scholarly journals On Procedural Guidelines on the Procedure of Choosing the Organizational and Technical Measures for Personal Data Protection in Their Processing in Personal Data Information Systems

2020 ◽  
pp. 34-37
Author(s):  
Viktor Mikhailovich Bisiukov
Keyword(s):  
Information Systems ◽  
Data Protection ◽  
Personal Data ◽  
Security Measures ◽  
Federal Law ◽  
Security Systems ◽  
Personal Data Protection ◽  
Technical Measures

The urgency of the issue treated in this paper is determined by the fact that the federal law requires personal data operators to guarantee the safety of processed personal data by developing security systems based on a number of organizational and technical security measures, as well as their evaluation. When choosing the organisational and technical security measures, the problem of having to consider a large number of normative and procedural documents which regulate this process arises. The aim of this study is to develop the procedural guidelines for choosing and assessing the effectiveness of suggested organizational and technical security measures for data protection in personal data information systems.

QUANTITATIVE ASSESSMENT OF OPERATING CHARACTERISTICS OF PERSONAL DATA PROTECTION SYSTEMS IN MEDICAL INFORMATION SYSTEMS

2021 ◽  
pp. 92-102
Author(s):  
Владимир Павлович Гулов ◽  
Виктор Анатольевич Хвостов ◽  
Айжана Михайловна Каднова ◽  
Галина Владимировна Сыч
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Data Protection ◽  
Medical Information ◽  
Personal Data ◽  
Security System ◽  
Medical Information Systems ◽  
Personal Data Protection ◽  
Operational Characteristics ◽  
Protection Systems

На основе анализа практических аспектов защиты персональных данных при автоматизированной обработке в организациях здравоохранения определен круг проблем, касающихся потребительского качества систем защиты информации. Одной из главных проблем защиты персональных данных в медицинских информационных системах является обеспечение своевременной настройки систем защиты информации администратором в соответствии с установленной политикой в организации. При этом ключевой проблемой является формирование условий работы администратора обеспечивающих стопроцентную гарантию реакции администратора на поступление заявок по настройке систем защиты информации, управлению пользователями, правами доступа, парированию угроз различной природы. В условиях отсутствия в настоящее время методических подходов к оценке временных (вероятностных) параметров деятельности администратора безопасности медицинских информационных систем, известных как операционные характеристики систем защиты информации, обеспечить стопроцентное соответствие настроек систем защиты информации текущей политике проблематично. В статье предложен вероятностный показатель для оценки операционных характеристик систем защиты информации. Разработана методика его оценки на основе эксперимента по фиксации движения курсора мыши при выполнении основных действий администратором и распределения его внимания (тепловой карты) по элементам интерфейса системы защиты информации. Представлены результаты оценок операционных характеристик системы защиты информации «Страж NT 3.0», выполненные с использованием предложенной экспериментальной методики Based on the analysis of the practical aspects of personal data protection (PD) during automated processing in healthcare organizations, a range of problems related to the consumer quality of information protection systems (ISS) has been identified. One of the main problems of PD protection in medical information systems (MIS) is to ensure the timely configuration of the information security system by the administrator in accordance with the established policy in the organization. At the same time, the key problem is the formation of the administrator's working conditions that provide one hundred percent guarantee of the administrator's reaction to the receipt of requests for setting up the information security system, managing users, access rights, and countering threats of various nature. In the absence of methodological approaches to assessing the temporal (probabilistic) parameters of the MIS security administrator's activities, known as the operational characteristics of the ISS, it is problematic to ensure that the ISS settings are 100% consistent with the current policy. The article proposes a probabilistic indicator for assessing the operational characteristics of the information security system. A methodology for its assessment was developed on the basis of an experiment on fixing the movement of the mouse cursor when performing basic actions by the administrator and distributing his attention (heat map) among the elements of the information security interface. The results of evaluations of the operational characteristics of the SZI "Ctrazh NT 3.0" carried out using the proposed experimental method are presented

PRACTICE OF APPLICATION OF THE LAW “ON PERSONAL DATA” AND ITS PLACE IN THE PENAL SYSTEM

2020 ◽  
pp. 176-181
Author(s):  
Кирилл Викторович Косарев
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Penal System ◽  
Federal Law ◽  
Important Place ◽  
Personal Data Protection ◽  
Modern System ◽  
Russian Law ◽  
The Law

