Responsibility for the disclosure of personal data is administrative and criminal. Federal Law of the Russian Federation of July 27, 2006 No. 152-FZ "On Personal Data"

The Federal Law "On Personal Data" regulates relations related to the processing of personal data of subjects carried out by state authorities, local government bodies and other bodies, physical and legal entities, using automation tools or without them, if the operations correspond to the nature of the actions with their use. The purpose of the normative act is to ensure the protection of interests, freedoms and human rights, the inviolability of his private life and family secrets. Let us further consider what kinds of punishment the Federal Law "On Personal Data" provides.

General information

Article 24 152-FZ directly establishes possible types of punishments applicable to violators of established requirements. Sanctions are made in the presence of guilt of subjects. The norms establish civil, administrative responsibility for the disclosure of personal data, as well as punishment for the Criminal Code and the TC.

CAO

Responsibility for the disclosure of personal data is possible by several articles of the Code. Among them is worth noting the following:

1. 13.11 - Violation of the procedure for the collection, storage, dissemination or use of information received about citizens, established by the rules.
2. 13.12 - failure to comply with data protection rules.
3. 13.13 - illegal activities in the field of personal information protection.
4. 13.14 - disclosure of data with restricted access.

Punishment

Violation of the established procedure for the collection, storage, dissemination or use of personal information about citizens directly indicates the need to comply with the provisions of the federal normative act in question. In accordance with Art. 13.11 of the Code of Administrative Offenses, guilty persons face a warning or a fine. Its size is:

• For individuals - 300-500 rubles;
• For legal entities - 5-10 thousand rubles;
• For employees - 500-1000 rubles.

Violation of data protection rules

In Art. 13.12 The Code of Administrative Offenses specifies mandatory signs, in the presence of which there may be responsibility for the disclosure of personal data. These criteria determine the composition of misdemeanors falling under the specified norm. Such mandatory features include:

1. Failure to comply with or gross violation of the conditions established in the license to conduct activities in the field of information security, except for information that is a state secret. This condition indicates the mandatory receipt of permission to perform the relevant operations. If this document is not available, then there are no objective signs of violation. In case of violation or non-fulfillment of license conditions, a fine is provided. Its value is: for individuals - 300-500 rubles. For employees - 500-1000 rubles. For organizations - 5-10 thousand rubles.
2. The use of uncertified databases and information storage banks, information systems, means of protection, if the relevant procedures are provided for by law. The following penalty for disclosure of personal data is established: for citizens - 500 - 1000 rubles, for employees - 1-2 thousand rubles, for organizations - 10-20 thousand rubles. In addition, non-certified means of protection can be confiscated from physical and legal entities.

TC

In accordance with Article 85 of the Code, the personal data of the employee are information that is necessary for the employer in connection with the employment relationship, and relates directly to the specific employee. When a new employee is recruited, the head must inform him of the purpose for which he requests personal information and its nature. In addition, the employee is warned about the consequences of refusal to give consent (in writing) for the provision of information. At the same time, the employer is prohibited from receiving and processing information about his religious, political and other beliefs, membership in public organizations, trade union activities, and private life. Responsibility for the disclosure of personal data is primarily provided for the head of the enterprise. In addition, sanctions have been established for the responsible persons of the enterprise. In particular, they are employees who ensure the safety of information, in accordance with an employment contract or job description. To such workers, the employer may apply disciplinary sanctions determined by Article 192 of the LC. In particular, the following sanctions are established: dismissal, reprimand, observation. In addition, the head has the right to terminate unilaterally a labor contract with an employee who disseminated information protected by 152-FZ, which he became known by virtue of his performance of his duties.

GK

The Civil Code in 946 article provides for liability for violation by the subject of "insurance secrecy". In particular, it is normally found that the representative is afraid. An organization has no right to disseminate information received by it in the course of carrying out professional activities. This concerns information on the beneficiary, the insured person, including the health status of the said entities, as well as their property status. Responsibility for the disclosure of personal data occurs depending on the kind of rights that have been infringed, the nature of the violation. Punishment occurs in accordance with the rules in the manner and in the cases provided for in them, as well as in those situations and the extent to which the implementation of ways to protect the interests of a citizen derives from the essence of the intangible right to which the assault was committed and the nature of the consequences of the act. It should be noted that the practice of this rule is little known.

CC

The criminal liability for disclosure of personal data is defined in art. 137. In accordance with the norm, punishment is imposed for violation of the privacy of a citizen, expressed in the collection or dissemination of information constituting his family or individual secret, without his consent. Responsibility for the disclosure of personal data on Article 137 is also in the case of the disclosure of information in public speech, when demonstrating the work, as well as in the media. The guilty person is facing a pecuniary punishment up to 200 thousand rubles, imprisonment up to 2 years. If these acts were committed with the use of official position, the punishment will be toughened. Thus, imprisonment can be up to 4 years.

Explanations

According to the Constitution, everyone has the right to inviolability of his private life, family and personal secrets, protection of a good name and honor. It is not allowed to collect, store and disclose personal information without the consent of the citizen. This prohibition guarantees the private life of a person. It is understood as that sphere of vital activity, which concerns only a specific person and is not subject to control by society and the state, if it is lawful. The crime that falls under Article 137 of the Criminal Code is characterized from the objective side by active actions. It is expressed in the collection of information relating to the family, the personal secret of the person, without his permission, their dissemination without consent, as well as their public disclosure, that is, the disclosure of personal data to third parties.

Specificity of Acts

Distribution, within the meaning of Art. 137 of the Criminal Code, it is considered any unlawful or without the permission of a citizen to bring information to the attention of at least one subject. The method of disclosure does not affect the qualification. The dissemination of information in a public speech involves bringing information to an indefinitely large audience. Disclosure of information in the work being shown implies the inclusion of data in its content. Under the media understand the periodical publication of the printed type, video, television, radio, newsreels, etc. In those cases where responsibility is established by other articles of the Criminal Code, the crime is qualified according to a special rule, according to Art. 17, part 3 of the Code. For example, this is how the distribution of information about the secrecy of adoption is considered. If information is included in other data, also protected by law, then the disclosure of information is qualified by a set of rules. For example, the distribution of information on the preliminary investigation is examined under articles 137 and 310 of the Criminal Code.

Conclusion

Personal data refers to information protected by law. First of all, the protection is guaranteed by the Constitution in art. 23. This provision is specified in Federal Law No. 152. In particular, the details of the constitutional provision are implemented in Art. 24 of the normative act. It defines the types of liability to which a person who violates the confidentiality of personal data may be involved. The softest punishment is established by the Administrative Code and the TC. The perpetrator who disseminated information about the citizen will be disciplined or fined. Meanwhile, the victim has the right to file a civil claim. Disclosure of personal data is also punishable under the Criminal Code. In this case, depending on the nature of the violation, the perpetrator may even lose his freedom. Will not go unpunished and those who spread personal information, using official position. For them, the punishment will be toughened. With regard to protection in court, the norms provide for the right of a citizen to file an application for a private meeting. A claim may include a claim for moral damages, if, due to the dissemination of information, a citizen has experienced moral / physical suffering. The application is made in accordance with the requirements of the CCP. The plaintiff will have to provide evidence in support of his claims.