News
We draw parallels or how to protect personal data
20 07 2012
Each person has personal data and only he can decide how to dispose of it: provide it for processing, share it with others, or generally make it freely available on the Internet.
However, there are situations when, without providing your data, it is impossible to take advantage of legal privileges: get a loan, get a job, or enter an educational institution. In these or other cases, the natural person will be required to transfer his/her personal data, and the purpose of processing the provided information will be clearly indicated in the questionnaire submitted for filling.
So, for a natural person, the procedure for providing their personal data is clear. What actions must be taken by the legal entity that collects this personal data for processing? According to the Law of Ukraine «On Protection of Personal Data» any action with database of personal data in the information (automated) system and/or personal data card files requires its owner to build appropriate protection, but does not disclose its mechanisms.
Most often, a natural person has to provide data on his address, date and place of birth for processing, and this, together with the full name, is personal, confidential information about the natural person, established by Art. 11 of the Law of Ukraine «On Information».
Art. 4 Resolutions of the Cabinet of Ministers of Ukraine dated March 29, 2006 No. 373 « On the approval of the Rules for ensuring the protection of information in information, telecommunications and information and telecommunications systems" specifies that confidential information about a natural person is subject to protection.
It was determined that personal data is confidential information and the requirement to protect it is established by law. In the case of their processing in the information (automated) system, we must be guided by Art. 8 of the Law of Ukraine „On the protection of information in information- telecommunication systems“, which requires the system owner to build a comprehensive information protection system (KSZI).
We have approached the implementation of information protection. KSZI is an interconnected set of organizational and engineering-technical measures, means and methods of information protection. The construction of such systems is regulated by normative documents of technical information protection, in particular ND TZI 3.7-003-05 „Procedure of works on the creation of a comprehensive information protection system in the information and telecommunications system.“
Let’s consider the procedure for collecting, processing and protecting personal data on the example of a higher educational institution (HEI).
Today it is difficult to imagine the work of the admissions committee without the use of an automated system (For these purposes, the PIT Research Institute has developed JSC „Admissions Committee“ .
So,
To build a KSZI, we recommend contacting professionals in this area, because it is a very time-consuming process that requires deep knowledge in the field of technical information protection. The construction begins with the analysis of the system’s operating environment, the writing of the technical task, and ends with the state examination with the subsequent issuance of the Certificate of compliance KSZI with the requirements of the technical information protection.
PIT Research Institute is engaged in the construction of KSZI of any complexity. Our many years of experience make it possible to find an individual solution, taking into account all the wishes and needs of the customer.
However, there are situations when, without providing your data, it is impossible to take advantage of legal privileges: get a loan, get a job, or enter an educational institution. In these or other cases, the natural person will be required to transfer his/her personal data, and the purpose of processing the provided information will be clearly indicated in the questionnaire submitted for filling.
So, for a natural person, the procedure for providing their personal data is clear. What actions must be taken by the legal entity that collects this personal data for processing? According to the Law of Ukraine «On Protection of Personal Data» any action with database of personal data in the information (automated) system and/or personal data card files requires its owner to build appropriate protection, but does not disclose its mechanisms.
Most often, a natural person has to provide data on his address, date and place of birth for processing, and this, together with the full name, is personal, confidential information about the natural person, established by Art. 11 of the Law of Ukraine «On Information».
Art. 4 Resolutions of the Cabinet of Ministers of Ukraine dated March 29, 2006 No. 373 « On the approval of the Rules for ensuring the protection of information in information, telecommunications and information and telecommunications systems" specifies that confidential information about a natural person is subject to protection.
It was determined that personal data is confidential information and the requirement to protect it is established by law. In the case of their processing in the information (automated) system, we must be guided by Art. 8 of the Law of Ukraine „On the protection of information in information- telecommunication systems“, which requires the system owner to build a comprehensive information protection system (KSZI).
We have approached the implementation of information protection. KSZI is an interconnected set of organizational and engineering-technical measures, means and methods of information protection. The construction of such systems is regulated by normative documents of technical information protection, in particular ND TZI 3.7-003-05 „Procedure of works on the creation of a comprehensive information protection system in the information and telecommunications system.“
Let’s consider the procedure for collecting, processing and protecting personal data on the example of a higher educational institution (HEI).
Today it is difficult to imagine the work of the admissions committee without the use of an automated system (For these purposes, the PIT Research Institute has developed JSC „Admissions Committee“ .
So,
- When accepting an applicant, the operator of the admissions office must obtain consent for the processing of personal data.
- The owner of the personal data base (PSB) must clearly define the purpose of processing this data and approve the document „Procedure for processing personal data in the personal data base“ and register the base in the DSZPD.
- The owner of the information and telecommunications system (IT) must ensure proper protection of confidential information (in this case, personal data of applicants). Since the data is processed in an automated system, the construction of a KSZI is required.
To build a KSZI, we recommend contacting professionals in this area, because it is a very time-consuming process that requires deep knowledge in the field of technical information protection. The construction begins with the analysis of the system’s operating environment, the writing of the technical task, and ends with the state examination with the subsequent issuance of the Certificate of compliance KSZI with the requirements of the technical information protection.
PIT Research Institute is engaged in the construction of KSZI of any complexity. Our many years of experience make it possible to find an individual solution, taking into account all the wishes and needs of the customer.