.
2.10. If it becomes necessary to obtain personal data of a civil servant of Roskomnadzor and persons replacing the positions of heads of federal state unitary enterprises subordinate to Roskomnadzor from a third party, the civil servant or the person filling the position of the head of a federal state unitary enterprise subordinate to Roskomnadzor should be notified in advance, obtain their written consent and inform them about the purposes, intended sources and methods of obtaining personal data.
2.11. It is forbidden to receive, process and attach to the personal file of a civil servant of Roskomnadzor and a person replacing the position of the head of a federal state unitary enterprise subordinate to Roskomnadzor, personal data that is not provided for in paragraph 2.2 of this Regulation, including those relating to race, nationality, political views, religious or philosophical beliefs , intimate life.
2.12. When collecting personal data, an employee of the personnel division of Roskomnadzor who collects (receives) personal data directly from civil servants of Roskomnadzor, citizens applying for positions in the public service of Roskomnadzor, persons replacing the positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for filling the positions of heads of federal state unitary enterprises subordinate to Roskomnadzor is obliged to explain to the specified subjects of personal data the legal consequences of the refusal to provide their personal data.
2.13. Transfer (distribution, provision) and use of personal data of civil servants of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor, persons filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for positions of heads of federal state unitary enterprises subordinate to Roskomnadzor enterprises, is carried out only in cases and in the manner prescribed by federal laws.
III. Conditions and procedure for processing personal
data of civil servants of the central office
and territorial bodies of Roskomnadzor and persons consisting
with them in relationship (property), in connection with the consideration
issue of a one-time grant
for the purchase of housing
3.1. The central office of Roskomnadzor processes the personal data of civil servants of the central office and territorial bodies of Roskomnadzor and persons related to them (property), in connection with the consideration of the issue of providing a one-time subsidy for the purchase of residential premises.
3.2. The list of personal data subject to processing in connection with the provision of a one-time subsidy for the purchase of residential premises is determined by the Decree of the Government of the Russian Federation "On the provision of federal state civil servants with a one-time subsidy for the acquisition of residential premises", and includes:
3.2.1. surname, name, patronymic;
3.2.2. type, series, number of the identity document, name of the authority that issued it, date of issue;
3.2.3. address of place of residence (address of permanent registration, address of temporary registration, address of actual place of residence);
3.2.4. information about the composition of the family;
3.2.5. personal data contained in an extract from the house book, copies of the financial personal account, marriage certificate, birth certificate of the child (children), work book, documents on the ownership of a civil servant and (or) members of his family of residential premises, except for residential premises in which they are registered (with the provision, if necessary, of their originals), a document confirming the right to an additional area of \u200b\u200bthe residential premises;
3.2.6. other personal data provided for by the legislation of the Russian Federation.
3.3. The processing of personal data of civil servants of Roskomnadzor upon registration for a lump sum payment is carried out on the basis of an application from a civil servant submitted to the head of Roskomnadzor to the Roskomnadzor Commission to consider issues of registration of federal civil servants to receive a lump sum subsidy for the purchase of housing (hereinafter - Commission of Roskomnadzor).
3.4. The processing of personal data of state employees of Roskomnadzor in connection with the provision of a one-time subsidy for the purchase of residential premises, in particular, the collection, recording, systematization, accumulation and clarification (updating, changing) of personal data, is carried out by officials of the central office of Roskomnadzor, who are part of the Roskomnadzor Commission, by :
3.4.1. obtaining the originals of the required documents;
3.4.2. providing duly certified copies of documents.
3.5. The Roskomnadzor Commission has the right to check the information contained in the documents submitted by civil servants of Roskomnadzor on the existence of the conditions necessary for registering a civil servant in order to receive a one-time housing subsidy.
3.6. The transfer (distribution, provision) and use of personal data of civil servants of Roskomnadzor received in connection with the provision of a one-time subsidy for the purchase of residential premises is carried out only in cases and in the manner prescribed by the legislation of the Russian Federation.
IV. Conditions and procedure for processing personal data
entities in connection with the provision of public services
and performance of state functions
4.1. In the central office of Roskomnadzor, the processing of personal data of individuals is carried out in order to provide the following public services and perform public functions:
4.1.1. organizing the reception of citizens, ensuring timely and full consideration of oral and written applications from citizens on issues within the competence of Roskomnadzor;
4.1.2. registration of mass media;
4.1.3. licensing activities for the production of copies of audiovisual works, programs for electronic computers, databases and phonograms on any type of media;
4.1.4. assignment (assignment) of radio frequencies or a radio frequency channel for radio electronic means;
4.1.5. licensing activities in the field of communications;
4.1.6. formation and maintenance of the register of federal state information systems (hereinafter referred to as the FSIS register);
4.1.7. implementation of activities to protect the rights of subjects of personal data.
4.2. Personal data of citizens who applied to the central office of Roskomnadzor in person, as well as those who sent individual or collective written appeals or appeals in the form of an electronic document, are processed in order to consider these appeals, followed by notification of the applicants about the results of the consideration.
In accordance with the legislation of the Russian Federation, appeals from citizens of the Russian Federation, foreign citizens and stateless persons are subject to consideration in the central office of Roskomnadzor.
4.3. As part of the consideration of citizens' appeals, the following personal data of applicants are subject to processing:
4.3.1. surname, name, patronymic (the last one, if available);
4.3.2. mailing address;
4.3.3. E-mail address;
4.3.4. the contact phone number indicated in the application;
4.3.5. other personal data indicated by the applicant in the appeal (complaint), as well as became known during a personal reception or in the course of consideration of the received appeal.
4.4. When registering mass media, the following personal data of applicants are processed:
4.4.1. surname, name, patronymic (the last one, if available);
4.4.2. type, series, number of the identity document, name of the authority that issued it, date of issue;
4.4.3. address of place of residence (address of permanent registration, address of temporary registration, address of actual place of residence);
4.4.4. contact phone number or information about other methods of communication.
4.5. When licensing activities for the production of copies of audiovisual works, programs for electronic computers, databases and phonograms on any type of media, the processing of the following personal data of applicants is carried out:
4.5.1. surname, name, patronymic (the last one, if available);
4.5.2. type, series, number of the identity document;
4.5.3. residence address;
4.5.4. contact phone number and, if available, email address.
4.6. When assigning (assigning) radio frequencies or a radio frequency channel for radio electronic means:
4.6.1. surname, name, patronymic (the last one, if available);
4.6.2. type, series, number of the identity document, name of the authority that issued it, date of issue;
4.6.3. residence address;
4.6.4. contact number;
4.6.5. taxpayer identification number.
