Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
PROBLEM ISSUES
IN PERSONAL
DATA PROTECTION
AT T H E N AT I O N A L L E V E L
PREPARED BY THE RHRPA "BELARUSIAN HELSINKI COMMITTEE"
Use and protection of personal data becomes more and more relevant
issue because of development of informational technolog...
Population Register
Credit Register
Personal Record-Keeping
United State Delict Data Bank
Dactyloscopy Registration
Databa...
Main criteria for comparison of personal data databases
Whether the register
of users who enter
the data is kept
Whether t...
Population Register
Credit Register
Personal Record-Keeping
United State Delict Data Bank
Dactyloscopic Registration
Datab...
The data user is registered automatically or manually
The purposes for collecting and retaining data are too general and u...
ASCERTAINED FEATURES
The insured who make payments,are registered when they access data; but the remote data
access by the...
Credit Register
ASCERTAINED FEATURES
The data user is registered when the interested party files an application and with
th...
ASCERTAINED FEATURES
The data is retained for 25 years after it is excluded (due to falsity) or filed
(due to death or rest...
Mobile networks user database
ASCERTAINED FEATURES
The data is retained for not less than 5 years
Data cannot be deleted
Automated Information Data System "Raschet"
ASCERTAINED FEATURES
Data is retained for 3 years
Data cannot be deleted
United State Delict Database
ASCERTAINED FEATURES
The data user is registered by way of registration of the inquiry of an ...
ASCERTAINED FEATURES
The data user is registered by way of registration of the inquiry of an interested body
or an official...
Databases which retain it*
full name & patronimyc
identification number
sex
date of birth
birthplace
digital portrait photo...
Entities which enter it to these databases
full name & patronimyc
identification number
sex
date of birth
birthplace
digita...
There is no clear understanding
what personal data is
Personal data is retained
in several databases
Total registration
of...
Definitions stipulated by the laws on population register and on information,
informatization and information security,diff...
Personal data is retained
in different databases
Though the law on population register stipulates that the Ministry of Int...
Total registration of personal data accesses
is not implemented
National legislation contains no uniform approach to regis...
Information about national’s data users
is inaccessible
National legislation does not regulate the right of a national to ...
There is no real responsibility for illegal access
and divulgence of personal data
Though the legislation stipulates respo...
There is no uniform approach
to retention periods
National legislation does not contain uniform approach to the period of ...
It is impossible to delete personal data
by request
The "to be forgotten"principle which has been formulated in internatio...
RHRPA “Belarusian Helsinki Committee”
220036, Republic of Belarus
Minsk, Karl Liebknecht Street 68
Office 1201
Phone: +375 ...
Upcoming SlideShare
Loading in …5
×

Personal data eng

1,188 views

Published on

Protection of personal data in Belarus/ Абарона персанальных дадзеных / Защита персональных данных
Overview of the situation with the protection of personal data in Belarus.
Презентация на русском языке - http://www.slideshare.net/belhelcom/ss-43981455

