26 Oct 2016

Conference Overview: Russia: Boosting Economic Growth and Expanding Opportunities for Investment

On September 22, 2016 Mikhail Emelyannikov, an expert in the fields of Information Security, Personal Data Protection, Trade Secrets and State Control of Privacy, spoke at the American Chamber of Commerce in Russia (AmCham) conference. In his report, Mikhail spoke about the “On Personal Data” law, explaining the legal amendments introduced and dwelled on the difficulties that the trade secret owners and personal data operators might come across. Mr. Emelyannikov talked about the fact that many users of the Salesforce CRM system have found it very difficult to comply with the amendments to Federal Law No. 242. Luckily, the market now offers solutions developed specifically for that purpose. DFG152 is one of the solutions. It enables usage of foreign CRM systems (like Salesforce) in consideration of the new legal requirements.

It was the 16th AmCham conference in an annual series which the chamber dedicated to the issues of business development and investment. The topic of this year’s discussion was: “Russia: Boosting Economic Growth and Expanding Opportunities for Investment”. The event hosted 200 business executives, representatives of the state authorities, an expert community, and mass media. The conference was hosted at Four Seasons Hotel in Moscow.

The speakers included: Alexis Rodzianko (President and Chief Executive Officer, American Chamber of Commerce in Russia, Daniel Thorniley (President, DT-Global Business Consulting), Aleksandr Ivlev (Managing Partner, EY Russia), Andrey Shemetov (Vice-President, Head of the Global Markets Department, Sberbank CIB), Thomas Graham (Managing Director, Kissinger Associates, Inc.), Daniel Russell (President, General Director, US-Russia Business Council), Andrey Streltsov (Head of Department for Strategies, Business Development and Financial Markets, United Company RUSAL), Mikhail Emelyannikov (Managing Partner, Emelyannikov, Popova i Partnery), Vasiliy Osmakov (Deputy Minister of Industry and Trade of the Russian Federation), Maksim Smirnov (President, Arkonik Russia), and Maher Batruni (Chief Executive Officer, Wrigley Russia).

The main program of the conference focused on the prospects of economic growth in Russia, a discussion of the investment climate in the country, as well as on the ways to manage the consequences of sanctions. The representatives of the national and foreign business community also tackled the issues of personal data processing and information security.

The American Chamber of Commerce in Russia is a leading foreign association of the business community in the country. It represents the interests of about 500 companies involved in various economic fields in the USA, Russia, Europe, and Asia.

DFG152 has been certified by FSTEC Russia

DFG152 is now licensed by FSTEC (Russia's Federal Service for Technology and Export Control)

MASTERDATA Company is proud to announce successful completion of the certification process for the DFG152 software and obtaining a FSTEC Certificate. This certificate №3766 was issued June 30, 2017 on the results of successfully passed certification tests conducted by the testing laboratory Echelon NPO CJSC.

The certificate states that DFG152 solution developed by the MASTERDATA Company in accordance with the specifications RU.81363339.501410.001 TU meets the requirements of the document entitled «Protection against unauthorized access to information Part 1. Software protection information. Classification by the level of control of absence undeclared -bath options» by the security level of 4 when implementing the operating instructions.

Successful certification by FSTEC is an indicator of reliability of the DFG152 software and gives the opportunity to actively work with confidential information and personal data.

More
LinkedIn May Be Blocked in Russia

Moscow’s Tagansky district court granted the petition to Roskomnadzor, but this decision has not yet entered into force. LinkedIn appeal to the Moscow City Court, which meeting will be held on 10 November.

Roskomnadzor intends to limit access to the largest business social network LinkedIn as reported by "Kommersant".

Office believes that LinkedIn is breaking the law "On Personal Data" as it did not move their servers to Russia, and also collects and transmits information about citizens who are not users of the network, without their consent. It is reported that the law violations were identified during the inspection, which began due to the publications in the media about the repeated leaks of user information from this social network.

According to Roskomnadzor, the agency has twice sent requests for information on the network’s compliance with the personal data law to LinkedIn. Roskomnadzor has not received any essential answer.

LinkedIn is the largest business networking and job search site. In 2015 the site exceeded 400 million registered users. Of those, 5 million were from Russia.

Source of the article: http://kommersant.ru/doc/3126052

More
2016 Collection Law Changes

After many years of discussions, disputes and amendments, Federal Law No. 230-FZ on debt collectors entitled “On Protection of Rights and Legal Interests of Individuals in Conducting Activities on Returning Overdue Debt and on Amending the Federal Law On Microfinance Activities and Microfinance Organizations” was finally adopted on July 3, 2016. The mass media would then refer to it as the “anti-collector” law.

The main purpose of that legal document is to protect the rights of borrowers and to have the relationship between debt collectors and debtors governed by legal standards.