4.7. As part of the licensing activities in the field of communications, the following personal data of applicants may be processed:
4.7.1. surname, name, patronymic (the last one, if available);
4.7.2. type, series, number of the identity document;
4.7.3. residence address;
4.7.4. contact phone number and, if available, email address.
4.8. As part of the formation of the FSIS register, the following personal data of applicants are processed:
4.8.1. surname, name, patronymic (the last one, if available);
4.8.2. the name of the position held;
4.8.3. contact phone number, email address.
4.9. As part of the activities to protect the rights of subjects of personal data, the processing of the following personal data of applicants is carried out:
4.9.1. surname, name, patronymic (the last one, if available);
4.9.2. type, series, number of the identity document, name of the authority that issued it, date of issue;
4.9.3. postal address of the place of residence;
4.9.4. E-mail address;
4.9.5. phone number;
4.9.6. taxpayer identification number;
4.9.7. information about work activity and details of the work book;
4.9.8. information about education, including postgraduate professional education (name and year of graduation from the educational institution, name and details of the document on education, qualification, specialty according to the document on education).
4.10. The processing of personal data necessary in connection with the provision of public services and the performance of public functions specified in paragraph 4.1 of this Regulation is carried out without the consent of the subjects of personal data in accordance with paragraph 4 of part 1 of Article 6 of the Federal Law "On Personal Data", the Federal Laws "On organization of the provision of state and municipal services", "On the procedure for considering applications from citizens of the Russian Federation", "On licensing certain types of activities", the Law of the Russian Federation "On the mass media" and other regulatory legal acts that determine the provision of public services and the performance of state functions in the established sphere of competence of Roskomnadzor.
4.11. The processing of personal data necessary in connection with the provision of public services and the performance of public functions specified in paragraph 4.1 of this Regulation is carried out by structural units of the central office of Roskomnadzor that provide relevant public services and (or) perform public functions, and includes the following actions: collection , recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
4.12. Collection, recording, systematization, accumulation and clarification (updating, changing) of personal data of subjects who applied to the central office of Roskomnadzor to receive a public service or to perform a public function is carried out by:
4.12.1. obtaining the originals of the required documents (application);
4.12.2. certification of copies of documents;
4.12.3. entering information into accounting forms (on paper and electronic media);
4.12.4. entering personal data into the application software subsystems of the Unified Information System of Roskomnadzor.
4.13. Collection, recording, systematization, accumulation and clarification (updating, changing) of personal data is carried out by obtaining personal data directly from personal data subjects (applicants).
4.14. When providing a public service or performing a public function, the central office of Roskomnadzor is prohibited from requesting personal data from subjects and third parties, as well as processing personal data in cases not provided for by the legislation of the Russian Federation.
4.15. When collecting personal data, an authorized official of a structural subdivision of the central office of Roskomnadzor, who receives personal data directly from personal data subjects who have applied for the provision of a public service or in connection with the performance of a public function, is obliged to explain to the specified subjects of personal data the legal consequences of refusing to provide personal data.
4.16. Transfer (distribution, provision) and use of personal data of applicants (subjects of personal data) by the central office of Roskomnadzor is carried out only in cases and in the manner prescribed by federal laws.
V. The procedure for processing personal data of subjects
personal data in information systems
5.1. The processing of personal data in the central office of Roskomnadzor is carried out:
5.1.1. In the "Information system of personal data of Roskomnadzor";
5.1.2. At the automated workplaces certified for the processing of personal data that are part of the "Unified Information System of Roskomnadzor";
5.1.3. In the information system "1C: Enterprise 8";
5.1.4. At automated workplaces of employees of the personnel division of Roskomnadzor.
5.2. The "Roskomnadzor Personal Data Information System" (hereinafter - Roskomnadzor ISPD) contains personal data of civil servants of Roskomnadzor, subjects (applicants) who applied to Roskomnadzor in order to receive public services or in connection with the performance of public functions, and includes:
5.2.1. personal identifier;
5.2.2. surname, name, patronymic of the subject of personal data;
5.2.3. type of document proving the identity of the subject of personal data;
5.2.4. the series and number of the document proving the identity of the subject of personal data, information on the date of issue of the said document and the authority that issued it;
5.2.5. address of the place of residence of the subject of personal data;
5.2.6. postal address of the subject of personal data;
5.2.7. contact phone, fax (if available) of the subject of personal data;
5.2.8. e-mail address of the subject of personal data;
5.2.9. TIN of the subject of personal data.
5.3. Certified in accordance with the legislation of the Russian Federation for the processing of personal data, automated workstations that are part of the "Roskomnadzor Unified Information System" (hereinafter referred to as the ARM UIS of Roskomnadzor) include personal data of subjects received by employees of the central office of Roskomnadzor as part of the provision of public services and the execution of public features and include:
5.3.1. personal identifier;
5.3.2. address of the place of residence of the subject of personal data;
5.3.3. postal address of the subject of personal data;
5.3.4. phone number of the subject of personal data;
5.3.5. fax of the subject of personal data;
5.3.6. e-mail address of the subject of personal data.
5.4. The information system "1C: Enterprise 8" and the application software subsystems "AKSIOK" and "1C Accounting" contain personal data of civil servants of the central office of Roskomnadzor and individuals who are parties to civil law contracts concluded by the central office of Roskomnadzor, and includes:
5.4.1. surname, name, patronymic of the subject of personal data;
5.4.2. date of birth of the subject of personal data;
5.4.3. place of birth of the subject of personal data;
5.4.4. the series and number of the main document proving the identity of the subject of personal data, information about the date of issue of the said document and the authority that issued it;
5.4.5. address of the place of residence of the subject of personal data;
5.4.6. postal address of the subject of personal data;
5.4.7. phone number of the subject of personal data;
5.4.8. TIN of the subject of personal data;
5.4.9. personnel number of the subject of personal data;
5.4.10. position of the subject of personal data;
5.4.11. order number and date of employment (dismissal) of the subject of personal data.
5.5. Automated workplaces of employees of the personnel division of Roskomnadzor involve the processing of personal data of civil servants of Roskomnadzor, provided for in clause 2.2 of this Regulation.
5.6. Classification of personal data information systems specified in clause 5.1 of this Regulation is carried out in the manner established by the legislation of the Russian Federation.
5.7. Civil servants of structural divisions of the central office of Roskomnadzor, who have the right to process personal data in the information systems of the central office of Roskomnadzor, are provided with a unique login and password to access the relevant information system of Roskomnadzor. Access is provided to application software subsystems in accordance with the functions provided for by the job regulations of civil servants of Roskomnadzor.
Information can be entered both automatically, when receiving personal data from the Unified Portal of Public Services or the official website of Roskomnadzor, and manually, when receiving information on paper or in another form that does not allow its automatic registration.