Закон «О персональных данных», принятый 27 июня 2006 г., является одним из важнейших в современной системе российского права. Данный закон призван регламентировать защиту персональных данных граждан и является неотъемлемой частью системы охраны частной жизни граждан. При этом закон содержит в себе некоторые спорные положения, которые не позволяют в полной мере достичь тех целей, которые возлагает на данный нормативный акт законодатель. Автором предпринята попытка выделения некоторых спорных положений данного закона и предложены пути по их устранению. При написании статьи автором проанализировано значительное количество судебных актов, которые и легли в основу данной статьи. Применение Федерального закона от 27.07.2006 № 152-ФЗ «О персональных данных» занимает важное место в деятельности учреждений и органов уголовно-исполнительной системы. Практически любой аспект деятельности в уголовно-исполнительной системе, так или иначе, связан с обработкой персональных данных, более того, учреждения уголовно-исполнительной системы становятся участниками судебных споров в сфере защиты персональных данных. The Law “On Personal Data” adopted on June 27, 2006 is one of the most important in the modern system of Russian law. This law is designed to regulate the protection of personal data of citizens and is an integral part of the system of protecting the privacy of citizens. At the same time, the law contains some controversial provisions that do not allow to fully achieve the goals that the legislator entrusts with this normative act. The author has attempted to highlight some controversial provisions of this law and suggest ways to address them. When writing the article, the author analyzed a significant number of judicial acts, which formed the basis of this article. It is worth noting that the application of the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” occupies an important place in the penal system. Almost any aspect of the activity in the penitentiary system is somehow related to the processing of personal data, moreover, as it will be indicated later in the article, the institutions of the penitentiary system become parties to judicial disputes in the field of personal data protection.

PROTECTION OF BIOMETRIC PERSONAL DATA IN MEDICAL INFORMATION SYSTEMS

2020 ◽  
Author(s):  
A Lozhkova
Keyword(s):  
Information Systems ◽  
Data Protection ◽  
Software Package ◽  
Medical Information ◽  
Personal Data ◽  
Legal Framework ◽  
Comprehensive Approach ◽  
Medical Information Systems ◽  
Personal Data Protection

The article discusses the development of personal data protection. Changes in the legal framework for the protection of personal data in healthcare institutions are analyzed. The necessity of applying a comprehensive approach to the issue of personal data protection is identified and justified, and a software package is proposed that will prevent the leakage of personal data.

scholarly journals Transposition of transnational requirements relating to the protection of personal data and the security of information communicated in a global space while taking into account the groundswell concept

2021 ◽  
Vol 129 ◽  
pp. 06005
Author(s):  
Adam Madleňák ◽  
Marek Švec
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Value Added ◽  
Legal Framework ◽  
Internal Communication ◽  
Secondary Response ◽  
Internal Environment ◽  
Security Measures ◽  
Personal Data Protection ◽  
Business Entities

Research background: The adoption of the GDPR Regulation prompted the introduction of a unified regulation on the protection of personal data and highlighted the need to implement security measures relating to information disseminated across businesses operating in several mainly European countries. In practice, the adopted internal standards at the group level are expected to be introduced to the internal environment of individual local subsidiaries. The need to take into account specificities of national legal systems, as well as a specific environment capable of creating a secondary response - a groundswell has also became important. The legal framework of privacy protection in relation to the confidentiality of information disclosed by employers thus represents a fundamental challenge for the interaction between global requirements and local legislation, taking into account the specific assumptions of the business entity concerned. Purpose of the article: The aim of the paper is to describe the range of problems and solutions regarding the process of introducing internal processes of business entities in terms of data security. Moreover, the paper also pays attention to personal data protection legislation. Methods: In an effort to achieve the set goal, the authors used analytical, inductive, deductive and comparative research methods in order to identify areas of problems in relation to intrusion into the privacy of individuals in the online environment and internal communication channels. By synthesising knowledge published in domestic and foreign literature it was possible to draw up the key terminology. Findings & Value added: The experience of the authors in setting up the internal environment of business entities with regard to the issues in question (personal data protection and security of information disclosed in connection with the decision-making power of national regulators) contributes to the knowledge in the given field.

scholarly journals Ustawowe podstawy działania archiwów niemieckich. Federalne i krajowe ustawy archiwalne

Archeion ◽  
2020 ◽  
pp. 182-214
Author(s):  
Paweł Gut
Keyword(s):  
French Revolution ◽  
Data Protection ◽  
Personal Data ◽  
Record Management ◽  
Federal Republic Of Germany ◽  
Political Systems ◽  
Federal Law ◽  
Personal Data Protection ◽  
Democratic State ◽  
Domestic Law

