Personal data categories with IT infrastructure example in compliance with Federal Law No.152
Public - personal data obtained only from publicly available personal data sources created in accordance with art. 8 of The Russian Federal Law on Personal Data (No. 152-FZ)
Biometric - information that characterizes the physiological and biological characteristics of a person on the basis of which it's possible to establish his personality and which are used by the personal data operator to identify the subject of the personal data.
Special - personal data relating to race, ethnic origin, political opinions, religious beliefs, health condition, sexual life of personal data subjects.
Other - personal data that doesn't belong to any of the above categories (public, biometric, special).
In accordance with the Federal Law "On Personal Data": Public personal data –is personal data, access to an unlimited circle of persons to which is provided by the subject of personal data or at his request. For the purpose of information support, public sources of personal data (address books, directories) can be created in which the surname, name, patronymic, year and place of birth, address, subscriber number, information about the profession and other personal data reported by the subject of personal data. Information included in these public sources should be deleted at any time from the request of the subject of personal data.
In accordance with the Federal Law "About Personal Data" (Federal Law №152): Biometric - The information system is an information system that processes biometric personal data if it processes information that characterizes the physiological and biological characteristics of a person on the basis of which it is possible to establish its identity and which are used by the operator to establish the identity of the subject of personal data, related to special categories of personal data.
In accordance with the Federal Law № 152 "About Personal Data". Special - The information system is an information system that processes special categories of personal data if it processes personal data relating to race, nationality, political views, religious or philosophical beliefs, health status, intimate life of subjects of personal data.
In accordance with the Federal Law № 152 "About personal data" Other - The information system is an information system that processes other categories of personal data, unless personal data is processed in it, except for special, biometric and publicly available personal data.
How to determine the required protection level?
Persons guilty of violating the requirements of the Federal Law 152-FZ "On Personal Data" are liable for:
• civil responsibility
• criminal responsibility (see the Criminal Code of the Russian Federation, sections.137, 140, 155, 183, 272, 273, 274, 292, 293)
• Administrative (see the Code of the Russian Federation on Administrative Offenses, sections 5.27, 5.39, 13.11-13.14, 13.19, 19.4-19.7, 19.20, 20.25, 32.2)
• Disciplinary (see the Labor Code of the Russian Federation, sections 81, 90, 195, 237, 391) and other liability provided by the legislation of the Russian Federation (see by-laws concerning work with personal data, which are published in the Russian Federation subjects, departments and organizations).
“Federal Law №152 cloud” IT infrastructure example.
Hypervisors protection by vGate
• Integrity monitoring and trusted VM boot.
• Monitoring the integrity of the modules and settings of the GIS vGate.
• Registration of security events.
• Protection from unauthorized access within the network administration.
• Control of device mounting.
• Providing a trusted software environment.