5.8. Ensuring the security of personal data processed in the information systems of personal data of the central office of Roskomnadzor is achieved by eliminating unauthorized, including accidental, access to personal data, as well as taking the following security measures:
5.8.1. identification of threats to the security of personal data during their processing in information systems of personal data of the central office of Roskomnadzor;
5.8.2. application of organizational and technical measures to ensure the security of personal data during their processing in the information systems of personal data of the central office of Roskomnadzor, necessary to meet the requirements for the protection of personal data, the implementation of which ensures the levels of protection of personal data established by the Government of the Russian Federation;
5.8.3. application of procedures for assessing the conformity of information security tools that have passed in the prescribed manner;
5.8.4. assessment of the effectiveness of the measures taken to ensure the security of personal data prior to the commissioning of the personal data information system;
5.8.5. accounting of machine carriers of personal data;
5.8.6. detection of facts of unauthorized access to personal data and taking measures;
5.8.7. recovery of personal data, modified or deleted, destroyed due to unauthorized access to them;
5.8.8. establishing rules for access to personal data processed in the information systems of personal data of the central office of Roskomnadzor, as well as ensuring the registration and accounting of all actions performed with personal data in the information systems of personal data of the central office of Roskomnadzor;
5.8.9. control over the measures taken to ensure the security of personal data and the levels of security of personal data information systems.
5.9. The structural subdivision of Roskomnadzor, responsible for ensuring information security in the central office of Roskomnadzor, organizes and controls the accounting of material carriers of personal data.
5.10. The structural subdivision of the central office of Roskomnadzor, responsible for ensuring the security of personal data during their processing in the information systems of personal data of the central office of Roskomnadzor, must ensure:
5.10.1. timely detection of facts of unauthorized access to personal data and immediate communication of this information to the person responsible for organizing the processing of personal data in the central office of Roskomnadzor and the head of Roskomnadzor;
5.10.2. prevention of impact on technical means of automated processing of personal data, as a result of which their functioning may be disrupted;
5.10.3. the possibility of recovering personal data modified or destroyed due to unauthorized access to them;
5.10.4. constant monitoring of ensuring the level of protection of personal data;
5.10.5. knowledge of and compliance with the conditions for the use of information security tools provided for by operational and technical documentation;
5.10.6. accounting of the means of information protection used, operational and technical documentation for them, carriers of personal data;
5.10.7. upon detection of violations of the procedure for providing personal data, immediate suspension of the provision of personal data to users of the personal data information system until the causes of violations are identified and these causes are eliminated;
5.10.8. investigation and drawing up conclusions on the facts of non-compliance with the conditions of storage of material carriers of personal data, the use of information security tools that may lead to a violation of the confidentiality of personal data or other violations leading to a decrease in the level of protection of personal data, the development and adoption of measures to prevent possible dangerous consequences of such violations .
5.11. The structural subdivision of the central office of Roskomnadzor, responsible for ensuring the functioning of personal data information systems in the central office of Roskomnadzor, takes all necessary measures to restore personal data, modified or deleted, destroyed due to unauthorized access to them.
5.12. The exchange of personal data during their processing in the information systems of personal data of the central office of Roskomnadzor is carried out through communication channels, the protection of which is ensured through the implementation of appropriate organizational measures and through the use of software and hardware.
5.13. The access of civil servants of Roskomnadzor to personal data located in the information systems of personal data of the central office of Roskomnadzor provides for the mandatory passage of the identification and authentication procedure.
5.14. In case of violations of the procedure for processing personal data in the information systems of personal data of the central office of Roskomnadzor, authorized officials immediately take measures to establish the causes of violations and eliminate them.
VI. Processing of personal data within the framework
interdepartmental information interaction
using a unified system of interdepartmental
electronic interaction
6.1. Roskomnadzor, in accordance with the legislation of the Russian Federation, processes personal data within the framework of interdepartmental electronic information interaction in electronic form with federal government bodies using a unified system of interdepartmental electronic interaction (hereinafter - SMEV).
6.2. Roskomnadzor, within the framework of SMEV, on the basis of interdepartmental requests received, sends information, including personal data of subjects processed in the central office of Roskomnadzor, to the following federal executive authorities:
6.2.1. to the Federal Communications Agency - last name, first name, patronymic, taxpayer identification number of the owner of the license to carry out activities for the provision of communication services;
6.2.2. to the Ministry of Internal Affairs of the Russian Federation - the surname, name, patronymic, taxpayer identification number of the owner of the permit for the use of radio frequencies;
6.2.3. to the Federal Agency for Press and Mass Communications, the Federal Customs Service - the surname, name, patronymic of the founder of the mass media.
6.3. Roskomnadzor within the framework of SMEV has the right to send interdepartmental requests for information, including personal data of subjects, to the following federal executive authorities:
6.3.1. to the Federal Tax Service - on the provision of information from the Unified State Register of Legal Entities and the Unified State Register of Individual Entrepreneurs (information about the founders - individuals);
6.3.2. to the Federal Service for State Registration, Cadastre and Cartography - on the provision of information from the Unified State Register of Rights to Real Estate in relation to right holders (last name, first name, patronymic, date of birth, series and number of the main identity document, place of birth, address of residence, citizenship);
6.3.3. to the Ministry of the Russian Federation for Civil Defense, Emergency Situations and Elimination of Consequences of Natural Disasters - on providing the surname, name, patronymic of the shipowner.
6.4. The processing of personal data is also carried out by Roskomnadzor in the implementation of electronic interaction with the federal state unitary enterprises of the radio frequency service subordinate to Roskomnadzor within the framework of the powers provided for by the legislation of the Russian Federation.
VII. Terms of processing and storage of personal data
7.1. The terms for processing and storing personal data of civil servants of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor, persons filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as citizens applying for filling positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, are determined in in accordance with the legislation of the Russian Federation. Taking into account the provisions of the legislation of the Russian Federation, the following terms for processing and storing personal data of civil servants are established:
7.1.1. Personal data contained in orders for the personnel of Roskomnadzor civil servants (on admission, on transfer, on dismissal, on the establishment of allowances) are subject to storage in the personnel division of Roskomnadzor for two years, with the subsequent formation and transfer of these documents to the archive of the central office of Roskomnadzor or the state archive in the manner prescribed by the legislation of the Russian Federation, where they are stored for 75 years.
7.1.2. Personal data contained in the personal files of civil servants of Roskomnadzor (copies of personal files of heads of territorial bodies of Roskomnadzor) and heads of federal state unitary enterprises subordinate to Roskomnadzor, as well as personal cards of civil servants of Roskomnadzor, are stored in the personnel division of Roskomnadzor for ten years, with subsequent formation and transfer of the specified documents to the archive of the central office of Roskomnadzor or the state archive in the manner prescribed by the legislation of the Russian Federation, where they are stored for 75 years.
