How personal data will be protected – Business – Kommersant
[ad_1]
At the end of October, for example, Roskomnadzor signed an order “On approval of requirements for assessing the harm that may be caused to personal data subjects in case of violation of the law “On Personal Data””. It introduces three levels of harm: high, medium, and low. High, for example, includes biometrics, as well as personal data that characterizes the political views of citizens, health status or intimate life. Companies processing personal data of citizens must assess the level of harm that will be caused to a citizen in the event of a leak.
Roskomnadzor clarified to Kommersant that liability for failure to comply with the order has not been established, but in the event of a leak, the presence of an assessment of harm will be taken into account during the audit and “choosing an administrative penalty by the court.”
However, specialists in the protection of personal data from the order of Roskomnadzor “came in some surprise,” says Moscow Digital School teacher Oleg Blinov. The agency believes that the operator must assess the harm, and in the next paragraph, he himself assessed it in advance, “such a formalistic approach reduces attempts to protect the privacy of citizens to compliance with the form, not the content,” he explains. So far, all the changes on the part of the regulators are of an organizational nature, says Yaroslav Shitsle, head of IT & IP dispute resolution at the law firm Rustam Kurmaev and Partners.
[ad_2]
Source link