Statutory grounds for the activity of German archives. Federal and national laws on archives Laws on archives lay down the purposes and tasks of archives. Modern archival legislation began to develop as early as at the time of the French Revolution. According to Elanie Goh, the development of archives and the enactment of archival law was either revolutionary or evolutionary. The federal political system of Germany is also reflected in its law on archives, in the organisation of archives, in record management and in its archival fonds. This results, for example, from the variety of archive traditions and from the past political systems in Germany, which is why the country archival legislation relies on both enactment trends. Up until the 1980s, the issue of archival fonds and archives in the Federal Republic of Germany, a democratic state, was not regulated by laws on archives (Archivgesetze) but by other regulations instead, usually administrative orders. This changed due to personal data protection and confidentiality legislation. The first domestic law on archives was adopted by Baden-Württemberg in 1987, and the federal act (Bundesarchivgesetz) was signed in January 1988. By 1997, all the states received archival legislation, which was either amended or re-enacted over the next two decades. A new federal law on archives was announced in 2017. German laws on archives are concise documents that address the main aspects of archival fonds, record management (also for electronic records) and archive organisation. Being so laconic, the legislation does not require vast modifications during the creation of other laws that influence archives (for example, personal data protection laws).

Importance of Personal Data Protection Law for Commercial Air Transport

2017 ◽  
Vol 2017 (1) ◽  
pp. 35-44
Author(s):  
Dawid Zadura
Keyword(s):  
Data Protection ◽  
Public Information ◽  
Personal Data ◽  
Air Transport ◽  
Civil Aviation ◽  
Aviation Industry ◽  
Personal Data Protection ◽  
It Systems ◽  
Data Protection Law ◽  
The Law

Abstract In the review below the author presents a general overview of the selected contemporary legal issues related to the present growth of the aviation industry and the development of aviation technologies. The review is focused on the questions at the intersection of aviation law and personal data protection law. Massive processing of passenger data (Passenger Name Record, PNR) in IT systems is a daily activity for the contemporary aviation industry. Simultaneously, since the mid- 1990s we can observe the rapid growth of personal data protection law as a very new branch of the law. The importance of this new branch of the law for the aviation industry is however still questionable and unclear. This article includes the summary of the author’s own research conducted between 2011 and 2017, in particular his audits in LOT Polish Airlines (June 2011-April 2013) and Lublin Airport (July - September 2013) and the author’s analyses of public information shared by International Civil Aviation Organization (ICAO), International Air Transport Association (IATA), Association of European Airlines (AEA), Civil Aviation Authority (ULC) and (GIODO). The purpose of the author’s research was to determine the applicability of the implementation of technical and organizational measures established by personal data protection law in aviation industry entities.

Problems of establishment and development of the Institution of personal data protection in the Russian Federation: historical-legal aspect

2020 ◽  
pp. 28-35
Author(s):  
Yanis Arturovich Sekste ◽  
Anna Sergeevna Markevich
Keyword(s):  
Russian Federation ◽  
Data Protection ◽  
Information Technologies ◽  
Legal Aspect ◽  
Personal Data ◽  
Legal Regulation ◽  
Private Life ◽  
Russian Society ◽  
Personal Data Protection ◽  
The Russian Federation

The subject of this research is the problems emerging in the process of establishment and development of the Institution of personal data protection in the Russian Federation. Special attention is turned to the comparison of Soviet and Western models of protection of private life and personal data. The authors used interdisciplinary approach, as comprehensive and coherent understanding of socio-legal institution of personal data protection in the Russian Federation is only possible in inseparable connection with examination of peculiarities of the key historical stages in legal regulation of private life of the citizen. After dissolution of the Soviet political and legal system, the primary task of Russian law consisted in development and legal formalization of the institution of protection of human and civil rights and freedoms, first and foremost by means of restricting invasion of privacy by the state and enjoyment of personal freedom. It is concluded that the peculiarities of development of the new Russian political and legal model significantly impacted the formation of the institution of personal data protection in the Russian Federation. The authors believe that the Russian legislator and competent government branches are not always capable to manage the entire information flow of personal data; therefore, one of the priority tasks in modern Russian society is the permanent analysis and constant monitoring of the development of information technologies.

Sign in / Sign up

Export Citation Format

Share Document