7.1.3. Personal data contained in orders for incentives, material assistance to civil servants of Roskomnadzor are subject to storage for two years in the personnel division of Roskomnadzor with the subsequent formation and transfer of these documents to the archive of the central office of Roskomnadzor or the state archive in the manner prescribed by the legislation of the Russian Federation, where they are stored for 75 years.
7.1.4. Personal data contained in orders for granting vacations, short-term domestic and foreign business trips, and disciplinary sanctions against civil servants of Roskomnadzor are subject to storage in the personnel division of Roskomnadzor for five years with subsequent destruction.
7.1.5. Personal data contained in the documents of applicants for a vacant civil service position in the central office of Roskomnadzor who were not allowed to participate in the competition, and candidates who participated in the competition, are stored in the personnel department of Roskomnadzor for 3 years from the date of completion of the competition, after which they are subject to destruction .
7.2. The terms for processing and storing personal data provided by personal data subjects to the central office of Roskomnadzor in connection with the receipt of public services and the performance of public functions specified in paragraph 4.1 of this Regulation are determined by regulatory legal acts regulating the procedure for their collection and processing.
7.3. Personal data of citizens who applied to the central office of Roskomnadzor in person, as well as those who sent individual or collective written applications or applications in the form of an electronic document, are stored for five years.
7.4. Personal data provided by subjects on paper in connection with the provision of public services by the central office of Roskomnadzor and the performance of government functions are stored on paper in the structural divisions of the central office of Roskomnadzor, whose powers include the processing of personal data in connection with the provision of a public service or the performance of a public function , in accordance with the approved regulations on the relevant structural divisions of the central office of Roskomnadzor.
7.5. Personal data during their processing carried out without the use of automation tools should be separated from other information, in particular by fixing them on different material carriers of personal data, in special sections or on the fields of forms (forms).
7.6. It is necessary to ensure the separate storage of personal data on different material media, the processing of which is carried out for various purposes defined by this Regulation.
7.7. Control over the storage and use of physical media of personal data, which does not allow unauthorized use, clarification, distribution and destruction of personal data located on these media, is carried out by the heads of structural divisions of the central office of Roskomnadzor.
7.8. The period of storage of personal data entered into the personal data information systems of Roskomnadzor specified in clause 5.1 of this Regulation must correspond to the period of storage of paper originals.
VIII. The procedure for the destruction of personal data
when the purposes of processing are achieved or when
other legal grounds
8.1. The structural subdivision of the central office of Roskomnadzor, responsible for document circulation and archiving, systematically controls and allocates documents containing personal data with expired storage periods and subject to destruction.
8.2. The issue of the destruction of selected documents containing personal data is considered at a meeting of the Central Expert Commission of Roskomnadzor (hereinafter referred to as the CEC of Roskomnadzor), the composition of which is approved by order of Roskomnadzor.
Based on the results of the meeting, a protocol and an Act on the allocation of documents for destruction, an inventory of the destroyed cases are drawn up, their completeness is checked, the act is signed by the chairman and members of the CEC of Roskomnadzor and approved by the head of Roskomnadzor.
8.3. The central office of Roskomnadzor, in accordance with the procedure established by the legislation of the Russian Federation, determines a contracting organization that has the necessary production base to ensure the established procedure for the destruction of documents. An official of the central office of Roskomnadzor responsible for archival activities accompanies documents containing personal data to the contractor's production base and is present during the procedure for destroying documents (burning or chemical destruction).
8.4. Upon completion of the destruction procedure, the contractor and the official of the central office of Roskomnadzor responsible for archival activities draw up an appropriate Act on the destruction of documents containing personal data.
8.5. Destruction at the end of the processing period of personal data on electronic media is carried out by mechanically violating the integrity of the media, which does not allow reading or restoring personal data, or by deleting from electronic media by methods and means of guaranteed removal of residual information.
IX. Consideration of requests from personal data subjects
or their representatives
9.1. Civil servants of Roskomnadzor, citizens applying for positions in the civil service of Roskomnadzor and who have submitted documents for participation in the competition, persons filling positions of heads of directors of federal state unitary enterprises subordinate to Roskomnadzor, citizens applying for positions of heads of federal state unitary enterprises subordinate to Roskomnadzor, civil servants of the central office and territorial bodies of Roskomnadzor and persons related to them (property) who applied for a one-time subsidy for the purchase of housing, as well as citizens whose personal data is processed in the central office of Roskomnadzor in connection with the provision of public services and the implementation public functions, have the right to receive information regarding the processing of their personal data, including information containing:
9.1.1. confirmation of the fact of personal data processing in the central office of Roskomnadzor;
9.1.2. legal grounds and purposes of personal data processing;
9.1.3. methods of processing personal data used in the central office of Roskomnadzor;
9.1.4. the name and location of the central office of Roskomnadzor, information about persons (with the exception of civil servants of the central office of Roskomnadzor) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the central office of Roskomnadzor or on the basis of federal law;
9.1.5. processed personal data relating to the relevant subject of personal data, the source of their receipt, unless a different procedure for the submission of such data is provided by federal law;
9.1.6. terms of personal data processing, including the terms of their storage in the central office of Roskomnadzor;
9.1.7. the procedure for the exercise by the subject of personal data of the rights provided for by the legislation of the Russian Federation in the field of personal data;
9.1.8. information about the completed or proposed cross-border data transfer;
9.1.9. the name of the organization or the surname, name, patronymic and address of the person processing personal data on behalf of the central office of Roskomnadzor, if the processing is or will be entrusted to such an organization or person;
9.1.10. other information provided for by the legislation of the Russian Federation in the field of personal data.
9.2. The persons specified in paragraph 9.1 of this Regulation (hereinafter referred to as personal data subjects) have the right to demand from the central office of Roskomnadzor the clarification of their personal data, their blocking or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take legal measures to protect their rights.
9.3. The information specified in subparagraphs 9.1.1 - 9.1.10 of paragraph 9.1 of this Regulation must be provided to the subject of personal data by the operator in an accessible form, and they should not contain personal data related to other subjects of personal data, unless there are legitimate grounds for disclosing such personal data.