Apart from the limitations introduced with respect to the time and number of contacts with the debtor, it is now officially prohibited to provide personal data or any other information about the borrower to third parties.

As previously communicated by Roskomnadzor, credit organizations and debt collecting agencies have become leaders in the number of registered complaints from citizens in association with breaches in the processing of their personal data. In 2015, Roskomnadzor received many complaints with respect to the actions of the credit organizations related to the transfer of personal data without the debtors’ consent.

Mikhail Emelyannikov, an expert in the field of Information and Business Security, comments in his blog on what changes the new law will bring about, what awaits the borrowers, lenders and collection agencies, as well as on the bans and limitations established for the lenders and borrowers.”

Source of the article: http://emeliyannikov.blogspot.ru/2016/10/1.html

More
The Right Way to Protect Personal Data

Law No. 152-FZ On Personal Data, which was adopted 10 years ago, was primarily intended to ensure the protection of the citizens’ rights and freedoms, such as the right to privacy and family. Olga Korotkova, Deputy Head of the Department of the Federal Supervision Agency for Information Technologies and Communications for the Central Federal District has explained the key provisions of the law on the website of the Prefecture of the Eastern Administrative District of Moscow.

In her interview, the official has described the current aims of the agency authorized to protect the rights of personal data owners.

We have asked Mikhail Emelyannikov, the lead expert on Information Security and the Managing Partner at Emelyannikov, Popova and Partnery Consulting Agency, to comment on the recently issued article.

You can see the key issues from the interview with Olga Aleksandrovna below.

What is “personal data”?

In international practice, this notion was defined at the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (ETS No. 108) dated January 28, 1981. The notion of “personal data” in the Russian Federation strongly complies with that definition and means any data that is directly or indirectly related to an individual belongs to the personal data owner.

Who are personal data operators?

Any state or municipal authorities, as well as individuals and legal entities who organize and conduct personal data processing and who determine the actions required for data processing, along with the composition of the data.

How does one legally become a personal data operator?

Prior to commencing data processing, the operator must inform the competent department on the protection of rights of personal data owners about their intention to conduct personal data processing according to Part 3, Article 22 of the Federal Law On Personal Data. The respective notice can be submitted either in paper format or electronically. The cases described in Part 2, Article 22 of Law No. 152-FZ represent exceptions.

Once the notice is submitted, the information about the operator is entered into the Registry of Personal Data Operators. The information contained in that Registry is available to the general public. Anyone can look through it on the Personal Data Portal of the Federal Supervision Agency for Information Technologies and Communications (Roskomnadzor) at http://pd.rkn.gov.ru. People often contact the Department of Roskomnadzor because they fail to find the organization to which they provide personal data in the Registry. And that causes concern about the safety of such personal data. Like I said before, the law outlines a number of exceptions that allow the operator to process personal data without notifying Roskomnadzor.

It is difficult to become a personal data operator?

According to Olga Korotkova, not so much. This implies no financial expenses. Moreover, a notice of personal data processing can be submitted electronically and Roskomnadzor has drafted recommendations on how to fill in the notice form. This information is available on the Personal Data Portal or on the website of any regional Roskomnadzor Department. Besides, the Department employees offer assistance in filling out the notice and provide explanations for any points of friction.

Are there operators who chose not to make themselves known, and if yes, why?

Olga Aleksandrovna reminds us that processing of data without proper notification in cases when no grounds exist listed in Part 2, Article 22 of the Federal Law On Personal Data is a breach. The activities of some organizations really do fall under these exceptions. But there are also some organizations that do not consider themselves personal data operators by mistake. Ms. Aleksandrovna provides an example from her own experience. An organization has indicated in their information letter that they use e-mail addresses and full names of their website users as protection against spam. This does not represent a legal basis for personal data processing without notification, which is why the Department requested a proper notice.

Some organizations also fail to submit notices in belief that this would save them from Roskomnadzor inspections. However, this is not true because the inspection schedule also includes the organizations that conduct operations that imply no grounds for personal data processing without notification. Moreover, the Department once in a while reminds the organizations about the legal requirements and requests that they provide the notice on personal data processing.

What trends are observed in filling of the Registry of Personal Data Operators?

Some organizations are terminating their activities, others are just starting. So the question of whether the Registry would be complete remains open. According to Ms. Aleksandrovna, taking responsibility for the personal data safety has become an important component in developing the image of a reliable organization. The regional Roskomnadzor Departments, in their turn, carry out awareness-raising and preventative activities in order to bring down the number of breaches in the field of personal data.

Detailed information on the procedure of inputting data into the Registry of Personal Data Operators is available on the Personal Data Portal of Roskomnadzor.

More