Published in: Technology
  • Login to see the comments

  • Be the first to like this

Personal data eng

  1. 1. PROBLEM ISSUES IN PERSONAL DATA PROTECTION AT T H E N AT I O N A L L E V E L
  2. 2. PREPARED BY THE RHRPA "BELARUSIAN HELSINKI COMMITTEE"
  3. 3. Use and protection of personal data becomes more and more relevant issue because of development of informational technologies. Belarus is no exception. Many people know that our personal data is collected, summarized, and retained by state bodies. But not many people know which data is col- lected, how it is protected, what it is used for, and whom it is transferred to. This information will help you to fill this gap.
  4. 4. Population Register Credit Register Personal Record-Keeping United State Delict Data Bank Dactyloscopy Registration Databank Database of nationals whose right to departure was temporarily restricted Mobile networks user database retained by the Ministry of Internal Affairs retained by the Ministry of Internal Affairs retained by the Ministry of Internal Affairs retained by the Social Protection Fund retained by the National Bank retained by mobile network operators Automated Information Data System "Raschet" retained by the National Bank retained by the Ministry of Internal Affairs DATABASES UNDER REVIEW
  5. 5. Main criteria for comparison of personal data databases Whether the register of users who enter the data is kept Whether the data users are registered Whether the purpose for retaining the data is provided Whether the closed register of the collected data is provided Whether the person is enabled to learn who got access to his data Whether the responsibility for leaks is stipulated Whether reasonable retention period is provided for the data Whether the data can be deleted CRITERIA FOR COMPARISON
  6. 6. Population Register Credit Register Personal Record-Keeping United State Delict Data Bank Dactyloscopic Registration Database Database of nationals whose right to departure is temporarily restricted Mobile network users database Automated Information Data System "Raschet" Whether the register of users who enter the data is kept legislation regulates this issue no legislation regulates this issue or is too general legislation does not protect personal data Whether the closed register of the collected data is provided Whether reasonable retention period is provided for the data Whether the data users are registered Whether the person is enabled to learn who got access to his data Whether the data can be deleted Whether the purpose for retaining the data is provided Whether the responsibility for leaks is stipulated ASCERTAINED FEATURES
  7. 7. The data user is registered automatically or manually The purposes for collecting and retaining data are too general and unspecific Authorized employees are responsible for illegal provision or distribution of personal data which they learned because of their official (work) duties,even after they ceased to perform them The data is retained permanently.When a person dies,his data is filed Population Register ASCERTAINED FEATURES
  8. 8. ASCERTAINED FEATURES The insured who make payments,are registered when they access data; but the remote data access by the Ministry of Internal Affairs is not registered It can be enlarged with "other data which is needed to grant or pay a pension or an allowance" Responsibility for the leak is stipulated by the Administrative and Criminal Codes The data is retained for life,but it answers its purpose: granting and paying pensions Personal Record-Keeping
  9. 9. Credit Register ASCERTAINED FEATURES The data user is registered when the interested party files an application and with the individual's consent.No such consent is needed if the data is requested by courts, law enforcement bodies,notaries (see the list of bodies in the Bank Code) The special law stipulates no responsibility for the leak.It stipulates administrative responsibility for divulgation of trade (or other) secret (clause 22.13 of the Administrative Code) The data is retained for 15 years after the credit agreement is terminated and the debt is discharged
  10. 10. ASCERTAINED FEATURES The data is retained for 25 years after it is excluded (due to falsity) or filed (due to death or restrictions being lifted) Database of nationals whose right to departure was temporarily restricted
  11. 11. Mobile networks user database ASCERTAINED FEATURES The data is retained for not less than 5 years Data cannot be deleted
  12. 12. Automated Information Data System "Raschet" ASCERTAINED FEATURES Data is retained for 3 years Data cannot be deleted
  13. 13. United State Delict Database ASCERTAINED FEATURES The data user is registered by way of registration of the inquiry of an interested body or an official Retention period for crime data is 100 years; for delict data,it is 10 years. These periods are unreasonably long. For example,a person is not considered being held administratively liable in a year after he was called to account; there is no need to retain such data for more than 1 year.
  14. 14. ASCERTAINED FEATURES The data user is registered by way of registration of the inquiry of an interested body or an official The purposes for collecting and retaining data are too general and unspecific Dactyloscopic information is retained not less than until the person is 80 years old, or dead,or has retired or resigned Data can be deleted when the retention period is over,or when a written application is filed in case the registration was voluntary,or if the suspicions have not been confirmed Dactyloscopic Registration Database
  15. 15. Databases which retain it* full name & patronimyc identification number sex date of birth birthplace digital portrait photo citizenship place of residence death information disability, legal incapacity nearest relations marriage wardship, guardianship status of being working, unemployed, inactive tax liabilities military duty education academic degree (rank) labor activity pensions, support compulsory insurance credits electric communication service AIDS "Raschet" data departure restriction crimes and delicts data dactyloscopic information Population Register Credit Register Personal Record-Keeping Dactyloscopic Registration Database Database of nationals whose right to departure is temporarily restricted Mobile networks users database Automated Information Data System "Raschet" United State Delict Data Bank PERSONAL DATA *main databases are listed
  16. 16. Entities which enter it to these databases full name & patronimyc identification number sex date of birth birthplace digital portrait photo citizenship place of residence death information disability, legal incapacity nearest relations marriage wardship, guardianship status of being working, unemployed, inactive tax liabilities military duty education academic degree (rank) labor activity pensions, support compulsory insurance credits electric communication service AIDS "Raschet" data departure restriction crimes and delicts data dactyloscopic information Ministry of Internal Affairs Social Protection Fund State Security Committee Ministry for Emergency Situations Military registration and enlistment offices Ministry of taxation Ministry of Education Belgosstrakh Executive committees Courts Civil Registry Offices National Bank Operations and Analysis Center under the President of the Republic of Belarus Presidential Security Service Service providers Ministry of Defense Higher Attestation Commission PERSONAL DATA
  17. 17. There is no clear understanding what personal data is Personal data is retained in several databases Total registration of personal data accesses is not implemented Information about national’s data users is inaccessible There is no real responsibility for illegal access and divulgence of personal data There is no uniform approach to retention periods It is impossible to delete personal data by request MAIN CONCLUSIONS
  18. 18. Definitions stipulated by the laws on population register and on information, informatization and information security,differ in scope.The law on register contains an exhaustive definition; the law on information attributes any data that can help identify the person to it.Such non-coordination of the key definition makes uniform approach to legal regulation of this sphere impossible. MAIN CONCLUSIONS There is no clear understanding what personal data is
  19. 19. Personal data is retained in different databases Though the law on population register stipulates that the Ministry of Internal Affairs is the body responsible for the personal data databases,other bodies have their own databases with such information (National Bank retains credit histories, Social Protection Fund retains state social insurance data). MAIN CONCLUSIONS
  20. 20. Total registration of personal data accesses is not implemented National legislation contains no uniform approach to registration of the access to the personal data.The law on population register stipulates that each fact of access to the population register data should be registered online.Legislation contains no such requirement to personal data retained in other databases. MAIN CONCLUSIONS
  21. 21. Information about national’s data users is inaccessible National legislation does not regulate the right of a national to be informed about who,when and why has got access to his personal data. MAIN CONCLUSIONS
  22. 22. There is no real responsibility for illegal access and divulgence of personal data Though the legislation stipulates responsibility for the leak and illegal access to personal data,it would be extremely difficult to prove guilt of any specific official in practice as the legislation does not oblige to register each fact of access to it. MAIN CONCLUSIONS
  23. 23. There is no uniform approach to retention periods National legislation does not contain uniform approach to the period of retention of personal data.International legal regulations of the personal data protection provide necessity to limit such periods to the duration needed to achieve the purpose of the data retention; Belarusian legislation stipulates that such periods can last until the national dies. ОСНОВНЫЕ ВЫВОДЫ
  24. 24. It is impossible to delete personal data by request The "to be forgotten"principle which has been formulated in international standards,is not implemented in various personal data databases.Databases which somehow have such option have unreasonably long retention periods for personal data. ОСНОВНЫЕ ВЫВОДЫ
  25. 25. RHRPA “Belarusian Helsinki Committee” 220036, Republic of Belarus Minsk, Karl Liebknecht Street 68 Office 1201 Phone: +375 17 222-48-00 Fax: +375 17 222-48-01 Email: office@belhelcom.org BELHELCOM.ORG FACEBOOK.COM/ BELHELCOM

×