9.4. The information specified in subparagraphs 9.1.1 - 9.1.10 of paragraph 9.1 of this Regulation is provided to the subject of personal data or his representative by an authorized official of the structural unit of the central office of Roskomnadzor that processes the relevant personal data when applying or upon receipt of a request from the subject of personal data or his representative . The request must contain:
9.4.1. number of the main document proving the identity of the subject of personal data or his representative, information on the date of issue of the said document and the authority that issued it;
9.4.2. information confirming the participation of the subject of personal data in legal relations with the central office of Roskomnadzor by the operator (a document confirming the acceptance of documents for participation in the competition for filling vacancies in the civil service, the provision of public services by the central office of Roskomnadzor or the exercise of a state function), or information otherwise confirming the fact of processing personal data in the central office of Roskomnadzor, the signature of the personal data subject or his representative. The request can be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
9.5. If the information specified in sub-clauses 9.1.1 - 9.1.10 of clause 9.1 of these Regulations, as well as the personal data being processed were provided for review to the subject of personal data at his request, the subject of personal data has the right to apply again to the central office of Roskomnadzor or send a second request for the purpose of obtaining the specified information and familiarization with such personal data no earlier than thirty days after the initial request or sending the initial request, unless a shorter period is established by federal law, a regulatory legal act adopted in accordance with it or an agreement to which a party or beneficiary or the guarantor for which the subject of personal data is.
9.6. The subject of personal data has the right to apply again to the central office of Roskomnadzor or send a second request in order to obtain the information specified in subparagraphs 9.1.1 - 9.1.10 of paragraph 9.1 of these Regulations, as well as in order to familiarize themselves with the processed personal data before the expiration of the period specified in paragraph 9.5 of this Regulation, if such information and (or) processed personal data were not provided to him for review in full based on the results of consideration of the initial request. A repeated request, along with the information specified in paragraph 9.4 of this Regulation, must contain the rationale for sending a repeated request.
9.7. The central office of Roskomnadzor (an authorized official of the central office of Roskomnadzor) has the right to refuse the subject of personal data to fulfill a repeated request that does not meet the conditions provided for in clauses 9.5 and 9.6 of these Regulations. Such refusal must be motivated.
9.8. The right of the subject of personal data to access his personal data may be limited in accordance with federal laws, including if the access of the subject of personal data to his personal data violates the rights and legitimate interests of third parties.
X. Person responsible for organizing the processing
personal data in the central office of Roskomnadzor
10.1. The person responsible for organizing the processing of personal data in the central office of Roskomnadzor (hereinafter - the person responsible for the processing of personal data in Roskomnadzor) is appointed by the head of Roskomnadzor from among civil servants belonging to the highest and (or) main group of positions of the category "heads" of the central office of Roskomnadzor in accordance with the distribution responsibilities.
10.2. The person responsible for the processing of personal data of Roskomnadzor in his work is guided by the legislation of the Russian Federation in the field of personal data and this Regulation.
10.3. The person responsible for the processing of personal data of Roskomnadzor is obliged to:
10.3.1. organize the adoption of legal, organizational and technical measures to ensure the protection of personal data processed in the central office of Roskomnadzor from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data;
10.3.2. exercise internal control over compliance by civil servants of the central office of Roskomnadzor with the requirements of the legislation of the Russian Federation in the field of personal data, including the requirements for the protection of personal data;
10.3.3. bring to the attention of civil servants of the central office of Roskomnadzor the provisions of the legislation of the Russian Federation in the field of personal data, local acts on the processing of personal data, requirements for the protection of personal data;
10.3.4. organize the reception and processing of applications and requests from personal data subjects or their representatives, as well as to monitor the receipt and processing of such applications and requests in the central office of Roskomnadzor;
10.3.5. in the event of a violation in the central office of Roskomnadzor of the requirements for the protection of personal data, take the necessary measures to restore the violated rights of personal data subjects.
10.4. The person responsible for the processing of personal data has the right to:
10.4.1. have access to information regarding the processing of personal data in the central office of Roskomnadzor and including:
10.4.1.1. the purposes of processing personal data;
10.4.1.4. legal grounds for the processing of personal data;
10.4.1.5. a list of actions with personal data, a general description of the methods of processing personal data used in the central office of Roskomnadzor;
10.4.1.6. a description of the measures provided for by Articles 18.1 and 19 of the Federal Law "On Personal Data", including information on the availability of encryption (cryptographic) means and the names of these means;
10.4.1.7. date of commencement of personal data processing;
10.4.1.8. the term or conditions for terminating the processing of personal data;
10.4.1.9. information about the presence or absence of cross-border transfer of personal data in the process of their processing;
10.4.1.10. information on ensuring the security of personal data in accordance with the requirements for the protection of personal data established by the Government of the Russian Federation;
10.4.2. involve in the implementation of measures aimed at ensuring the security of personal data processed in the central office of Roskomnadzor, other civil servants of the central office of Roskomnadzor with the assignment of appropriate duties and responsibility to them.
10.5. The person responsible for the processing of personal data in the central office of Roskomnadzor is responsible for the proper performance of the assigned functions for organizing the processing of personal data in the central office of Roskomnadzor in accordance with the provisions of the legislation of the Russian Federation in the field of personal data.
Publication time: 02/06/2018 16:03
Last modified: 02/06/2018 16:05
The regulation on the personal data of employees is an internal local act of the organization, the presence of which is the focus of inspections conducted by Roskomnadzor. Therefore, many companies are puzzled by the question of how to develop a regulation on the protection of personal data (2019), if they did not have such a document before. In the article we will tell you what you need to pay special attention to when developing it in order to prevent violations of the law.
If I break the law
Employers massively began to receive letters from Roskomnadzor with a warning that, during an inspection, companies could receive serious fines for violating the norms of law No. 152-FZ of July 27, 2006 (hereinafter referred to as the Law). According to it, the employer is obliged to guarantee the protection of such information from illegal access and use by third parties. The regulation on working with personal data of employees helps to solve these problems.
On February 23, 2019, Government Decree No. 146 of February 13, 2019 came into force, which approved the Rules for organizing and exercising state control and supervision over the processing of personal data. According to the document, scheduled inspections will be carried out every 2-3 years, and the list of companies subject to control can be seen in advance on the Roskomnadzor website. As in the case of other types of control, the inspectors will have to warn about the planned visit. If it is a scheduled inspection, then they must notify about it 3 working days in advance, and if it is an unscheduled one, 24 hours in advance.
Violation of the Law provides for disciplinary, material, administrative and criminal liability. Supervisory authorities may bring to administrative responsibility under Art. 13.11 and 13.14 of the Code of Administrative Offenses, the fines are:
- for officials: from 500 to 1000 rubles;
- for an organization: from 5,000 to 10,000 rubles;
- for officials, in connection with the performance of official or professional duties: from 4,000 to 5,000 rubles.
The most common violations, according to inspectors, are the processing of personal data without the consent of their owner or with violations, failure to comply with the requirement to destroy personal information, and violation of the storage conditions for such information.
What is personal data
This is any information that an employer needs when establishing an employment relationship that concerns an employee. For example, last name, first name, patronymic, date and place of birth, place of residence, etc.
