P
P
Pavel2012-01-13 17:17:53
Law in IT
Pavel, 2012-01-13 17:17:53

Personal data and SaaS

What about the subject? Who is responsible for the PD? System user or system developer? Where to read? Who has implementation experience?

Answer the question

In order to leave comments, you need to log in

2 answer(s)
V
Vladimir Chernyshev, 2012-01-14
@VolCh

The developer is not responsible for anything in the general case (well, unless he created a deliberately malicious program - then the Criminal Code). The owner of the system is responsible for everything. In view of the fact that a more or less decent SaaS belongs to the second category (identification data plus additional information) and the first volume (the Russian Federation as a whole), it belongs to the first class, which means the need not only for certification and license, but also such nonsense as protection against leakage through radiation.
Perhaps for the B2C segment there is a loophole in the phrase “in order to fulfill the contract”, but in the B2B segment our lawyer did not find such a loophole without taking written consent from the clients of our clients for the processing of PD by third parties, to which many of our potential clients do not will go ... The project had to be frozen.

S
skilledHS, 2012-01-13
@skilledHS

1) habrahabr.ru/blogs/infosecurity/107576/ (!important)
2) habrahabr.ru/blogs/personal/100372/
3) SaaS - www.slideshare.net/rit2011/saas-2?from=ss_embed

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question