Examples of documents that include personal data include:
- employee card containing full name persons, information about the composition of the family, education;
- work book with experience from previous jobs;
- diplomas, certificates of education;
- labor contract.
It is forbidden to receive and process data that is not directly related to work activity. For example, information about religion, nationality, political affiliation. This information is obtained exclusively from the employees themselves. These conditions should be included in the regulation on the processing and protection of personal data. Employers are obliged to notify the employee and obtain from him a written consent to the processing, storage, use and distribution of his data.
Store Data Properly
Personal data of employees is contained in their personal cards and personal files. The legislation obliges each specific enterprise to develop rules for the use and storage of data about its employees.
The regulation on the protection of personal data can be either a separate document or a section included in the current Internal Labor Regulations.
To maintain the confidentiality of information about people working in the organization, a list of officials who have access to it is compiled. The order appoints a person responsible for the collection, storage and processing of confidential data. Employees, managers, the general director of the enterprise sign a non-disclosure agreement.
Information about the personal data of employees in the enterprise can be stored both in paper and in electronic form. Nowadays, such information is most often stored in a mixed way.
Sample regulation on personal data of employees (2019) and its development
At the first stage of development, it is necessary to determine what data is used in the company, how it is received, stored, processed.
To draw up organizational documents, general rules are used: the name of the organization, the date and number of the document are indicated in the title, and the stamp of approval is placed in the upper right corner.
The position includes the following information:
- goals and objectives of the enterprise when working with confidential data;
- lists of such data;
- description of data operations that are often used in the enterprise;
- ways to access data;
- lists and duties of the company's personnel when using information;
- the rights of company employees to access information;
- responsibility of employees of the enterprise for disclosure of information.
The position is approved by the order of the head of the company. A sample provision on the processing of personal data of employees should be available to all employees for review. They should put their signature on a sheet or journal of acquaintance, which, as a rule, starts the personnel department of the employer. The journal is a list of company employees, where everyone signs after reading this local act.
16 Sep 2012 16:11
Employee's personal data- this is information relating to a particular person, which is necessary for the employer in connection with the employment relationship. The legislation provides for a number of obligations for the receipt, storage, transfer and protection of personal data of employees. In this case, the employer should be guided not only by the provisions of the Labor Code of the Russian Federation and federal laws, but also by a local act, which should be in every organization. In the article we will tell you how to develop a Regulation on personal data, what to include in it and what else to pay attention to.
In accordance with Art. 3 of the Federal Law of July 27, 2006 N 152-FZ "On Personal Data" personal data - any information related to directly or indirectly determined or determined. In addition to data such as last name, first name, patronymic, age, education, place of residence, marital status, nationality, personal data may include religious and political beliefs, sexual orientation, etc. With regard to the scope of labor relations, only the information that is necessary for the employer in connection with labor relations is considered personal data of an employee. This is, first of all, information about education, specialty, qualifications, health status (for engaging in certain types of activities), the presence of children, income (for filling civil service positions). That is, the employer does not have the right to request information from the employee, for example, about his religion or nationality. And when in some organizations interviews with applicants ask such questions, the right to privacy is violated.
By virtue of Art. 85 of the Labor Code of the Russian Federation, the employer processes the personal data of employees, which includes actions for receiving, storing, transferring or otherwise using them. In addition, the employer must ensure their protection from misuse, loss in the manner prescribed by the Labor Code of the Russian Federation and other federal laws (clause 7, article 86 of the Labor Code of the Russian Federation), at their own expense.
The storage and processing of personal data, as a rule, is carried out simultaneously using an electronic storage system and on paper.
What data in a particular organization is subject to storage and processing as personal, who has access to such data, how it is protected from unauthorized access - all this is stated in the regulation on personal data (hereinafter referred to as the Regulation), which should be developed in each organization .
Note. For state institutions, provisions are developed by regulatory legal acts. Thus, the Regulation on the personal data of a state civil servant of the Russian Federation and the conduct of his personal file was approved by Decree of the President of the Russian Federation of May 30, 2005 N 609.
Procedure for approval of the Regulations
If the organization has a trade union, the Regulation is approved taking into account its opinion in the manner determined by Art. 372 of the Labor Code of the Russian Federation (if this requirement is established or by agreement): the employer sends the draft regulation to the elected body of the primary trade union organization, which, no later than five working days from the date of its receipt, sends the employer a reasoned opinion on the draft in writing. If it does not contain agreement with the draft regulation or contains proposals for its improvement, the employer may agree with this or is obliged to conduct additional consultations with the elected body within three days after receiving such an opinion in order to reach a mutually acceptable solution. If agreement is not reached, a protocol of disagreements is drawn up, after which the employer has the right to accept the Regulation, but it can be appealed by the elected body of the primary trade union organization to the state labor inspectorate or to the court. The trade union also has the right to start the procedure of a collective labor dispute.
If there is no trade union in the organization, but there is another representative body of workers, the Regulation must be agreed with this body. If there is neither one nor the other, the employer approves the provision on his own, observing the approval procedure established by the local regulatory act of the organization. As a rule, the adopted local act is agreed with the head of the personnel department, chief accountant, lawyer or other employees. The regulation is enforced by the order of the employer.
Here is an example of such an order.
Limited Liability Company
"SATURN"
Order N 203
on approval of the Regulation on personal data
employees of LLC "SATURN"
In pursuance of Ch. 14 of the Labor Code of the Russian Federation, Federal Law of July 27, 2006 N 152-FZ "On Personal Data", other applicable regulatory legal acts, as well as in order to bring the local regulations of SATURN LLC into line with the current legislation of the Russian Federation
I ORDER:
1. To enter into force on June 26, 2012 Regulations on the personal data of employees of SATURN LLC (hereinafter referred to as the Regulations).
2. HR manager Kukina L.A. until 29.06.2012 to bring the Regulations to the attention of all employees of the organization against signature.
3. Until 06/27/2012, request from the employees who process personal data listed in the Regulations a non-disclosure obligation of the employees of SATURN LLC (in the form of Appendix No. 1 to the Regulations).
4. The place of storage of the Regulations is to determine the office of the personnel department of the organization.
5. I leave control over the execution of this order to the Deputy General Director - HR Director Maksimova N.V.
General Director Korolev /V.V. Korolev/
Familiarized with the order:
HR Manager Kukina /L.A. Kukina/
HR Director Maksimova /N.V. Maksimova/
Employees of the organization must be familiarized with the Regulation against signature, and newly hired persons should, by virtue of Art. 68 of the Labor Code of the Russian Federation to acquaint with the Regulation before signing an employment contract. As for the employees involved in the processing of personal data, it is not enough to familiarize them with the Regulations - they must give an obligation not to disclose personal data.
We recommend that when developing the Regulations, include the following information in it:
- information related to personal data, the procedure for obtaining them;
- a list of persons entitled to access personal data, their rights and obligations, the mode of access to such data;
- ways to protect personal data;
- the rights of the employee and the employer in the field of personal data processing;
- the procedure for familiarizing the employee with his personal data, obtaining copies of documents containing them;
- responsibility for violation of the rules on the processing of personal data.
Sample Regulation on personal data
Limited Liability Company "SATURN" (LLC "SATURN")
APPROVE
CEO
LLC "SATURN"
POSITION
on personal data of employees of SATURN LLC
1. General provisions.
1.1. The Regulation on personal data of employees of SATURN LLC (hereinafter referred to as the Regulation) was developed in accordance with the Labor Code of the Russian Federation, Federal Law No. 152-FZ of June 27, 2006 "On Personal Data" and other regulatory legal acts.
1.2. The Regulations determine the procedure for obtaining, systematizing, using, storing and transferring information constituting the personal data of employees of SATURN LLC (hereinafter referred to as the Company).
1.3. Personal data of an employee - any information related to a particular employee (subject of personal data) and required by the Company in connection with labor relations. Information about the personal data of employees is classified as confidential (constituting a legally protected secret of the Company).
1.4. When determining the scope and content of processed personal data, the employer must be guided by the Constitution of the Russian Federation, the Labor Code of the Russian Federation and other federal laws.
2. Receiving personal data.
2.1. The source of information about all personal data of an employee is directly the employee. If personal data can only be obtained from a third party, then the employee must be notified in writing in advance of this and written consent must be obtained from him. The employer is obliged to inform the employee about the purposes, alleged sources and methods of obtaining personal data, as well as the consequences of the employee's refusal to give written consent to receive them.
2.2. When applying for a job, the applicant fills out a questionnaire in which he indicates the following information about himself:
- FULL NAME.;
- floor;
- date of birth;
- marital status;
- the presence of children, their dates of birth;
- military duty;
- place of residence and contact phone number;
- education, specialty;
- work experience in the specialty;
- previous place(s) of work;
- the fact of passing advanced training courses;
- the presence of certificates, thanks.
2.3. The employer does not have the right to require the applicant to provide information about political and religious beliefs, about private life.
2.4. When concluding an employment contract, a person entering a job presents documents in accordance with Art. 65 of the Labor Code of the Russian Federation.
2.5. The employer has the right to verify the accuracy of the information provided by the employee. As necessary, the employer will demand from the employee additional information and documents confirming the accuracy of this information.
2.6. When registering an employee, personnel department employees fill out a unified form N T-2 "Employee's personal card" and form a personal file that is stored in the personnel department. Responsible for personal affairs Deputy General Director - Director of Human Resources.
2.7. The personal file of the employee consists of the following documents:
- labor contract;
- personal card form N T-2;
- a copy of the work book;
- characteristics, letters of recommendation;
- passport (copy);
- document on education (copy);
- military ID (copy);
- certificate of registration with the tax authority (TIN) (copy);
- pension certificate (copy);
- marriage certificate (copy);
- birth certificate of children (copy);
- a copy of the document on the right to benefits (certificate of an honorary donor, medical report on the recognition of a person as disabled, etc.);
- the results of a medical examination (in cases established by law);
- documents related to labor activity (employee's statements, attestation sheets, documents related to translation, additional agreements to the employment contract, copies of orders, etc.).
2.8. Documents received in a personal file are stored in chronological order.
3. Storage of personal data.
3.1. Personal files are stored in paper form in folders with a list of documents, numbered by pages. Personal files are located in the personnel department in a specially designated cabinet that provides protection from unauthorized access, and are arranged in alphabetical order.
3.2. Personal affairs are registered in the register of personal affairs, which is kept in electronic form and on paper.
3.3. After the dismissal of the employee, the relevant documents are entered into the personal file (the employee’s statement, the order to terminate the employment contract, etc.), the final inventory is drawn up and the personal file is transferred to the archive of the organization for storage.
3.4. In addition to personal files, the Human Resources Department of the Company creates and stores the following documents containing personal data of employees:
- work books;
- originals and copies of orders (instructions) for personnel;
- orders for personnel;
- materials of certification and advanced training of employees;
- materials of internal investigations (acts, reports, protocols, etc.);
- copies of reports sent to state statistical bodies, tax inspectorates, higher authorities and other institutions;
- other.
3.5. Employees' personal data is also stored electronically on the local computer network. Access to electronic databases containing personal data of employees is provided by a two-stage password system. Passwords are set by the Company's system administrator, then they are communicated individually to employees who have access to employees' personal data. Passwords are changed at least once every two months.
3.6. The office of the personnel department is equipped with a security system and a video surveillance camera.
3.7. The Deputy General Director - HR Director exercises general control over compliance by employees with measures to protect personal data, ensures that employees familiarize themselves with local regulations, including this Regulation, against signature, as well as demand non-disclosure obligations from employees.
4. Access to personal data.
4.1. Access to personal data of employees has:
- founders of the Company;
- CEO;
- Deputy General Director;
- financial director;
- director of personnel;
- Chief Accountant;
- lawyer;
- head of the security department;
- heads of structural divisions (only to the data of employees of their division);
- specialists of the HR and accounting department - to the data that they need to perform specific functions.
4.2. Access of specialists of other departments to personal data is carried out on the basis of a written permission of the General Director or Deputy General Director.
4.3. Copying and making extracts of personal data of employees is allowed only for official purposes and with the written permission of the HR Director.
5. Processing of personal data of employees.
5.1. The employer does not have the right to receive and process the employee's personal data about his race, nationality, political views, religious and philosophical beliefs, health status, intimate life (Part 1, Article 10 of Federal Law N 152-FZ). In cases directly related to issues of labor relations, in accordance with Art. 24 of the Constitution of the Russian Federation, an employer has the right to receive and process data on the private life of an employee only with his written consent.
5.2. The processing of personal data of employees by the employer is possible without their consent in cases where:
- personal data is publicly available;
- personal data relate to the state of health of the employee, their processing is necessary to protect his life, health or other vital interests of other persons and it is impossible to obtain the consent of the employee;
- the processing of personal data is necessary to establish or exercise the rights of their subject or third parties or in connection with the administration of justice;
- the processing of personal data is carried out in accordance with the legislation of the Russian Federation on defense, on security, on countering terrorism, on transport security, on combating corruption, on operational-investigative activities, on enforcement proceedings, with the criminal executive legislation of the Russian Federation;
- processing of personal data is carried out in accordance with the legislation on compulsory types of insurance, with insurance legislation;
- at the request of authorized state bodies - in cases provided for by federal law.
5.3. The processing of personal data may be carried out solely for the purpose of ensuring compliance with laws or other legal acts, assisting employees in employment, training and professional advancement, ensuring the personal safety of employees, controlling the quantity and quality of work performed and ensuring the safety of property.
5.4. When making decisions affecting the interests of the employee, the employer does not have the right to rely on personal data obtained about him solely as a result of their automated processing or electronic receipt.
5.5. The protection of the employee's personal data from their unlawful use, loss is provided by the employer at his expense in the manner prescribed by federal law.
5.6. Employees must be familiarized against receipt with the documents of the Company that establish the procedure for processing personal data, as well as their rights and obligations in this area.
5.7. In all cases, the employee's waiver of his rights to maintain and protect secrets is invalid.
5.8. Persons having access to personal data sign the Obligation on non-disclosure of personal data in the form of Appendix No. 1 to this Regulation.
6. Rights and obligations of an employee in the field of protection of his personal data.
6.1. The employee undertakes to provide personal data that is true.
6.2. The employee has the right to:
- complete information about their personal data and the processing of these data;
- free access to their personal data, including the right to receive copies of any record containing such data, except as otherwise provided by the legislation of the Russian Federation;
- identifying their representatives to protect their personal data;
- access to related medical data with the help of a medical specialist of their choice;
- the requirement to exclude or correct incorrect or incomplete personal data, as well as data processed in violation of legal requirements. If the employer refuses to exclude or correct the personal data of the employee, he has the right to declare in writing to the employer his disagreement with the appropriate justification for such disagreement. The employee has the right to supplement personal data of an estimated nature with a statement expressing his own point of view;
- the requirement for the employer to notify all persons who were previously informed of incorrect or incomplete personal data of the employee, of all exceptions, corrections or additions made to them;
- appeal to the court of any unlawful actions or inaction of the employer in the processing and protection of his personal data.
7. Transfer of personal data.
7.1. The employer is not entitled to communicate the personal data of the employee to a third party without the written consent of the employee, except when it is necessary to prevent a threat to the life and health of the employee, as well as in cases established by federal law (Appendix No. 2 to the Regulation).
7.2. Information relating to the personal data of an employee may be provided to state bodies in the manner prescribed by law.
7.3. If the person who made the request is not authorized to receive personal data or there is no written consent of the employee, the employer is obliged to refuse to provide personal data. The person who made the request is given a written notice of refusal to provide such data.
7.4. The employer must warn persons who have received the employee's personal data that these data can only be used for the purposes for which they are provided, and require these persons to confirm that this rule has been observed. Persons who have received the personal data of an employee are required to maintain secrecy (confidentiality). This Regulation does not apply to the exchange of personal data of employees in the manner prescribed by federal laws.
7.5. The transfer of personal data of employees within the Company is carried out in accordance with this Regulation.
7.6. When the employer transfers the employee's personal data to his legal, authorized representatives in the manner prescribed by the Labor Code of the Russian Federation, this information is limited only to those personal data that are necessary for the specified representatives to perform their functions.
8. Responsibility for violation of the rules governing the processing of personal data.
8.1. Disclosure of personal data of an employee of the Company, that is, transfer to unauthorized persons who do not have access to them; public disclosure; loss of documents and other media containing the employee's personal data; other violations of the obligations for their protection, processing and storage established by this Regulation, as well as other local regulations of the Company, by the person responsible for receiving, processing and protecting the employee's personal data - entail the imposition of a disciplinary sanction (reprimand, dismissal under paragraphs. "c" clause 6, part 1, article 81 of the Labor Code of the Russian Federation).
8.2. In the event of damage to the Company, an employee who has access to the personal data of employees and who has committed the specified disciplinary offense bears full liability in accordance with paragraph 7 of part 1 of Art. 243 of the Labor Code of the Russian Federation.
8.3. An employee of the Company who has access to the personal data of employees and who illegally used or disclosed this information without the consent of employees out of mercenary or other personal interest and thereby caused major damage, is criminally liable on the basis of Art. 188 of the Criminal Code of the Russian Federation.
8.4. The head of the Company for violation of the procedure for handling personal data bears administrative responsibility in accordance with Art. Art. 5.27 and 5.39 of the Code of Administrative Offenses of the Russian Federation, and also compensates the employee for damage caused by the unlawful use of information containing personal data about this employee.
Appendix N 1 to the Regulation on personal data
employees of LLC "SATURN"
Obligation of non-disclosure of personal data of employees
LLC "SATURN"
I, __________________________________________________________________________ I am familiar with the Regulations on personal data of employees of SATURN LLC. I undertake not to disclose the personal data of employees that become known to me in connection with the performance of official duties.
Employees have been warned about the responsibility for disclosing personal information.
Annex No. 2 to the Regulation on personal data
employees of LLC "SATURN"
to CEO
LLC "SATURN"
V.V. Queen
from ________________________,
registered at
_____________________________
the passport _____________________
Agreement
to the transfer of personal data to a third party
I, ________________________________________________________________________ pursuant to par. 1 hour 1 tbsp. 88 of the Labor Code of the Russian Federation, I give my consent to SATURN Limited Liability Company (SATURN LLC), located at ________________, to provide the following my personal data to the FIU:
- Full name, date of birth;
- number of the state pension insurance certificate;
- the amount of wages;
- the amount of accrued and paid insurance premiums.
This consent is valid for one year from the date of its receipt.
_______________ "__" ______________ ____ G.
Conclusion
It should be noted that documents that contain provisions on the processing and protection of personal data may become the object of verification by regulatory authorities, in particular employees of Roskomnadzor. Therefore, the employer should take a responsible approach to their development.
In conclusion, we will give some advice to employers on the execution of local documents regulating the work with personal data of employees:
1. When developing documents, it is necessary to indicate the specific norms of the law on the basis of which the employer processes personal data.
2. When asking an employee for consent to the processing of his personal data, in addition to the norm of the law, the purposes for which they are requested should be indicated.
3. In addition to the Regulations, in some cases it is necessary to issue orders from the employer. For example:
- on the identification of persons entitled to access to personal data;
- on the appointment of persons responsible for the protection of personal data;
- on the measures taken to ensure the security of personal data.
4. The Regulation establishes a clear and detailed list of information that is personal, as well as specific ways of processing personal data established by Art. 3 of Law N 152-FZ and applied in the organization (collection, systematization, storage, etc.).
5. Specify the periods for performing actions with personal data. For example, the employee's consent should indicate that he consents to the transfer of his data within one month (or one year, etc.).
6. When developing the Regulation, you can use the Decree of the Government of the Russian Federation of September 15, 2008 N 687 "On approval of the Regulation on the features of the processing of personal data carried out without the use of automation tools" and of November 17, 2007 N 781 "On approval of the Regulation on ensuring the security of personal data when they are processing in information systems of personal data".